Mock Version: 1.2.17
Mock Version: 1.2.17
ENTER ['do'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --target armv7hl --nodeps /builddir/build/SPECS/nss.spec'], shell=FalseprintOutput=Falsetimeout=172800logger=<mockbuild.trace_decorator.getLog object at 0xb5ed16d0>user='mockbuild'gid=425env={'TERM': 'vt100', 'PROMPT_COMMAND': 'printf "\x1b]0;<mock-chroot>\x07<mock-chroot>"', 'HOSTNAME': 'mock', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'SHELL': '/bin/bash', 'LANG': 'en_US.UTF-8'}uid=1000chrootPath='/var/lib/mock/f25-build-5921805-615131/root')
Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --target armv7hl --nodeps /builddir/build/SPECS/nss.spec'] with env {'TERM': 'vt100', 'PROMPT_COMMAND': 'printf "\x1b]0;<mock-chroot>\x07<mock-chroot>"', 'HOSTNAME': 'mock', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'SHELL': '/bin/bash', 'LANG': 'en_US.UTF-8'} and shell False
warning: Macro %full_nss_version defined but not used within scope
warning: Could not canonicalize hostname: arm02-builder09.arm.fedoraproject.org
Building target platforms: armv7hl
Building for target armv7hl
Wrote: /builddir/build/SRPMS/nss-3.25.0-4.fc25.src.rpm
Child return code was: 0
ENTER ['do'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --target armv7hl --nodeps /builddir/build/SPECS/nss.spec'], shell=Falseuid=1000user='mockbuild'printOutput=Falsetimeout=172800gid=425env={'TERM': 'vt100', 'PROMPT_COMMAND': 'printf "\x1b]0;<mock-chroot>\x07<mock-chroot>"', 'HOSTNAME': 'mock', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'SHELL': '/bin/bash', 'LANG': 'en_US.UTF-8'}logger=<mockbuild.trace_decorator.getLog object at 0xb5ed16d0>private_network=TruechrootPath='/var/lib/mock/f25-build-5921805-615131/root')
Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --target armv7hl --nodeps /builddir/build/SPECS/nss.spec'] with env {'TERM': 'vt100', 'PROMPT_COMMAND': 'printf "\x1b]0;<mock-chroot>\x07<mock-chroot>"', 'HOSTNAME': 'mock', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'SHELL': '/bin/bash', 'LANG': 'en_US.UTF-8'} and shell False
warning: Macro %full_nss_version defined but not used within scope
Building target platforms: armv7hl
Building for target armv7hl
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.wnAVFV
+ umask 022
+ cd /builddir/build/BUILD
+ cd /builddir/build/BUILD
+ rm -rf nss-3.25.0
+ /usr/bin/tar -xof -
+ /usr/bin/gzip -dc /builddir/build/SOURCES/nss-3.25.0.tar.gz
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd nss-3.25.0
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ cd /builddir/build/BUILD
+ cd nss-3.25.0
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
Patch #2 (add-relro-linker-option.patch):
+ echo 'Patch #2 (add-relro-linker-option.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .relro --fuzz=0
patching file nss/coreconf/Linux.mk
Hunk #1 succeeded at 189 (offset 15 lines).
Patch #3 (renegotiate-transitional.patch):
+ echo 'Patch #3 (renegotiate-transitional.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .transitional --fuzz=0
patching file ./nss/lib/ssl/sslsock.c
Patch #16 (nss-539183.patch):
+ echo 'Patch #16 (nss-539183.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .539183 --fuzz=0
patching file ./nss/cmd/httpserv/httpserv.c
patching file ./nss/cmd/selfserv/selfserv.c
Hunk #1 succeeded at 1712 (offset 1 line).
Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch):
+ echo 'Patch #40 (nss-3.14.0.0-disble-ocsp-test.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .noocsptest --fuzz=0
patching file nss/tests/chains/scenarios/scenarios
Hunk #1 succeeded at 18 (offset -32 lines).
Patch #47 (utilwrap-include-templates.patch):
+ echo 'Patch #47 (utilwrap-include-templates.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .templates --fuzz=0
patching file nss/lib/nss/config.mk
Patch #49 (nss-skip-bltest-and-fipstest.patch):
+ echo 'Patch #49 (nss-skip-bltest-and-fipstest.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .skipthem --fuzz=0
patching file ./nss/cmd/Makefile
Patch #50 (iquote.patch):
+ echo 'Patch #50 (iquote.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .iquote --fuzz=0
patching file ./nss/cmd/certcgi/Makefile
patching file ./nss/cmd/certutil/Makefile
patching file ./nss/cmd/lib/Makefile
patching file ./nss/cmd/modutil/Makefile
patching file ./nss/cmd/selfserv/Makefile
patching file ./nss/cmd/ssltap/Makefile
patching file ./nss/cmd/strsclnt/Makefile
patching file ./nss/cmd/tstclnt/Makefile
patching file ./nss/cmd/vfyserv/Makefile
patching file ./nss/coreconf/location.mk
patching file ./nss/external_tests/pk11_gtest/Makefile
patching file ./nss/external_tests/ssl_gtest/Makefile
patching file ./nss/lib/certhigh/Makefile
patching file ./nss/lib/cryptohi/Makefile
patching file ./nss/lib/nss/Makefile
patching file ./nss/lib/pk11wrap/Makefile
patching file ./nss/lib/ssl/Makefile
Hunk #1 succeeded at 56 (offset 7 lines).
Patch #58 (rhbz1185708-enable-ecc-3des-ciphers-by-default.patch):
+ echo 'Patch #58 (rhbz1185708-enable-ecc-3des-ciphers-by-default.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .1185708_3des --fuzz=0
patching file ./nss/lib/ssl/ssl3con.c
~/build/BUILD/nss-3.25.0/nss ~/build/BUILD/nss-3.25.0
Patch #59 (nss-check-policy-file.patch):
+ pushd nss
+ echo 'Patch #59 (nss-check-policy-file.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix .check_policy_file --fuzz=0
patching file lib/nss/config.mk
Hunk #1 succeeded at 99 (offset 4 lines).
patching file lib/nss/nssinit.c
patching file lib/pk11wrap/pk11pars.c
patching file lib/util/utilpars.c
Hunk #1 succeeded at 1146 (offset 7 lines).
Patch #62 (nss-skip-util-gtest.patch):
+ echo 'Patch #62 (nss-skip-util-gtest.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .skip_util_gtest --fuzz=0
patching file ./external_tests/manifest.mn
Patch #63 (tests-check-policy-file.patch):
+ echo 'Patch #63 (tests-check-policy-file.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix .check_policy --fuzz=0
patching file tests/ssl/ssl.sh
Hunk #2 succeeded at 138 (offset 7 lines).
Hunk #3 succeeded at 165 (offset 7 lines).
Hunk #4 succeeded at 240 (offset 7 lines).
Hunk #5 succeeded at 300 (offset 7 lines).
Patch #64 (tests-data-adjust-for-policy.patch):
+ echo 'Patch #64 (tests-data-adjust-for-policy.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p1 -b --suffix .expected_result --fuzz=0
patching file tests/ssl/sslauth.txt
patching file tests/ssl/sslpolicy.txt
~/build/BUILD/nss-3.25.0
Patch #70 (nss-skip-ecperf.patch):
+ popd
+ echo 'Patch #70 (nss-skip-ecperf.patch):'
+ /usr/bin/patch --no-backup-if-mismatch -p0 -b --suffix .skip_ecperf --fuzz=0
patching file ./nss/cmd/manifest.mn
+ /usr/bin/cp ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
+ /usr/bin/cp ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
+ /usr/bin/cp ./nss/lib/freebl/ec.h ./nss/cmd/ecperf
+ /usr/bin/cp ./nss/lib/freebl/ecl/ecl-curve.h ./nss/cmd/ecperf
+ /usr/bin/mv ./nss/lib/util/verref.h ./nss/verref.h
+ /usr/bin/rm -rf ./nss/lib/freebl
+ /usr/bin/rm -rf ./nss/lib/softoken
+ /usr/bin/rm -rf ./nss/lib/util
+ /usr/bin/rm -rf ./nss/cmd/bltest
+ /usr/bin/rm -rf ./nss/cmd/fipstest
+ /usr/bin/rm -rf ./nss/cmd/rsaperf_low
+ /usr/bin/rm -rf ./nss/external_tests/util_gtests
+ pushd nss/tests/ssl
~/build/BUILD/nss-3.25.0/nss/tests/ssl ~/build/BUILD/nss-3.25.0
+ sed -r 's/^([^#].*EXPORT|^[^#].*MD5)/#disabled \1/'
+ cat sslauth.txt
+ cat sslcov.txt
+ sed -r 's/^([^#].*EXPORT|^[^#].*_WITH_DES_*)/#disabled \1/'
+ cat sslstress.txt
+ sed -r 's/^([^#].*EXPORT|^[^#].*with MD5)/#disabled \1/'
~/build/BUILD/nss-3.25.0
+ popd
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.Tc1YLP
+ umask 022
+ cd /builddir/build/BUILD
+ cd nss-3.25.0
+ NSS_NO_PKCS11_BYPASS=1
+ export NSS_NO_PKCS11_BYPASS
+ FREEBL_NO_DEPEND=1
+ export FREEBL_NO_DEPEND
+ export BUILD_OPT=1
+ BUILD_OPT=1
+ XCFLAGS='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard'
+ export XCFLAGS
+ PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
+ PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
+ export PKG_CONFIG_ALLOW_SYSTEM_LIBS
+ export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS
++ sed s/-I//
++ /usr/bin/pkg-config --cflags-only-I nspr
+ NSPR_INCLUDE_DIR=/usr/include/nspr4
+ NSPR_LIB_DIR=/usr/lib
+ export NSPR_INCLUDE_DIR
+ export NSPR_LIB_DIR
++ sed s/-I//
++ /usr/bin/pkg-config --cflags-only-I nss-util
+ export 'NSSUTIL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4'
+ NSSUTIL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4'
+ export NSSUTIL_LIB_DIR=/usr/lib
+ NSSUTIL_LIB_DIR=/usr/lib
++ sed s/-I//
++ /usr/bin/pkg-config --cflags-only-I nss-softokn
+ export 'FREEBL_INCLUDE_DIR=/usr/include/nss3 -I/usr/include/nspr4'
+ FREEBL_INCLUDE_DIR='/usr/include/nss3 -I/usr/include/nspr4'
+ export FREEBL_LIB_DIR=/usr/lib
+ FREEBL_LIB_DIR=/usr/lib
+ export USE_SYSTEM_FREEBL=1
+ USE_SYSTEM_FREEBL=1
+ export NSS_USE_SYSTEM_FREEBL=1
+ NSS_USE_SYSTEM_FREEBL=1
++ /usr/bin/pkg-config --libs nss-softokn
+ export 'FREEBL_LIBS=-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl'
+ FREEBL_LIBS='-L/usr/lib -lfreebl3 -lnssdbm3 -lsoftokn3 -lnssutil3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl'
+ export SOFTOKEN_LIB_DIR=/usr/lib
+ SOFTOKEN_LIB_DIR=/usr/lib
+ export USE_SYSTEM_NSSUTIL=1
+ USE_SYSTEM_NSSUTIL=1
+ export USE_SYSTEM_SOFTOKEN=1
+ USE_SYSTEM_SOFTOKEN=1
+ export NSS_BUILD_WITHOUT_SOFTOKEN=1
+ NSS_BUILD_WITHOUT_SOFTOKEN=1
+ NSS_USE_SYSTEM_SQLITE=1
+ export NSS_USE_SYSTEM_SQLITE
+ export IN_TREE_FREEBL_HEADERS_FIRST=1
+ IN_TREE_FREEBL_HEADERS_FIRST=1
+ export NSS_ECC_MORE_THAN_SUITE_B=1
+ NSS_ECC_MORE_THAN_SUITE_B=1
+ export NSS_BLTEST_NOT_AVAILABLE=1
+ NSS_BLTEST_NOT_AVAILABLE=1
+ /usr/bin/make -C ./nss/coreconf
make: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
cd nsinstall; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
make[1]: Nothing to be done for 'export'.
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
cd nsinstall; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nsinstall.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pathsub.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pathsub.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/coreconf -I../../../dist/private/coreconf -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pathsub.o  -Wl,-z,relro   -lpthread  -ldl -lc
true -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
make: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
+ /usr/bin/make -C ./nss/lib/dbm
make: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
cd include; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
Creating ../../../../dist/public/dbm
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm
Creating ../../../../dist/private/dbm
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h search.h ../../../../dist/private/dbm
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
cd src; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
make[1]: Nothing to be done for 'export'.
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
cd include; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
make[1]: Nothing to be done for 'libs'.
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
cd src; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/db.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard db.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_bigkey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard h_bigkey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_func.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard h_func.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_log2.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard h_log2.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_page.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard h_page.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard hash.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash_buf.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard hash_buf.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mktemp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard mktemp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dirent.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DSTDC_HEADERS -DHAVE_STRERROR -DHAVE_SNPRINTF -DMEMMOVE -D__DBINTERFACE_PRIVATE -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/dbm -I../../../../dist/private/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dirent.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libdbm.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libdbm.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/db.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_bigkey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_func.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_log2.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/h_page.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash_buf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mktemp.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dirent.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libdbm.a
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
make: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
+ export POLICY_FILE=nss.config
+ POLICY_FILE=nss.config
+ export POLICY_PATH=/etc/crypto-policies/back-ends
+ POLICY_PATH=/etc/crypto-policies/back-ends
+ /usr/bin/mkdir -p ./dist/private/nss
+ /usr/bin/mv ./nss/verref.h ./dist/private/nss/verref.h
+ /usr/bin/make -C ./nss
make: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss'
cd coreconf; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
cd nsinstall; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
cd nsinstall; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
true -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
cd lib; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib'
cd dbm; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
cd include; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 mcom_db.h ncompat.h winfile.h ../../../../dist/public/dbm
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 hsearch.h page.h extern.h queue.h hash.h search.h ../../../../dist/private/dbm
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
cd src; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
make[3]: Nothing to be done for 'export'.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
cd base; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/base'
Creating ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssbaset.h nssbase.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 baset.h base.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/base'
cd dev; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dev'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ckhelper.h devm.h devtm.h devt.h dev.h nssdevt.h nssdev.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dev'
cd pki; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pki'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pki.h pkit.h nsspkit.h nsspki.h pkistore.h pki3hack.h pkitm.h pkim.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pki'
cd libpkix; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix'
cd include; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
cd pkix; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd certsel; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
cd crlsel; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
cd checker; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
cd params; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
cd results; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
cd store; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
cd top; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
cd util; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
cd certsel; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
cd crlsel; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
cd checker; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
cd params; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
cd results; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
cd store; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
cd top; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
cd util; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
There are no private exports.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd pkix_pl_nss; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
cd pki; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
cd system; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
cd module; /usr/bin/make export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
cd pki; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
cd system; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
cd module; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
There are no private exports.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
cd include; /usr/bin/make private_export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix.h pkix_crlsel.h pkix_errorstrings.h pkix_results.h pkixt.h pkix_certsel.h pkix_params.h pkix_revchecker.h pkix_certstore.h pkix_pl_pki.h pkix_sample_modules.h pkix_checker.h pkix_pl_system.h pkix_util.h ../../../../dist/private/nss
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
cd pkix; /usr/bin/make private_export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd certsel; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_certselector.h pkix_comcertselparams.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
cd crlsel; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_comcrlselparams.h pkix_crlselector.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
cd checker; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_basicconstraintschecker.h pkix_certchainchecker.h pkix_crlchecker.h pkix_ekuchecker.h pkix_expirationchecker.h pkix_namechainingchecker.h pkix_nameconstraintschecker.h pkix_ocspchecker.h pkix_policychecker.h pkix_revocationmethod.h pkix_revocationchecker.h pkix_signaturechecker.h pkix_targetcertchecker.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
cd params; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_procparams.h pkix_trustanchor.h pkix_valparams.h pkix_resourcelimits.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
cd results; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_buildresult.h pkix_policynode.h pkix_valresult.h pkix_verifynode.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
cd store; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_store.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
cd top; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_build.h pkix_lifecycle.h pkix_validate.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
cd util; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_tools.h pkix_error.h pkix_logger.h pkix_list.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
There are no private exports.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd pkix_pl_nss; /usr/bin/make private_export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
cd pki; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_basicconstraints.h pkix_pl_cert.h pkix_pl_certpolicyinfo.h pkix_pl_certpolicymap.h pkix_pl_certpolicyqualifier.h pkix_pl_crl.h pkix_pl_crldp.h pkix_pl_crlentry.h pkix_pl_date.h pkix_pl_generalname.h pkix_pl_infoaccess.h pkix_pl_nameconstraints.h pkix_pl_ocsprequest.h pkix_pl_ocspresponse.h pkix_pl_publickey.h pkix_pl_x500name.h pkix_pl_ocspcertid.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
cd system; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_common.h pkix_pl_mem.h pkix_pl_object.h pkix_pl_string.h pkix_pl_primhash.h pkix_pl_bigint.h pkix_pl_mutex.h pkix_pl_bytearray.h pkix_pl_lifecycle.h pkix_pl_oid.h pkix_pl_hashtable.h pkix_pl_rwlock.h pkix_pl_monitorlock.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
cd module; /usr/bin/make private_export
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkix_pl_aiamgr.h pkix_pl_colcertstore.h pkix_pl_httpcertstore.h pkix_pl_httpdefaultclient.h pkix_pl_ldapt.h pkix_pl_ldapcertstore.h pkix_pl_ldapresponse.h pkix_pl_ldaprequest.h pkix_pl_ldapdefaultclient.h pkix_pl_nsscontext.h pkix_pl_pk11certstore.h pkix_pl_socket.h ../../../../../dist/private/nss
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
There are no private exports.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
There are no private exports.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix'
cd certdb; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certdb'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cert.h certt.h certdb.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 genname.h xconst.h certxutl.h certi.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certdb'
cd certhigh; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certhigh'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocsp.h ocspt.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ocspti.h ocspi.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certhigh'
cd pk11wrap; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pk11wrap'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmod.h secmodt.h secpkcs5.h pk11func.h pk11pub.h pk11priv.h pk11sdr.h pk11pqg.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmodi.h dev3hack.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pk11wrap'
cd cryptohi; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/cryptohi'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cryptohi.h cryptoht.h key.h keyhi.h keyt.h keythi.h sechash.h ../../../dist/public/nss
There are no private exports.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/cryptohi'
cd nss; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/nss'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nss.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssrenam.h nssoptions.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/nss'
cd ssl; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ssl'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ssl.h sslt.h sslerr.h sslproto.h preenc.h ../../../dist/public/nss
There are no private exports.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ssl'
cd pkcs7; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs7'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 secmime.h secpkcs7.h pkcs7t.h ../../../dist/public/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs7'
cd pkcs12; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs12'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 pkcs12t.h pkcs12.h p12plcy.h p12.h p12t.h ../../../dist/public/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs12'
cd smime; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/smime'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 cms.h cmst.h smime.h cmsreclist.h ../../../dist/public/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/smime'
cd crmf; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/crmf'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmf.h crmft.h cmmf.h cmmft.h ../../../dist/public/nss
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 crmfi.h crmfit.h cmmfi.h cmmfit.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/crmf'
cd jar; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/jar'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 jar.h jar-ds.h jarfile.h ../../../dist/public/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/jar'
cd ckfw; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw'
cd builtins; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssckbi.h ../../../../dist/public/nss
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 nssck.api nssckepv.h nssckft.h nssckfw.h nssckfwc.h nssckfwt.h nssckg.h nssckmdt.h nssckt.h ../../../dist/public/nss
cd builtins; /usr/bin/make private_export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
There are no private exports.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 ck.h ckfw.h ckfwm.h ckfwtm.h ckmd.h ckt.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw'
cd sysinit; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/sysinit'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/sysinit'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib'
cd cmd; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd'
cd lib; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/lib'
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 444 basicutil.h secutil.h pk11table.h ../../../dist/private/nss
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/lib'
cd shlibsign; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign'
cd mangle; /usr/bin/make export
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign/mangle'
make[3]: Nothing to be done for 'export'.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign/mangle'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign'
cd addbuiltin; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/addbuiltin'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/addbuiltin'
cd atob; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/atob'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/atob'
cd btoa; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/btoa'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/btoa'
cd certcgi; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certcgi'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certcgi'
cd certutil; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certutil'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certutil'
cd chktest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/chktest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/chktest'
cd crlutil; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crlutil'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crlutil'
cd crmftest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crmftest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crmftest'
cd dbtest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/dbtest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/dbtest'
cd derdump; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/derdump'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/derdump'
cd digest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/digest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/digest'
cd httpserv; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/httpserv'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/httpserv'
cd listsuites; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/listsuites'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/listsuites'
cd makepqg; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/makepqg'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/makepqg'
cd multinit; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/multinit'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/multinit'
cd ocspclnt; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspclnt'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspclnt'
cd ocspresp; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspresp'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspresp'
cd oidcalc; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/oidcalc'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/oidcalc'
cd p7content; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7content'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7content'
cd p7env; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7env'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7env'
cd p7sign; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7sign'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7sign'
cd p7verify; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7verify'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7verify'
cd pk12util; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk12util'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk12util'
cd pk11gcmtest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11gcmtest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11gcmtest'
cd pk11mode; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11mode'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11mode'
cd pk1sign; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk1sign'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk1sign'
cd pkix-errcodes; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pkix-errcodes'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pkix-errcodes'
cd pp; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pp'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pp'
cd pwdecrypt; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pwdecrypt'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pwdecrypt'
cd rsaperf; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/rsaperf'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/rsaperf'
cd sdrtest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/sdrtest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/sdrtest'
cd selfserv; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/selfserv'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/selfserv'
cd signtool; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signtool'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signtool'
cd signver; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signver'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signver'
cd smimetools; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/smimetools'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/smimetools'
cd ssltap; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ssltap'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ssltap'
cd strsclnt; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/strsclnt'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/strsclnt'
cd symkeyutil; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/symkeyutil'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/symkeyutil'
cd tests; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tests'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tests'
cd tstclnt; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tstclnt'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tstclnt'
cd vfychain; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfychain'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfychain'
cd vfyserv; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfyserv'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfyserv'
cd modutil; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/modutil'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/modutil'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd'
cd external_tests; /usr/bin/make export
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests'
cd google_test; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/google_test'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/google_test'
cd common; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/common'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/common'
cd der_gtest; /usr/bin/make export
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/der_gtest'
make[2]: Nothing to be done for 'export'.
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/der_gtest'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests'
cd coreconf; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
cd nsinstall; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
true -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf/nsinstall'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/coreconf'
cd lib; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib'
cd dbm; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
cd include; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
make[3]: Nothing to be done for 'libs'.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/include'
cd src; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libdbm.a ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm/src'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dbm'
cd base; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/base'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/arena.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard arena.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/error.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard error.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/errorval.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard errorval.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hashops.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard hashops.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libc.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard libc.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tracker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard tracker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/item.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard item.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utf8.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard utf8.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard list.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard hash.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssb.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssb.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/arena.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/error.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/errorval.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hashops.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libc.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tracker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/item.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utf8.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/list.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssb.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssb.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/base'
cd dev; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dev'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devslot.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard devslot.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devtoken.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard devtoken.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard devutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ckhelper.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ckhelper.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssdev.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssdev.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devslot.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devtoken.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ckhelper.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssdev.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssdev.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/dev'
cd pki; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pki'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/asymmkey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard asymmkey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certificate.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certificate.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cryptocontext.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cryptocontext.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symmkey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard symmkey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/trustdomain.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard trustdomain.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tdcache.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard tdcache.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdecode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certdecode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkistore.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkistore.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkibase.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkibase.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pki3hack.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pki3hack.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsspki.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsspki.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/asymmkey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certificate.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cryptocontext.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symmkey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/trustdomain.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tdcache.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdecode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkistore.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkibase.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pki3hack.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsspki.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsspki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pki'
cd libpkix; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix'
cd include; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
make[3]: Nothing to be done for 'libs'.
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/include'
cd pkix; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd certsel; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certselector.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_certselector.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_comcertselparams.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcertsel.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcertsel.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certselector.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcertsel.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcertsel.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/certsel'
cd crlsel; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlselector.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_crlselector.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_comcrlselparams.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcrlsel.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcrlsel.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlselector.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcrlsel.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixcrlsel.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/crlsel'
cd checker; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_basicconstraintschecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_certchainchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_crlchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_ekuchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_expirationchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_namechainingchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_nameconstraintschecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_ocspchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_revocationmethod.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_revocationchecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policychecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_policychecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_signaturechecker.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_targetcertchecker.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixchecker.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixchecker.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policychecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixchecker.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixchecker.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/checker'
cd params; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_trustanchor.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_trustanchor.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_procparams.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_procparams.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valparams.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_valparams.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_resourcelimits.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixparams.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixparams.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_trustanchor.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_procparams.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valparams.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixparams.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixparams.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/params'
cd results; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_buildresult.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_buildresult.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policynode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_policynode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valresult.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_valresult.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_verifynode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_verifynode.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixresults.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixresults.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_buildresult.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policynode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valresult.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_verifynode.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixresults.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixresults.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/results'
cd store; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_store.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_store.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixstore.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixstore.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_store.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixstore.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixstore.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/store'
cd top; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_validate.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_validate.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_lifecycle.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_lifecycle.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_build.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_build.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixtop.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixtop.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_validate.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_lifecycle.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_build.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixtop.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixtop.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/top'
cd util; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_tools.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_tools.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_error.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_error.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_logger.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_logger.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_list.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_list.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_errpaths.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_errpaths.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixutil.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixutil.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_tools.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_error.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_logger.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_list.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_errpaths.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixutil.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixutil.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix/util'
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix'
cd pkix_pl_nss; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
cd pki; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_basicconstraints.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_cert.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_cert.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_certpolicyinfo.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_certpolicymap.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_certpolicyqualifier.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crl.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_crl.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_crldp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_crlentry.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_date.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_date.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_generalname.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_infoaccess.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_nameconstraints.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ocsprequest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ocspresponse.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_publickey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_x500name.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ocspcertid.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixpki.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixpki.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_cert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crl.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_date.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixpki.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixpki.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/pki'
cd system; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_bigint.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_bytearray.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_common.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_common.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_error.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_error.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_hashtable.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_lifecycle.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mem.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_mem.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_monitorlock.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_mutex.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_object.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_object.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_oid.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_oid.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_primhash.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_rwlock.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_string.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_string.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixsystem.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixsystem.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_common.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_error.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mem.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_object.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_oid.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_string.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixsystem.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixsystem.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/system'
cd module; /usr/bin/make libs
make[4]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_aiamgr.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_colcertstore.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_httpcertstore.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_httpdefaultclient.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ldaptemplates.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ldapcertstore.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ldapresponse.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ldaprequest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_ldapdefaultclient.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_nsscontext.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_pk11certstore.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_socket.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../../dist/public/nss -I../../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix_pl_socket.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixmodule.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixmodule.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_socket.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixmodule.a
../../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkixmodule.a ../../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[4]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss/module'
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix/pkix_pl_nss'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/libpkix'
cd certdb; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certdb'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/alg1485.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard alg1485.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdb.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certdb.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certv3.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certv3.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certxutl.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certxutl.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crl.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crl.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/genname.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard genname.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/stanpcertdb.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard stanpcertdb.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/polcyxtn.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard polcyxtn.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secname.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secname.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xauthkid.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard xauthkid.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xbsconst.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard xbsconst.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xconst.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard xconst.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcertdb.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcertdb.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/alg1485.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdb.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certv3.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certxutl.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crl.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/genname.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/stanpcertdb.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/polcyxtn.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secname.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xauthkid.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xbsconst.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xconst.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcertdb.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcertdb.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certdb'
cd certhigh; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certhigh'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhtml.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certhtml.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certreq.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certreq.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlv2.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crlv2.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocsp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ocsp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspsig.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ocspsig.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhigh.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certhigh.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfy.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certvfy.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfypkix.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certvfypkix.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xcrldist.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard xcrldist.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcerthi.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcerthi.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhtml.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certreq.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlv2.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocsp.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspsig.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhigh.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfy.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfypkix.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xcrldist.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcerthi.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcerthi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/certhigh'
cd pk11wrap; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pk11wrap'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dev3hack.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dev3hack.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11akey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11akey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11auth.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11auth.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cert.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11cert.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cxt.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11cxt.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11err.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11err.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11kea.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11kea.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11list.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11list.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11load.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11load.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mech.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11mech.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11merge.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11merge.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11nobj.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11nobj.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11obj.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11obj.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pars.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11pars.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pbe.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11pbe.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pk12.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11pk12.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pqg.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11pqg.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11sdr.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11sdr.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11skey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11skey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11slot.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11slot.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11util.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -DSHLIB_VERSION=\"3\" -DSOFTOKEN_SHLIB_VERSION=\"3\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11util.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpk11wrap.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpk11wrap.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dev3hack.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11akey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11auth.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cxt.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11err.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11kea.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11list.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11load.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mech.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11merge.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11nobj.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11obj.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pars.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pbe.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pk12.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pqg.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11sdr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11skey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11slot.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11util.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpk11wrap.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpk11wrap.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pk11wrap'
cd cryptohi; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/cryptohi'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sechash.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sechash.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/seckey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard seckey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secsign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secsign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secvfy.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secvfy.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dsautil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dsautil.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcryptohi.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcryptohi.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sechash.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/seckey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secsign.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secvfy.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dsautil.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcryptohi.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcryptohi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/cryptohi'
cd nss; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/nss'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssinit.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DPOLICY_FILE=\"nss.config\" -DPOLICY_PATH=\"/etc/crypto-policies/back-ends\" -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nssinit.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssoptions.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DPOLICY_FILE=\"nss.config\" -DPOLICY_PATH=\"/etc/crypto-policies/back-ends\" -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nssoptions.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssver.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DPOLICY_FILE=\"nss.config\" -DPOLICY_PATH=\"/etc/crypto-policies/back-ends\" -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nssver.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utilwrap.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DPOLICY_FILE=\"nss.config\" -DPOLICY_PATH=\"/etc/crypto-policies/back-ends\" -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I/usr/include/nss3/templates -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard utilwrap.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssinit.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssoptions.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utilwrap.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss.a
grep -v ';-' nss.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nss.def
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss3.so
gcc -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnss3.so  -Wl,--version-script,Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nss.def -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss3.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssinit.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssoptions.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utilwrap.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhtml.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certreq.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlv2.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocsp.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspsig.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certhigh.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfy.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certvfypkix.o ../certhigh/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xcrldist.o ../cryptohi/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sechash.o ../cryptohi/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/seckey.o ../cryptohi/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secsign.o ../cryptohi/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secvfy.o ../cryptohi/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dsautil.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dev3hack.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11akey.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11auth.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cert.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11cxt.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11err.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11kea.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11list.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11load.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mech.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11merge.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11nobj.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11obj.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pars.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pbe.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pk12.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11pqg.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11sdr.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11skey.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11slot.o ../pk11wrap/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11util.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/alg1485.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdb.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certv3.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certxutl.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crl.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/genname.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/stanpcertdb.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/polcyxtn.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secname.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xauthkid.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xbsconst.o ../certdb/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/xconst.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/asymmkey.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certificate.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cryptocontext.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symmkey.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/trustdomain.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tdcache.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdecode.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkistore.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkibase.o ../pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pki3hack.o ../dev/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devslot.o ../dev/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devtoken.o ../dev/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/devutil.o ../dev/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ckhelper.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/arena.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/error.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/errorval.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hashops.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libc.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tracker.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/item.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/utf8.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/list.o ../base/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o ../libpkix/pkix/certsel/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certselector.o ../libpkix/pkix/certsel/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcertselparams.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_basicconstraintschecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_certchainchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ekuchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_expirationchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_namechainingchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_nameconstraintschecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_ocspchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationmethod.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_revocationchecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policychecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_signaturechecker.o ../libpkix/pkix/checker/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_targetcertchecker.o ../libpkix/pkix/params/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_trustanchor.o ../libpkix/pkix/params/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_procparams.o ../libpkix/pkix/params/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valparams.o ../libpkix/pkix/params/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_resourcelimits.o ../libpkix/pkix/results/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_buildresult.o ../libpkix/pkix/results/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_policynode.o ../libpkix/pkix/results/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_valresult.o ../libpkix/pkix/results/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_verifynode.o ../libpkix/pkix/top/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_validate.o ../libpkix/pkix/top/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_lifecycle.o ../libpkix/pkix/top/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_build.o ../libpkix/pkix/util/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_tools.o ../libpkix/pkix/util/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_error.o ../libpkix/pkix/util/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_logger.o ../libpkix/pkix/util/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_list.o ../libpkix/pkix/util/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_errpaths.o ../libpkix/pkix/crlsel/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_crlselector.o ../libpkix/pkix/crlsel/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_comcrlselparams.o ../libpkix/pkix/store/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_store.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_basicconstraints.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_cert.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyinfo.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicymap.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_certpolicyqualifier.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crl.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crldp.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_crlentry.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_date.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_generalname.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_infoaccess.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nameconstraints.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocsprequest.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspresponse.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_publickey.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_x500name.o ../libpkix/pkix_pl_nss/pki/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ocspcertid.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bigint.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_bytearray.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_common.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_error.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_hashtable.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_lifecycle.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mem.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_monitorlock.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_mutex.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_object.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_oid.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_primhash.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_rwlock.o ../libpkix/pkix_pl_nss/system/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_string.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_aiamgr.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_colcertstore.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpcertstore.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_httpdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaptemplates.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapcertstore.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapresponse.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldaprequest.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_ldapdefaultclient.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_nsscontext.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_pk11certstore.o ../libpkix/pkix_pl_nss/module/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix_pl_socket.o   -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss3.so
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnss3.so ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/nss'
cd ssl; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ssl'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derive.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard derive.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dtlscon.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dtlscon.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/prelib.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard prelib.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3con.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssl3con.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3gthr.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssl3gthr.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslauth.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslauth.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcon.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslcon.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssldef.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssldef.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslenum.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslenum.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerr.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslerr.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerrstrs.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslerrstrs.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinit.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslinit.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ext.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssl3ext.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslmutex.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslmutex.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslnonce.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslnonce.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslreveal.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslreveal.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsecur.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslsecur.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsnce.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslsnce.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsock.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslsock.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltrace.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssltrace.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslver.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslver.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/authcert.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard authcert.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmpcert.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmpcert.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinfo.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslinfo.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ecc.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssl3ecc.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13con.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard tls13con.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13hkdf.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard tls13hkdf.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcert.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sslcert.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/unix_err.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNO_PKCS11_BYPASS -DNSS_SSL_ENABLE_ZLIB -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard unix_err.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derive.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dtlscon.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/prelib.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3con.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslauth.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcon.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssldef.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslenum.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinit.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ext.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslmutex.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslnonce.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslreveal.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsecur.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsnce.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsock.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltrace.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/authcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmpcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13con.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13hkdf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/unix_err.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl.a
grep -v ';-' ssl.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl.def
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl3.so
gcc -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libssl3.so  -Wl,--version-script,Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl.def -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl3.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derive.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dtlscon.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/prelib.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3con.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3gthr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslauth.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcon.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssldef.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslenum.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslerrstrs.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinit.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ext.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslmutex.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslnonce.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslreveal.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsecur.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsnce.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslsock.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltrace.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/authcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmpcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssl3ecc.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13con.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tls13hkdf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sslcert.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/unix_err.o    -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc -lz
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl3.so
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libssl3.so ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ssl'
cd pkcs7; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs7'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certread.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certread.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7common.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7common.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7create.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7create.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7decode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7decode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7encode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7encode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7local.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7local.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmime.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secmime.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs7.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs7.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certread.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7common.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7create.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7decode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7encode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7local.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmime.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs7.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs7.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs7'
cd pkcs12; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs12'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12local.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12local.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12creat.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12creat.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12dec.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12dec.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12plcy.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12plcy.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12tmpl.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12tmpl.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12e.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12e.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12d.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p12d.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs12.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs12.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12local.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12creat.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12dec.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12plcy.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12tmpl.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12e.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12d.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs12.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libpkcs12.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/pkcs12'
cd smime; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/smime'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsarray.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsarray.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsasn1.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsasn1.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsattr.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsattr.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscinfo.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmscinfo.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscipher.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmscipher.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdecode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsdecode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigdata.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsdigdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsdigest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencdata.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsencdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsencode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsenvdata.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsenvdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsmessage.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsmessage.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmspubkey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmspubkey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsrecinfo.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsrecinfo.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsreclist.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsreclist.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssigdata.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmssigdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssiginfo.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmssiginfo.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsudf.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsudf.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimemessage.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard smimemessage.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimeutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard smimeutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimever.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard smimever.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsarray.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsasn1.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsattr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscipher.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdecode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigest.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsmessage.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmspubkey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsreclist.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssigdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsudf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimemessage.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimeutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimever.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime.a
grep -v ';-' smime.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smime.def
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime3.so
gcc -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libsmime3.so  -Wl,--version-script,Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smime.def -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime3.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsarray.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsasn1.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsattr.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmscipher.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdecode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsdigest.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsencode.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsenvdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsmessage.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmspubkey.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsrecinfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsreclist.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssigdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmssiginfo.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsudf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimemessage.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimeutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/smimever.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12local.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12creat.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12dec.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12plcy.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12tmpl.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12e.o ../pkcs12/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p12d.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certread.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7common.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7create.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7decode.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7encode.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7local.o ../pkcs7/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmime.o   -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime3.so
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsmime3.so ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/smime'
cd crmf; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/crmf'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfenc.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfenc.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmftmpl.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmftmpl.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfreq.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfreq.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfpop.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfpop.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfdec.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfdec.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfget.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfget.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfcont.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crmfcont.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfasn1.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmmfasn1.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfresp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmmfresp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfrec.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmmfrec.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfchal.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmmfchal.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/servget.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard servget.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard encutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/respcli.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard respcli.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/respcmn.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard respcmn.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/challcli.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard challcli.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/asn1cmn.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard asn1cmn.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcrmf.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcrmf.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfenc.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmftmpl.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfreq.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfpop.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfdec.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfget.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmfcont.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfasn1.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfresp.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfrec.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmmfchal.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/servget.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/respcli.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/respcmn.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/challcli.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/asn1cmn.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcrmf.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libcrmf.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/crmf'
cd jar; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/jar'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarver.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jarver.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarsign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jarsign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jar.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jar.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jar-ds.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jar-ds.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarfile.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jarfile.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarint.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DMOZILLA_CLIENT=1 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard jarint.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libjar.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libjar.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarsign.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jar.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jar-ds.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarfile.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/jarint.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libjar.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libjar.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/jar'
cd ckfw; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crypto.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crypto.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/find.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard find.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard hash.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/instance.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard instance.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mutex.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard mutex.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/object.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard object.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/session.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard session.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sessobj.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sessobj.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/slot.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard slot.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/token.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard token.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/wrap.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard wrap.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mechanism.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard mechanism.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckfw.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckfw.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crypto.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/find.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/hash.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/instance.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mutex.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/object.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/session.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sessobj.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/slot.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/token.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/wrap.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mechanism.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckfw.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckfw.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
cd builtins; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/anchor.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard anchor.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/constants.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard constants.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bfind.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard bfind.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/binst.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard binst.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bobject.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard bobject.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bsession.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard bsession.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bslot.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard bslot.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoken.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard btoken.c
perl certdata.perl < certdata.txt > Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdata.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdata.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ckbiver.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -I../../../../dist/public/nspr -I. -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ckbiver.c
grep -v ';-' nssckbi.def | sed -e 's,;+,,' -e 's; DATA ;;' -e 's,;;,,' -e 's,;.*,;,' > Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssckbi.def
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckbi.so
gcc -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnssckbi.so  -Wl,--version-script,Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nssckbi.def -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckbi.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/anchor.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/constants.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bfind.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/binst.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bobject.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bsession.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bslot.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoken.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certdata.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ckbiver.o   ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a  -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckbi.so
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnssckbi.so ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw/builtins'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/ckfw'
cd sysinit; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/sysinit'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsssysinit.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nsssysinit.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsssysinit.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.a
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.so
gcc -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro -Wl,-soname -Wl,libnsssysinit.so  -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsssysinit.o    -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.so
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libnsssysinit.so ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib/sysinit'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/lib'
cd cmd; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd'
cd lib; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/lib'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/basicutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard basicutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secpwd.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secpwd.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derprint.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard derprint.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/moreoids.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard moreoids.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pppolicy.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pppolicy.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ffs.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ffs.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11table.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11table.c
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsectool.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsectool.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/basicutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secpwd.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derprint.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/moreoids.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pppolicy.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ffs.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11table.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsectool.a
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libsectool.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/lib'
cd shlibsign; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/shlibsign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard shlibsign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/shlibsign -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/shlibsign.o  -Wl,-z,relro  -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/shlibsign ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
cd mangle; /usr/bin/make libs
make[3]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign/mangle'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mangle.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard mangle.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mangle -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DSHLIB_SUFFIX=\"so\" -DSHLIB_PREFIX=\"lib\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../../dist/public/nss -I../../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mangle.o  -Wl,-z,relro  -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/mangle ../../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[3]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign/mangle'
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/shlibsign'
cd addbuiltin; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/addbuiltin'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/addbuiltin.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard addbuiltin.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/addbuiltin -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/addbuiltin.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/addbuiltin ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/addbuiltin'
cd atob; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/atob'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/atob.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard atob.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/atob -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/atob.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/atob ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/atob'
cd btoa; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/btoa'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoa.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard btoa.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoa -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoa.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/btoa ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/btoa'
cd certcgi; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certcgi'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certcgi.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certcgi.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certcgi -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certcgi.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a   ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a  /usr/lib/libfreebl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a   /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3  -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certcgi ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certcgi'
cd certutil; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certutil'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certext.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certext.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/keystuff.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard keystuff.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certutil -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certext.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/keystuff.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certutil ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/certutil'
cd chktest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/chktest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/chktest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard chktest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/chktest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/chktest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a   ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a  /usr/lib/libfreebl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a   /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3  -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/chktest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/chktest'
cd crlutil; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crlutil'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlgen_lex.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crlgen_lex.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlgen.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crlgen.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard crlutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlutil -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlgen_lex.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlgen.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlutil.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crlutil ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crlutil'
cd crmftest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crmftest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/testcrmf.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard testcrmf.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmftest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/testcrmf.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/crmftest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/crmftest'
cd dbtest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/dbtest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dbtest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dbtest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dbtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dbtest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dbtest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/dbtest'
cd derdump; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/derdump'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derdump.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard derdump.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derdump -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derdump.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/derdump ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/derdump'
cd digest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/digest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/digest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard digest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/digest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/digest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/digest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/digest'
cd httpserv; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/httpserv'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/httpserv.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard httpserv.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/httpserv -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/httpserv.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/httpserv ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/httpserv'
cd listsuites; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/listsuites'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/listsuites.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard listsuites.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/listsuites -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/listsuites.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/listsuites ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/listsuites'
cd makepqg; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/makepqg'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/makepqg.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard makepqg.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/makepqg -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/makepqg.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/makepqg ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/makepqg'
cd multinit; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/multinit'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/multinit.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard multinit.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/multinit -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/multinit.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/multinit ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/multinit'
cd ocspclnt; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspclnt'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspclnt.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ocspclnt.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspclnt -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspclnt.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspclnt ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspclnt'
cd ocspresp; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspresp'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspresp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ocspresp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspresp -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspresp.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ocspresp ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ocspresp'
cd oidcalc; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/oidcalc'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/oidcalc.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard oidcalc.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/oidcalc -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/oidcalc.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/oidcalc ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/oidcalc'
cd p7content; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7content'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7content.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7content.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7content -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7content.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7content ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7content'
cd p7env; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7env'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7env.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7env.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7env -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7env.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7env ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7env'
cd p7sign; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7sign'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7sign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7sign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7sign -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7sign.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7sign ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7sign'
cd p7verify; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7verify'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7verify.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard p7verify.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7verify -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7verify.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/p7verify ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/p7verify'
cd pk12util; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk12util'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk12util.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk12util.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk12util -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk12util.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk12util ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk12util'
cd pk11gcmtest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11gcmtest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11gcmtest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11gcmtest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11gcmtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11gcmtest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11gcmtest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11gcmtest'
cd pk11mode; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11mode'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mode.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11mode.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mode -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mode.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11mode ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk11mode'
cd pk1sign; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk1sign'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk1sign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk1sign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk1sign -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk1sign.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk1sign ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pk1sign'
cd pkix-errcodes; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pkix-errcodes'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix-errcodes.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pkix-errcodes.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix-errcodes -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix-errcodes.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pkix-errcodes ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pkix-errcodes'
cd pp; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pp'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pp.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pp.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pp -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pp.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pp ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pp'
cd pwdecrypt; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pwdecrypt'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pwdecrypt.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pwdecrypt.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pwdecrypt -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pwdecrypt.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pwdecrypt ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/pwdecrypt'
cd rsaperf; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/rsaperf'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/rsaperf.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard rsaperf.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/defkey.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard defkey.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/rsaperf -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -DNSS_USE_STATIC_LIBS -I../../nss/lib/softoken -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/rsaperf.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/defkey.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a   ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a  /usr/lib/libfreebl.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a  ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a   /usr/lib/libfreebl.a -L/usr/lib -lsoftokn3  -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lsqlite3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/rsaperf ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/rsaperf'
cd sdrtest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/sdrtest'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sdrtest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sdrtest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sdrtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sdrtest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sdrtest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/sdrtest'
cd selfserv; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/selfserv'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/selfserv.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard selfserv.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/selfserv -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/selfserv.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/selfserv ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/selfserv'
cd signtool; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signtool'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signtool.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard signtool.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certgen.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard certgen.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/javascript.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard javascript.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/list.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard list.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sign.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard sign.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/util.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard util.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/verify.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard verify.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/zip.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard zip.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signtool -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signtool.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/certgen.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/javascript.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/list.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/sign.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/util.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/verify.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/zip.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc -lz
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signtool ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signtool'
cd signver; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signver'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signver.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard signver.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk7print.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk7print.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signver -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signver.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk7print.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/signver ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/signver'
cd smimetools; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/smimetools'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard cmsutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/cmsutil ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/smimetools'
cd ssltap; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ssltap'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltap.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard ssltap.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltap -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltap.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/ssltap ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/ssltap'
cd strsclnt; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/strsclnt'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/strsclnt.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard strsclnt.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/strsclnt -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/strsclnt.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/strsclnt ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/strsclnt'
cd symkeyutil; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/symkeyutil'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symkeyutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard symkeyutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symkeyutil -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss  -I../../../dist/private/nss  -I../../../dist/public/dbm -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symkeyutil.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/symkeyutil ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/symkeyutil'
cd tests; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tests'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/baddbdir.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard baddbdir.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/baddbdir -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/baddbdir.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/conflict.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard conflict.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/conflict -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/conflict.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dertimetest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard dertimetest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dertimetest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dertimetest.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encodeinttest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard encodeinttest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encodeinttest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encodeinttest.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nonspr10.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard nonspr10.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nonspr10 -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nonspr10.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/remtest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard remtest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/remtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/remtest.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmodtest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard secmodtest.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmodtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmodtest.o \
 -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/baddbdir Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/conflict Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/dertimetest Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/encodeinttest Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nonspr10 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/remtest Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/secmodtest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tests'
cd tstclnt; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tstclnt'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tstclnt.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard tstclnt.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tstclnt -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tstclnt.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/tstclnt ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/tstclnt'
cd vfychain; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfychain'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfychain.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard vfychain.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfychain -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfychain.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfychain ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfychain'
cd vfyserv; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfyserv'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyserv.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard vfyserv.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard vfyutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyserv -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DDLL_PREFIX=\"lib\" -DDLL_SUFFIX=\"so\" -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/seccmd -I../../../dist/public/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../private/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyserv.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyutil.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/vfyserv ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/vfyserv'
cd modutil; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/modutil'
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/modutil.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard modutil.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard pk11.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/instsec.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard instsec.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/install.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard install.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/installparse.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard installparse.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/install-ds.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard install-ds.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard lex.Pk11Install_yy.c
gcc -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/modutil -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -DXP_UNIX -DNSPR20 -DYY_NO_UNPUT -DYY_NO_INPUT -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/sectools -I../../../dist/private/sectools -I../../../dist/public/seccmd -I../../../dist/public/nss -I../../../dist/public/dbm -I../../../dist/private/seccmd -I../../../dist/private/nss -I../../../dist/private/dbm -iquote ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/../public/nss -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/modutil.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/pk11.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/instsec.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/install.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/installparse.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/install-ds.o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lex.Pk11Install_yy.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc -lz
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/modutil ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd/modutil'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/cmd'
cd external_tests; /usr/bin/make libs
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests'
cd google_test; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/google_test'
if test ! -d Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src; then rm -rf Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src; ../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -D Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src; fi
g++ -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src/gtest-all.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -Wsign-compare -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -Igtest/include/ -Igtest -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/gtest -I../../../dist/private/gtest -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard -std=c++0x gtest/src/gtest-all.cc
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest.a
ar cr Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest.a Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src/gtest-all.o
ranlib Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest.a
rm -f Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest1.so
g++ -shared  -Wl,--gc-sections -Wl,-z,defs -Wl,-z,relro  -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest1.so Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtest/src/gtest-all.o   ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
chmod +x Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest1.so
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 664 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/libgtest1.so ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/google_test'
cd common; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/common'
if test ! -d Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; then rm -rf Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; ../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -D Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; fi
g++ -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtests.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -Wsign-compare -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I../../external_tests/google_test/gtest/include -I../../external_tests/common -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/gtest -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard -std=c++0x gtests.cc
g++ -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtests -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -Wsign-compare -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I../../external_tests/google_test/gtest/include -I../../external_tests/common -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/gtest -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtests.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtests ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/common'
cd der_gtest; /usr/bin/make libs
make[2]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/der_gtest'
if test ! -d Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; then rm -rf Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; ../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -D Linux4.4_arm_cc_glibc_PTH_OPT.OBJ; fi
g++ -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/der_getint_unittest.o -c -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -Wsign-compare -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I../../external_tests/google_test/gtest/include -I../../external_tests/common -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -I../../../dist/public/nss -I../../../dist/public/libdbm -I../../../dist/public/gtest -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard -std=c++0x der_getint_unittest.cc
g++ -o Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/der_gtest -O2 -fPIC -DLINUX2_1  -pipe -ffunction-sections -fdata-sections -DLINUX -Dlinux -DHAVE_STRERROR -Wall -Werror -Wsign-compare -DXP_UNIX -UDEBUG -DNDEBUG -D_REENTRANT -DNSS_ECC_MORE_THAN_SUITE_B -DNSS_NO_INIT_SUPPORT -DUSE_UTIL_DIRECTLY -DNO_NSPR_10_SUPPORT -DSSL_DISABLE_DEPRECATED_CIPHER_SUITE_NAMES -DNO_PKCS11_BYPASS -I../../external_tests/google_test/gtest/include -I../../external_tests/common -I/usr/include/nspr4 -I/usr/include/nss3 -I/usr/include/nspr4 -I../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/include -I../../../dist/public/nss -I../../../dist/private/nss -I../../../dist/public/nspr -I../../../dist/public/nss -I../../../dist/public/libdbm -I../../../dist/public/gtest -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16  -mfloat-abi=hard Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/der_getint_unittest.o  -Wl,-z,relro ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a  ../common/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/gtests.o ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a  /usr/lib/libfreebl.a -L../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib -lssl3 -lsmime3 -lnss3 -L/usr/lib -lnssutil3 -L/usr/lib -lplc4 -lplds4 -lnspr4  -L/usr/lib -lsoftokn3 -lpthread  -ldl -lc
../../coreconf/nsinstall/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/nsinstall -R -m 775 Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/der_gtest ../../../dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
make[2]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests/der_gtest'
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/external_tests'
make: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss'
+ unset NSS_BLTEST_NOT_AVAILABLE
~/build/BUILD/nss-3.25.0/nss ~/build/BUILD/nss-3.25.0
+ pushd ./nss
+ /usr/bin/make clean_docs build_docs
/usr/bin/make -C ./doc clean
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/doc'
rm -f date.xml version.xml *.tar.bz2
rm -f html/*.proc
rm -fr nss-man ascii
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/doc'
/usr/bin/make -C ./doc
make[1]: Entering directory '/builddir/build/BUILD/nss-3.25.0/nss/doc'
date +"%e %B %Y" | tr -d '\n' > date.xml
echo -n  > version.xml
mkdir -p html
mkdir -p nroff
make[1]: Leaving directory '/builddir/build/BUILD/nss-3.25.0/nss/doc'
+ popd
~/build/BUILD/nss-3.25.0
+ /usr/bin/mkdir -p ./dist/docs/nroff
+ /usr/bin/cp ./nss/doc/nroff/certutil.1 ./nss/doc/nroff/cmsutil.1 ./nss/doc/nroff/crlutil.1 ./nss/doc/nroff/derdump.1 ./nss/doc/nroff/modutil.1 ./nss/doc/nroff/pk12util.1 ./nss/doc/nroff/pp.1 ./nss/doc/nroff/signtool.1 ./nss/doc/nroff/signver.1 ./nss/doc/nroff/ssltap.1 ./nss/doc/nroff/vfychain.1 ./nss/doc/nroff/vfyserv.1 ./dist/docs/nroff
+ /usr/bin/mkdir -p ./dist/pkgconfig
+ /usr/bin/cat /builddir/build/SOURCES/nss.pc.in
+ sed -e s,%libdir%,/usr/lib,g -e s,%prefix%,/usr,g -e s,%exec_prefix%,/usr,g -e s,%includedir%,/usr/include/nss3,g -e s,%NSS_VERSION%,3.25.0,g -e s,%NSPR_VERSION%,4.12.0,g -e s,%NSSUTIL_VERSION%,3.25.0,g -e s,%SOFTOKEN_VERSION%,3.25.0,g
++ cat nss/lib/nss/nss.h
++ grep '#define.*NSS_VMAJOR'
++ awk '{print $3}'
+ NSS_VMAJOR=3
++ cat nss/lib/nss/nss.h
++ grep '#define.*NSS_VMINOR'
++ awk '{print $3}'
+ NSS_VMINOR=25
++ cat nss/lib/nss/nss.h
++ grep '#define.*NSS_VPATCH'
++ awk '{print $3}'
+ NSS_VPATCH=0
+ export NSS_VMAJOR
+ export NSS_VMINOR
+ export NSS_VPATCH
+ /usr/bin/cat /builddir/build/SOURCES/nss-config.in
+ sed -e s,@libdir@,/usr/lib,g -e s,@prefix@,/usr,g -e s,@exec_prefix@,/usr,g -e s,@includedir@,/usr/include/nss3,g -e s,@MOD_MAJOR_VERSION@,3,g -e s,@MOD_MINOR_VERSION@,25,g -e s,@MOD_PATCH_VERSION@,0,g
+ chmod 755 ./dist/pkgconfig/nss-config
+ /usr/bin/cat /builddir/build/SOURCES/setup-nsssysinit.sh
+ chmod 755 ./dist/pkgconfig/setup-nsssysinit.sh
+ /usr/bin/cp ./nss/lib/ckfw/nssck.api ./dist/private/nss/
+ date '+%e %B %Y'
+ tr -d '\n'
+ echo -n 3.25.0
+ for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml
+ cp /builddir/build/SOURCES/nss-config.xml .
+ for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml
+ cp /builddir/build/SOURCES/setup-nsssysinit.xml .
+ for m in /builddir/build/SOURCES/nss-config.xml /builddir/build/SOURCES/setup-nsssysinit.xml /builddir/build/SOURCES/pkcs11.txt.xml
+ cp /builddir/build/SOURCES/pkcs11.txt.xml .
+ for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml
+ xmlto man nss-config.xml
Note: Writing nss-config.1
+ for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml
+ xmlto man setup-nsssysinit.xml
Note: Writing setup-nsssysinit.1
+ for m in nss-config.xml setup-nsssysinit.xml pkcs11.txt.xml
+ xmlto man pkcs11.txt.xml
Note: Writing pkcs11.txt.5
+ for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml
+ cp /builddir/build/SOURCES/cert8.db.xml .
+ for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml
+ cp /builddir/build/SOURCES/cert9.db.xml .
+ for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml
+ cp /builddir/build/SOURCES/key3.db.xml .
+ for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml
+ cp /builddir/build/SOURCES/key4.db.xml .
+ for m in /builddir/build/SOURCES/cert8.db.xml /builddir/build/SOURCES/cert9.db.xml /builddir/build/SOURCES/key3.db.xml /builddir/build/SOURCES/key4.db.xml /builddir/build/SOURCES/secmod.db.xml
+ cp /builddir/build/SOURCES/secmod.db.xml .
+ for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml
+ xmlto man cert8.db.xml
Note: Writing cert8.db.5
+ for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml
+ xmlto man cert9.db.xml
Note: Writing cert9.db.5
+ for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml
+ xmlto man key3.db.xml
Note: Writing key3.db.5
+ for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml
+ xmlto man key4.db.xml
Note: Writing key4.db.5
+ for m in cert8.db.xml cert9.db.xml key3.db.xml key4.db.xml secmod.db.xml
+ xmlto man secmod.db.xml
Note: Writing secmod.db.5
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.jsDykv
+ umask 022
+ cd /builddir/build/BUILD
+ '[' /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm '!=' / ']'
+ rm -rf /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
++ dirname /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
+ mkdir -p /builddir/build/BUILDROOT
+ mkdir /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
+ cd nss-3.25.0
+ /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3/templates
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/pkgconfig
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/doc/nss-tools
+ mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1
+ mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5
+ touch /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/libnssckbi.so
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/libnssckbi.so
+ for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in libnss3.so libnsssysinit.so libsmime3.so libssl3.so
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert8.db /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/cert8.db
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key3.db /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/key3.db
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-secmod.db /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/secmod.db
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-cert9.db /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/cert9.db
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/blank-key4.db /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/key4.db
+ /usr/bin/install -p -m 644 /builddir/build/SOURCES/system-pkcs11.txt /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//etc/pki/nssdb/pkcs11.txt
+ for file in libcrmf.a libnssb.a libnssckfw.a
+ /usr/bin/install -p -m 644 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in libcrmf.a libnssb.a libnssckfw.a
+ /usr/bin/install -p -m 644 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in libcrmf.a libnssb.a libnssckfw.a
+ /usr/bin/install -p -m 644 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/certutil /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/cmsutil /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/crlutil /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/modutil /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/signtool /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/signver /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in certutil cmsutil crlutil modutil pk12util signtool signver ssltap
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/ssltap /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/atob /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/btoa /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/derdump /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/listsuites /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/ocspclnt /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pp /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/selfserv /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/strsclnt /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/symkeyutil /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/tstclnt /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/vfyserv /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
+ /usr/bin/install -p -m 755 dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/vfychain /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/nss/unsupported-tools
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cert.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/certdb.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/certt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cmmf.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cmmft.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cms.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cmsreclist.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cmst.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/crmf.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/crmft.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cryptohi.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/cryptoht.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/jar-ds.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/jar.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/jarfile.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/key.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/keyhi.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/keyt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/keythi.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nss.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssbase.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssbaset.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckbi.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckepv.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckft.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckfw.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckfwc.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckfwt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckg.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckmdt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/nssckt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/ocsp.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/ocspt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/p12.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/p12plcy.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/p12t.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pk11func.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pk11pqg.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pk11priv.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pk11pub.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pk11sdr.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pkcs12.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pkcs12t.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/pkcs7t.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/preenc.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/sechash.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/secmime.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/secmod.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/secmodt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/secpkcs5.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/secpkcs7.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/smime.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/ssl.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/sslerr.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/sslproto.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in 'dist/public/nss/*.h'
+ /usr/bin/install -p -m 644 dist/public/nss/sslt.h /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3
+ for file in dist/private/nss/nssck.api
+ /usr/bin/install -p -m 644 dist/private/nss/nssck.api /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/include/nss3/templates
+ /usr/bin/install -p -m 644 ./dist/pkgconfig/nss.pc /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/lib/pkgconfig/nss.pc
+ /usr/bin/install -p -m 755 ./dist/pkgconfig/nss-config /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin/nss-config
+ /usr/bin/install -p -m 755 ./dist/pkgconfig/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin/setup-nsssysinit.sh
+ ln -r -s -f /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin/setup-nsssysinit.sh /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm//usr/bin/setup-nsssysinit
+ for f in nss-config setup-nsssysinit
+ install -c -m 644 nss-config.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/nss-config.1
+ for f in nss-config setup-nsssysinit
+ install -c -m 644 setup-nsssysinit.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/setup-nsssysinit.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/certutil.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/certutil.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/cmsutil.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/cmsutil.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/crlutil.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/crlutil.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/derdump.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/derdump.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/modutil.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/modutil.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/pk12util.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/pk12util.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/signtool.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/signtool.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/signver.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/signver.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/ssltap.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/ssltap.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/vfychain.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/vfychain.1
+ for f in '""certutil' cmsutil crlutil derdump modutil pk12util signtool signver ssltap vfychain 'vfyserv""'
+ install -c -m 644 ./dist/docs/nroff/vfyserv.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man1/vfyserv.1
+ install -c -m 644 ./dist/docs/nroff/pp.1 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/doc/nss-tools/pp.1
+ for f in pkcs11.txt
+ install -c -m 644 pkcs11.txt.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/pkcs11.txt.5
+ for f in cert8.db cert9.db key3.db key4.db secmod.db
+ install -c -m 644 cert8.db.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/cert8.db.5
+ for f in cert8.db cert9.db key3.db key4.db secmod.db
+ install -c -m 644 cert9.db.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/cert9.db.5
+ for f in cert8.db cert9.db key3.db key4.db secmod.db
+ install -c -m 644 key3.db.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/key3.db.5
+ for f in cert8.db cert9.db key3.db key4.db secmod.db
+ install -c -m 644 key4.db.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/key4.db.5
+ for f in cert8.db cert9.db key3.db key4.db secmod.db
+ install -c -m 644 secmod.db.5 /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/man/man5/secmod.db.5
+ /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 /builddir/build/BUILD/nss-3.25.0
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/libsmime3.so
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/libnsssysinit.so
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/pp
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/listsuites
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/btoa
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/vfychain
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/strsclnt
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/tstclnt
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/ocspclnt
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/vfyserv
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/symkeyutil
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/selfserv
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/derdump
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/unsupported-tools/atob
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/nss/libnssckbi.so
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/libssl3.so
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/lib/libnss3.so
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/pk12util
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/certutil
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/crlutil
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/ssltap
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/cmsutil
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/signver
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/signtool
extracting debug info from /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/bin/modutil
/usr/lib/rpm/sepdebugcrcfix: Updated 25 CRC32s, 0 CRC32s did match.
cpio: nss-3.25.0/nss/cmd/modutil/lex.Pk11Install_yy.cpp: Cannot stat: No such file or directory
cpio: nss-3.25.0/nss/cmd/modutil/ytab.c: Cannot stat: No such file or directory
24587 blocks
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1
+ /usr/lib/rpm/brp-python-hardlink
+ /usr/lib/rpm/redhat/brp-java-repack-jars
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.eT6lAE
+ umask 022
+ cd /builddir/build/BUILD
+ cd nss-3.25.0
+ '[' 0 -eq 1 ']'
+ export POLICY_FILE=nss.config
+ POLICY_FILE=nss.config
+ export POLICY_PATH=/etc/crypto-policies/back-ends
+ POLICY_PATH=/etc/crypto-policies/back-ends
+ FREEBL_NO_DEPEND=1
+ export FREEBL_NO_DEPEND
+ export BUILD_OPT=1
+ BUILD_OPT=1
+ export NSS_BLTEST_NOT_AVAILABLE=1
+ NSS_BLTEST_NOT_AVAILABLE=1
+ export SOFTOKEN_LIB_DIR=/usr/lib
+ SOFTOKEN_LIB_DIR=/usr/lib
++ find ./nss/tests
++ grep -c ' '
+ SPACEISBAD=0
+ :
+ '[' 0 -ne 0 ']'
++ perl -e 'print 9000 + int rand 1000'
+ MYRAND=9658
9658
selfserv_9658
+ echo 9658
+ RANDSERV=selfserv_9658
+ echo selfserv_9658
++ ls -d ./dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
+ DISTBINDIR=./dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
./dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
+ echo ./dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
++ pwd
~/build/BUILD/nss-3.25.0 ~/build/BUILD/nss-3.25.0
+ pushd /builddir/build/BUILD/nss-3.25.0
+ cd ./dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin
+ ln -s selfserv selfserv_9658
+ popd
~/build/BUILD/nss-3.25.0
+ find ./nss/tests -type f
+ grep -v '\.db$'
+ grep -vw CVS
+ grep -v '\.crl$'
+ grep -v '\.crt$'
+ xargs grep -lw selfserv
+ xargs -l perl -pi -e 's/\bselfserv\b/selfserv_9658/g'
+ killall selfserv_9658
selfserv_9658: no process found
+ :
+ rm -rf ./tests_results
+ pushd ./nss/tests/
~/build/BUILD/nss-3.25.0/nss/tests ~/build/BUILD/nss-3.25.0
++ echo
+ SKIP_NSS_TEST_SUITE=
+ '[' x == x ']'
+ HOST=localhost
+ DOMSUF=localdomain
+ PORT=9658
+ NSS_CYCLES=
+ NSS_TESTS='libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests'
+ NSS_SSL_TESTS=
+ NSS_SSL_RUN=
+ ./all.sh
testdir is /builddir/build/BUILD/nss-3.25.0/tests_results/security
init.sh init: Creating /builddir/build/BUILD/nss-3.25.0/tests_results/security
which: no domainname in (.:/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin)
********************************************
   Platform: Linux4.4_arm_cc_glibc_PTH_OPT.OBJ
   Results: localhost.1
********************************************
init.sh init: Testing PATH .:/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin:/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib:/bin:/usr/bin:/usr/sbin:/sbin:/usr/local/sbin against LIB /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib:
Running tests for libpkix
TIMESTAMP libpkix BEGIN: Tue Jun 28 16:54:42 UTC 2016
TIMESTAMP libpkix END: Tue Jun 28 16:54:42 UTC 2016
Running tests for cert
TIMESTAMP cert BEGIN: Tue Jun 28 16:54:42 UTC 2016
cert.sh: Certutil and Crlutil Tests with ECC ===============================
cert.sh: #1: Looking for root certs module. - PASSED
cert.sh: Creating a CA Certificate TestCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -f ../tests.pw
cert.sh: #2: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #3: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert TestCA  --------------------------
certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #4: Creating CA Cert TestCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -o root.cert
cert.sh: #5: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -f ../tests.pw
cert.sh: #6: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #7: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert serverCA  --------------------------
certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #8: Creating CA Cert serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -o root.cert
cert.sh: #9: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating CA Cert chain-1-serverCA  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #10: Creating CA Cert chain-1-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -o root.cert
cert.sh: #11: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating CA Cert chain-2-serverCA  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #12: Creating CA Cert chain-2-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -o root.cert
cert.sh: #13: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -f ../tests.pw
cert.sh: #14: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #15: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert clientCA  --------------------------
certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #16: Creating CA Cert clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -o root.cert
cert.sh: #17: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating CA Cert chain-1-clientCA  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #18: Creating CA Cert chain-1-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -o root.cert
cert.sh: #19: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating CA Cert chain-2-clientCA  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #20: Creating CA Cert chain-2-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -o root.cert
cert.sh: #21: Exporting Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate TestCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA
cert.sh: Creating DSA CA Cert TestCA-dsa  --------------------------
certutil -s "CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-dsa -k dsa -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #22: Creating DSA CA Cert TestCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n TestCA-dsa -r -d . -o dsaroot.cert
cert.sh: #23: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating DSA CA Cert serverCA-dsa  --------------------------
certutil -s "CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-dsa -k dsa -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #24: Creating DSA CA Cert serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #25: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating DSA CA Cert chain-1-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-dsa -k dsa -t u,u,u -v 600 -c serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #26: Creating DSA CA Cert chain-1-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #27: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating DSA CA Cert chain-2-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #28: Creating DSA CA Cert chain-2-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #29: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating DSA CA Cert clientCA-dsa  --------------------------
certutil -s "CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-dsa -k dsa -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #30: Creating DSA CA Cert clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #31: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating DSA CA Cert chain-1-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-dsa -k dsa -t u,u,u -v 600 -c clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #32: Creating DSA CA Cert chain-1-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #33: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating DSA CA Cert chain-2-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #34: Creating DSA CA Cert chain-2-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #35: Exporting DSA Root Cert - PASSED
cert.sh: Creating an EC CA Certificate TestCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA
cert.sh: Creating EC CA Cert TestCA-ec  --------------------------
certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #36: Creating EC CA Cert TestCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n TestCA-ec -r -d . -o ecroot.cert
cert.sh: #37: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating EC CA Cert serverCA-ec  --------------------------
certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #38: Creating EC CA Cert serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n serverCA-ec -r -d . -o ecroot.cert
cert.sh: #39: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating EC CA Cert chain-1-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #40: Creating EC CA Cert chain-1-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #41: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA
cert.sh: Creating EC CA Cert chain-2-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #42: Creating EC CA Cert chain-2-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #43: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating EC CA Cert clientCA-ec  --------------------------
certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #44: Creating EC CA Cert clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n clientCA-ec -r -d . -o ecroot.cert
cert.sh: #45: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating EC CA Cert chain-1-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #46: Creating EC CA Cert chain-1-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #47: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA
cert.sh: Creating EC CA Cert chain-2-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #48: Creating EC CA Cert chain-2-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #49: Exporting EC Root Cert - PASSED
cert.sh: Creating Certificates, issued by the last ===============
     of a chain of CA's which are not in the same database============
Server Cert
cert.sh: Initializing localhost.localdomain's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw
cert.sh: #50: Initializing localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #51: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #52: Generate Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw
cert.sh: #53: Sign localhost.localdomain's Request (ext) - PASSED
cert.sh: Import localhost.localdomain's Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #54: Import localhost.localdomain's Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA.ca.cert
cert.sh: #55: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #56: Generate DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA-dsa -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw
cert.sh: #57: Sign localhost.localdomain's DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #58: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA-dsa.ca.cert
cert.sh: #59: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #60: Generate mixed DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 202 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw
cert.sh: #61: Sign localhost.localdomain's mixed DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #62: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #63: Generate EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw
cert.sh: #64: Sign localhost.localdomain's EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #65: Import localhost.localdomain's EC Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert
cert.sh: #66: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #67: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw
cert.sh: #68: Sign localhost.localdomain's mixed EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #69: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) - PASSED
Importing all the server's own CA chain into the servers DB
cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-2-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #70: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-2-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #71: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-2-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #72: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-1-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #73: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-1-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #74: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA.ca.cert
cert.sh: #75: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert
cert.sh: #76: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA-dsa.ca.cert
cert.sh: #77: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/chain-1-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #78: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
Client Cert
cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw
cert.sh: #79: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #80: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #81: Generate Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw
cert.sh: #82: Sign ExtendedSSLUser's Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #83: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA.ca.cert
cert.sh: #84: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #85: Generate DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA-dsa -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-dsa.cert -f ../tests.pw
cert.sh: #86: Sign ExtendedSSLUser's DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #87: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA-dsa.ca.cert
cert.sh: #88: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #89: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 302 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-dsamixed.cert -f ../tests.pw
cert.sh: #90: Sign ExtendedSSLUser's mixed DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #91: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #92: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw
cert.sh: #93: Sign ExtendedSSLUser's EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #94: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA/serverCA-ec.ca.cert
cert.sh: #95: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #96: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw
cert.sh: #97: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #98: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED
Importing all the client's own CA chain into the servers DB
cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-2-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #99: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-1-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #100: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-1-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #101: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-2-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #102: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA-dsa.ca.cert
cert.sh: #103: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-1-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #104: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA.ca.cert
cert.sh: #105: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/chain-2-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #106: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/clientCA/clientCA-ec.ca.cert
cert.sh: #107: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh SUCCESS: EXT passed
cert.sh: Creating Client CA Issued Certificates ===============
cert.sh: Initializing TestUser's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw
cert.sh: #108: Initializing TestUser's Cert DB - PASSED
cert.sh: Loading root cert module to TestUser's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #109: Loading root cert module to TestUser's Cert DB - PASSED
cert.sh: Import Root CA for TestUser --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -i ../CA/TestCA.ca.cert
cert.sh: #110: Import Root CA for TestUser - PASSED
cert.sh: Import DSA Root CA for TestUser --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -i ../CA/TestCA-dsa.ca.cert
cert.sh: #111: Import DSA Root CA for TestUser - PASSED
cert.sh: Import EC Root CA for TestUser --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -i ../CA/TestCA-ec.ca.cert
cert.sh: #112: Import EC Root CA for TestUser - PASSED
cert.sh: Generate Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #113: Generate Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's Request --------------------------
certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw 
cert.sh: #114: Sign TestUser's Request - PASSED
cert.sh: Import TestUser's Cert --------------------------
certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #115: Import TestUser's Cert - PASSED
cert.sh SUCCESS: TestUser's Cert Created
cert.sh: Generate DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #116: Generate DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 70 -v 60 -d ../CA -i req -o TestUser-dsa.cert -f ../tests.pw 
cert.sh: #117: Sign TestUser's DSA Request - PASSED
cert.sh: Import TestUser's DSA Cert --------------------------
certutil -A -n TestUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #118: Import TestUser's DSA Cert - PASSED
cert.sh SUCCESS: TestUser's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #119: Generate mixed DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20070 -v 60 -d ../CA -i req -o TestUser-dsamixed.cert -f ../tests.pw 
cert.sh: #120: Sign TestUser's DSA Request with RSA - PASSED
cert.sh: Import TestUser's mixed DSA Cert --------------------------
certutil -A -n TestUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #121: Import TestUser's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #122: Generate EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request --------------------------
certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw 
cert.sh: #123: Sign TestUser's EC Request - PASSED
cert.sh: Import TestUser's EC Cert --------------------------
certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #124: Import TestUser's EC Cert - PASSED
cert.sh SUCCESS: TestUser's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #125: Generate mixed EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw 
cert.sh: #126: Sign TestUser's EC Request with RSA - PASSED
cert.sh: Import TestUser's mixed EC Cert --------------------------
certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #127: Import TestUser's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain ------------------------------------
cert.sh: Initializing localhost.localdomain's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw
cert.sh: #128: Initializing localhost.localdomain's Cert DB - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #129: Loading root cert module to localhost.localdomain's Cert DB - PASSED
cert.sh: Import Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -i ../CA/TestCA.ca.cert
cert.sh: #130: Import Root CA for localhost.localdomain - PASSED
cert.sh: Import DSA Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -i ../CA/TestCA-dsa.ca.cert
cert.sh: #131: Import DSA Root CA for localhost.localdomain - PASSED
cert.sh: Import EC Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -i ../CA/TestCA-ec.ca.cert
cert.sh: #132: Import EC Root CA for localhost.localdomain - PASSED
cert.sh: Generate Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #133: Generate Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's Request --------------------------
certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw 
cert.sh: #134: Sign localhost.localdomain's Request - PASSED
cert.sh: Import localhost.localdomain's Cert --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #135: Import localhost.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #136: Generate DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #137: Sign localhost.localdomain's DSA Request - PASSED
cert.sh: Import localhost.localdomain's DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #138: Import localhost.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #139: Generate mixed DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20100 -v 60 -d ../CA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #140: Sign localhost.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #141: Import localhost.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #142: Generate EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw 
cert.sh: #143: Sign localhost.localdomain's EC Request - PASSED
cert.sh: Import localhost.localdomain's EC Cert --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #144: Import localhost.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #145: Generate mixed EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #146: Sign localhost.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #147: Import localhost.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain-sni --------------------------------
cert.sh: Generate Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #148: Generate Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's Request --------------------------
certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw 
cert.sh: #149: Sign localhost-sni.localdomain's Request - PASSED
cert.sh: Import localhost-sni.localdomain's Cert --------------------------
certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #150: Import localhost-sni.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #151: Generate DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #152: Sign localhost-sni.localdomain's DSA Request - PASSED
cert.sh: Import localhost-sni.localdomain's DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #153: Import localhost-sni.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #154: Generate mixed DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #155: Sign localhost-sni.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #156: Import localhost-sni.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #157: Generate EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw 
cert.sh: #158: Sign localhost-sni.localdomain's EC Request - PASSED
cert.sh: Import localhost-sni.localdomain's EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #159: Import localhost-sni.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #160: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #161: Sign localhost-sni.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #162: Import localhost-sni.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created
cert.sh: Modify trust attributes of Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw
cert.sh: #163: Modify trust attributes of Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of DSA Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-dsa -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw
cert.sh: #164: Modify trust attributes of DSA Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server -f ../tests.pw
cert.sh: #165: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED
cert.sh SUCCESS: SSL passed
cert.sh: Creating database for OCSP stapling tests  ===============
cp -r /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/server /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/stapling
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA
pk12util: PKCS12 EXPORT SUCCESSFUL
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling
pk12util: PKCS12 IMPORT SUCCESSFUL
cert.sh: Creating Client CA Issued Certificates ==============
cert.sh: Initializing Alice's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw
cert.sh: #166: Initializing Alice's Cert DB - PASSED
cert.sh: Loading root cert module to Alice's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #167: Loading root cert module to Alice's Cert DB - PASSED
cert.sh: Import Root CA for Alice --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -i ../CA/TestCA.ca.cert
cert.sh: #168: Import Root CA for Alice - PASSED
cert.sh: Import DSA Root CA for Alice --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #169: Import DSA Root CA for Alice - PASSED
cert.sh: Import EC Root CA for Alice --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -i ../CA/TestCA-ec.ca.cert
cert.sh: #170: Import EC Root CA for Alice - PASSED
cert.sh: Generate Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #171: Generate Cert Request for Alice - PASSED
cert.sh: Sign Alice's Request --------------------------
certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw 
cert.sh: #172: Sign Alice's Request - PASSED
cert.sh: Import Alice's Cert --------------------------
certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #173: Import Alice's Cert - PASSED
cert.sh SUCCESS: Alice's Cert Created
cert.sh: Generate DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #174: Generate DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 30 -v 60 -d ../CA -i req -o Alice-dsa.cert -f ../tests.pw 
cert.sh: #175: Sign Alice's DSA Request - PASSED
cert.sh: Import Alice's DSA Cert --------------------------
certutil -A -n Alice-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #176: Import Alice's DSA Cert - PASSED
cert.sh SUCCESS: Alice's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #177: Generate mixed DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20030 -v 60 -d ../CA -i req -o Alice-dsamixed.cert -f ../tests.pw 
cert.sh: #178: Sign Alice's DSA Request with RSA - PASSED
cert.sh: Import Alice's mixed DSA Cert --------------------------
certutil -A -n Alice-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #179: Import Alice's mixed DSA Cert - PASSED
cert.sh SUCCESS: Alice's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #180: Generate EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request --------------------------
certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw 
cert.sh: #181: Sign Alice's EC Request - PASSED
cert.sh: Import Alice's EC Cert --------------------------
certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #182: Import Alice's EC Cert - PASSED
cert.sh SUCCESS: Alice's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #183: Generate mixed EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw 
cert.sh: #184: Sign Alice's EC Request with RSA - PASSED
cert.sh: Import Alice's mixed EC Cert --------------------------
certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/alicedir -f ../tests.pw -i Alice-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #185: Import Alice's mixed EC Cert - PASSED
cert.sh SUCCESS: Alice's mixed EC Cert Created
cert.sh: Initializing Bob's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw
cert.sh: #186: Initializing Bob's Cert DB - PASSED
cert.sh: Loading root cert module to Bob's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #187: Loading root cert module to Bob's Cert DB - PASSED
cert.sh: Import Root CA for Bob --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -i ../CA/TestCA.ca.cert
cert.sh: #188: Import Root CA for Bob - PASSED
cert.sh: Import DSA Root CA for Bob --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #189: Import DSA Root CA for Bob - PASSED
cert.sh: Import EC Root CA for Bob --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -i ../CA/TestCA-ec.ca.cert
cert.sh: #190: Import EC Root CA for Bob - PASSED
cert.sh: Generate Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #191: Generate Cert Request for Bob - PASSED
cert.sh: Sign Bob's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw 
cert.sh: #192: Sign Bob's Request - PASSED
cert.sh: Import Bob's Cert --------------------------
certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #193: Import Bob's Cert - PASSED
cert.sh SUCCESS: Bob's Cert Created
cert.sh: Generate DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #194: Generate DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o Bob-dsa.cert -f ../tests.pw 
cert.sh: #195: Sign Bob's DSA Request - PASSED
cert.sh: Import Bob's DSA Cert --------------------------
certutil -A -n Bob-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #196: Import Bob's DSA Cert - PASSED
cert.sh SUCCESS: Bob's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #197: Generate mixed DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o Bob-dsamixed.cert -f ../tests.pw 
cert.sh: #198: Sign Bob's DSA Request with RSA - PASSED
cert.sh: Import Bob's mixed DSA Cert --------------------------
certutil -A -n Bob-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #199: Import Bob's mixed DSA Cert - PASSED
cert.sh SUCCESS: Bob's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #200: Generate EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw 
cert.sh: #201: Sign Bob's EC Request - PASSED
cert.sh: Import Bob's EC Cert --------------------------
certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #202: Import Bob's EC Cert - PASSED
cert.sh SUCCESS: Bob's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #203: Generate mixed EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw 
cert.sh: #204: Sign Bob's EC Request with RSA - PASSED
cert.sh: Import Bob's mixed EC Cert --------------------------
certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/bobdir -f ../tests.pw -i Bob-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #205: Import Bob's mixed EC Cert - PASSED
cert.sh SUCCESS: Bob's mixed EC Cert Created
cert.sh: Creating Dave's Certificate -------------------------
cert.sh: Initializing Dave's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw
cert.sh: #206: Initializing Dave's Cert DB - PASSED
cert.sh: Loading root cert module to Dave's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #207: Loading root cert module to Dave's Cert DB - PASSED
cert.sh: Import Root CA for Dave --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -i ../CA/TestCA.ca.cert
cert.sh: #208: Import Root CA for Dave - PASSED
cert.sh: Import DSA Root CA for Dave --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -i ../CA/TestCA-dsa.ca.cert
cert.sh: #209: Import DSA Root CA for Dave - PASSED
cert.sh: Import EC Root CA for Dave --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -i ../CA/TestCA-ec.ca.cert
cert.sh: #210: Import EC Root CA for Dave - PASSED
cert.sh: Generate Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #211: Generate Cert Request for Dave - PASSED
cert.sh: Sign Dave's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw 
cert.sh: #212: Sign Dave's Request - PASSED
cert.sh: Import Dave's Cert --------------------------
certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #213: Import Dave's Cert - PASSED
cert.sh SUCCESS: Dave's Cert Created
cert.sh: Generate DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #214: Generate DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o Dave-dsa.cert -f ../tests.pw 
cert.sh: #215: Sign Dave's DSA Request - PASSED
cert.sh: Import Dave's DSA Cert --------------------------
certutil -A -n Dave-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #216: Import Dave's DSA Cert - PASSED
cert.sh SUCCESS: Dave's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #217: Generate mixed DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o Dave-dsamixed.cert -f ../tests.pw 
cert.sh: #218: Sign Dave's DSA Request with RSA - PASSED
cert.sh: Import Dave's mixed DSA Cert --------------------------
certutil -A -n Dave-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #219: Import Dave's mixed DSA Cert - PASSED
cert.sh SUCCESS: Dave's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #220: Generate EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw 
cert.sh: #221: Sign Dave's EC Request - PASSED
cert.sh: Import Dave's EC Cert --------------------------
certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #222: Import Dave's EC Cert - PASSED
cert.sh SUCCESS: Dave's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #223: Generate mixed EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw 
cert.sh: #224: Sign Dave's EC Request with RSA - PASSED
cert.sh: Import Dave's mixed EC Cert --------------------------
certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dave -f ../tests.pw -i Dave-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #225: Import Dave's mixed EC Cert - PASSED
cert.sh SUCCESS: Dave's mixed EC Cert Created
cert.sh: Creating multiEmail's Certificate --------------------
cert.sh: Initializing Eve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw
cert.sh: #226: Initializing Eve's Cert DB - PASSED
cert.sh: Loading root cert module to Eve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #227: Loading root cert module to Eve's Cert DB - PASSED
cert.sh: Import Root CA for Eve --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -i ../CA/TestCA.ca.cert
cert.sh: #228: Import Root CA for Eve - PASSED
cert.sh: Import DSA Root CA for Eve --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -i ../CA/TestCA-dsa.ca.cert
cert.sh: #229: Import DSA Root CA for Eve - PASSED
cert.sh: Import EC Root CA for Eve --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -i ../CA/TestCA-ec.ca.cert
cert.sh: #230: Import EC Root CA for Eve - PASSED
cert.sh: Generate Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #231: Generate Cert Request for Eve - PASSED
cert.sh: Sign Eve's Request --------------------------
certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #232: Sign Eve's Request - PASSED
cert.sh: Import Eve's Cert --------------------------
certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #233: Import Eve's Cert - PASSED
cert.sh SUCCESS: Eve's Cert Created
cert.sh: Generate DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #234: Generate DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 60 -v 60 -d ../CA -i req -o Eve-dsa.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #235: Sign Eve's DSA Request - PASSED
cert.sh: Import Eve's DSA Cert --------------------------
certutil -A -n Eve-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #236: Import Eve's DSA Cert - PASSED
cert.sh SUCCESS: Eve's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #237: Generate mixed DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20060 -v 60 -d ../CA -i req -o Eve-dsamixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #238: Sign Eve's DSA Request with RSA - PASSED
cert.sh: Import Eve's mixed DSA Cert --------------------------
certutil -A -n Eve-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #239: Import Eve's mixed DSA Cert - PASSED
cert.sh SUCCESS: Eve's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #240: Generate EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request --------------------------
certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #241: Sign Eve's EC Request - PASSED
cert.sh: Import Eve's EC Cert --------------------------
certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #242: Import Eve's EC Cert - PASSED
cert.sh SUCCESS: Eve's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #243: Generate mixed EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #244: Sign Eve's EC Request with RSA - PASSED
cert.sh: Import Eve's mixed EC Cert --------------------------
certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eve -f ../tests.pw -i Eve-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #245: Import Eve's mixed EC Cert - PASSED
cert.sh SUCCESS: Eve's mixed EC Cert Created
cert.sh: Importing Certificates ==============================
cert.sh: Import Bob's cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert
cert.sh: #246: Import Bob's cert into Alice's db - PASSED
cert.sh: Import Dave's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #247: Import Dave's cert into Alice's DB - PASSED
cert.sh: Import Dave's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #248: Import Dave's cert into Bob's DB - PASSED
cert.sh: Import Eve's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #249: Import Eve's cert into Alice's DB - PASSED
cert.sh: Import Eve's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #250: Import Eve's cert into Bob's DB - PASSED
cert.sh: Importing EC Certificates ==============================
cert.sh: Import Bob's EC cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert
cert.sh: #251: Import Bob's EC cert into Alice's db - PASSED
cert.sh: Import Dave's EC cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #252: Import Dave's EC cert into Alice's DB - PASSED
cert.sh: Import Dave's EC cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #253: Import Dave's EC cert into Bob's DB - PASSED
cert.sh SUCCESS: SMIME passed
cert.sh: Creating FIPS 140 DSA Certificates ==============
cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips -f ../tests.fipspw
cert.sh: #254: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED
cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #255: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED
cert.sh: Enable FIPS mode on database -----------------------
modutil -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips -fips true 
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
FIPS mode enabled.
cert.sh: #256: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED
cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate --------------------------
certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #257: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED
cert.sh SUCCESS: FIPS passed
cert.sh: Creating Server CA Issued Certificate for 
             EC Curves Test Certificates ------------------------------------
cert.sh: Initializing EC Curve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw
cert.sh: #258: Initializing EC Curve's Cert DB - PASSED
cert.sh: Loading root cert module to EC Curve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #259: Loading root cert module to EC Curve's Cert DB - PASSED
cert.sh: Import EC Root CA for EC Curves Test Certificates --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -i ../CA/TestCA-ec.ca.cert
cert.sh: #260: Import EC Root CA for EC Curves Test Certificates - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp256 --------------------------
certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #261: Generate EC Cert Request for Curve-nistp256 - PASSED
cert.sh: Sign Curve-nistp256's EC Request --------------------------
certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw 
cert.sh: #262: Sign Curve-nistp256's EC Request - PASSED
cert.sh: Import Curve-nistp256's EC Cert --------------------------
certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #263: Import Curve-nistp256's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp384 --------------------------
certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #264: Generate EC Cert Request for Curve-nistp384 - PASSED
cert.sh: Sign Curve-nistp384's EC Request --------------------------
certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw 
cert.sh: #265: Sign Curve-nistp384's EC Request - PASSED
cert.sh: Import Curve-nistp384's EC Cert --------------------------
certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #266: Import Curve-nistp384's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp521 --------------------------
certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #267: Generate EC Cert Request for Curve-nistp521 - PASSED
cert.sh: Sign Curve-nistp521's EC Request --------------------------
certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw 
cert.sh: #268: Sign Curve-nistp521's EC Request - PASSED
cert.sh: Import Curve-nistp521's EC Cert --------------------------
certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #269: Import Curve-nistp521's EC Cert - PASSED
cert.sh: Initializing TestExt's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw
cert.sh: #270: Initializing TestExt's Cert DB - PASSED
cert.sh: Loading root cert module to TestExt's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #271: Loading root cert module to TestExt's Cert DB - PASSED
cert.sh: Import Root CA for TestExt --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA.ca.cert
cert.sh: #272: Import Root CA for TestExt - PASSED
cert.sh: Import DSA Root CA for TestExt --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA-dsa.ca.cert
cert.sh: #273: Import DSA Root CA for TestExt - PASSED
cert.sh: Import EC Root CA for TestExt --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -i ../CA/TestCA-ec.ca.cert
cert.sh: #274: Import EC Root CA for TestExt - PASSED
cert.sh: Generate Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #275: Generate Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's Request --------------------------
certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw 
cert.sh: #276: Sign TestExt's Request - PASSED
cert.sh: Import TestExt's Cert --------------------------
certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #277: Import TestExt's Cert - PASSED
cert.sh SUCCESS: TestExt's Cert Created
cert.sh: Generate DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #278: Generate DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 90 -v 60 -d ../CA -i req -o TestExt-dsa.cert -f ../tests.pw 
cert.sh: #279: Sign TestExt's DSA Request - PASSED
cert.sh: Import TestExt's DSA Cert --------------------------
certutil -A -n TestExt-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #280: Import TestExt's DSA Cert - PASSED
cert.sh SUCCESS: TestExt's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #281: Generate mixed DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20090 -v 60 -d ../CA -i req -o TestExt-dsamixed.cert -f ../tests.pw 
cert.sh: #282: Sign TestExt's DSA Request with RSA - PASSED
cert.sh: Import TestExt's mixed DSA Cert --------------------------
certutil -A -n TestExt-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #283: Import TestExt's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestExt's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #284: Generate EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request --------------------------
certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw 
cert.sh: #285: Sign TestExt's EC Request - PASSED
cert.sh: Import TestExt's EC Cert --------------------------
certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #286: Import TestExt's EC Cert - PASSED
cert.sh SUCCESS: TestExt's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #287: Generate mixed EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw 
cert.sh: #288: Sign TestExt's EC Request with RSA - PASSED
cert.sh: Import TestExt's mixed EC Cert --------------------------
certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #289: Import TestExt's mixed EC Cert - PASSED
cert.sh SUCCESS: TestExt's mixed EC Cert Created
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:a3
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:41 2016
            Not After : Wed Sep 28 16:56:41 2016
        Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:d8:dc:ad:d2:b1:1f:7c:c6:6a:10:f4:b4:90:61:63:
                    ea:bb:1e:f4:00:55:c9:aa:2a:19:58:ba:a5:4b:4f:76:
                    27:6d:32:46:2c:ea:31:39:3f:8f:c5:51:43:11:05:1c:
                    f1:54:45:ba:89:7f:24:0f:2d:6f:b0:66:3a:35:ac:dc:
                    df:e2:52:6f:4f:41:1f:53:f3:03:89:88:cc:0b:ce:55:
                    27:b6:53:b9:40:5a:3a:7e:70:0c:be:93:11:8f:21:f4:
                    d3:15:9a:26:1d:a8:d9:5f:b5:36:6e:c0:8d:41:d2:fd:
                    4a:0b:71:ec:56:06:cc:e5:dc:66:b8:4f:2b:ed:e7:6a:
                    76:58:e7:01:e2:ad:dd:5c:87:a0:5a:1f:e3:16:5a:8d:
                    ca:44:9e:5e:d0:30:ec:66:95:a0:43:66:15:a3:92:67:
                    f2:0d:24:2e:40:53:dd:12:e9:fc:c5:b0:d0:c4:c0:db:
                    ce:3f:8d:06:8b:78:83:93:c5:4b:0f:46:ff:63:7b:7c:
                    13:a6:ba:24:fe:a2:ed:a5:81:db:25:02:7b:1b:97:6a:
                    84:f2:11:67:38:2f:a2:c5:4f:ce:d2:8f:18:8d:28:6a:
                    b7:2e:0e:e6:10:4c:aa:16:4b:bc:05:98:24:16:7a:94:
                    ed:c1:36:da:38:94:5a:a8:8e:4c:05:1e:14:34:32:fb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:41:16:a4:67:f0:f3:af:07:80:6c:ae:de:df:27:1c:
        09:94:2a:54:ae:5c:cb:b5:ed:37:02:5a:a0:94:a6:1c:
        8b:ad:af:57:d7:8b:23:9d:4b:0b:40:70:77:17:43:cc:
        21:49:0b:7f:fd:ad:b2:59:52:95:3d:ad:cd:47:e7:b1:
        3c:54:4d:e6:52:35:7c:3b:f3:5b:1d:3e:08:e6:4b:4d:
        0c:db:70:d0:d0:d5:70:d3:41:06:7c:a9:30:0b:e4:eb:
        1c:d7:a6:ea:bb:78:94:16:b9:9c:a3:2e:5a:b1:6a:56:
        29:78:17:3e:2e:c0:9c:c3:5a:39:1e:10:f9:ce:0d:be:
        ba:8f:0f:a8:93:d3:74:4f:8a:89:ad:c7:ff:90:06:19:
        82:68:66:ad:62:4a:7e:20:5c:a4:21:9c:91:7f:b3:d6:
        8b:cd:ff:a8:72:6f:f3:71:46:5d:d1:9f:0f:b7:d5:00:
        0f:74:be:6f:7e:5f:80:af:97:2a:74:d6:93:2a:ce:0f:
        0b:7d:6c:37:92:cf:d9:31:8a:48:b6:44:32:24:92:e7:
        cb:88:fb:bd:2a:81:8e:80:2c:e9:60:4c:a8:f0:87:67:
        75:3f:55:47:0f:46:8e:e3:c7:57:8d:16:1f:c0:c6:6e:
        be:62:11:9e:bc:93:fa:d8:f9:62:b9:d1:90:c6:1a:4a
    Fingerprint (SHA-256):
        58:29:48:BB:25:88:3D:4E:2B:1F:65:42:8A:A7:8B:C3:6A:2A:B0:39:9B:7A:4D:01:DC:40:BE:0C:89:E2:97:AA
    Fingerprint (SHA1):
        66:13:44:4F:3B:A7:04:9E:62:CC:6C:E6:A9:D9:E9:38:16:8D:8A:C9
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #290: Certificate Key Usage Extension (1) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:ad
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:45 2016
            Not After : Wed Sep 28 16:56:45 2016
        Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:a8:52:26:62:04:ad:3d:00:8c:42:9a:b8:d0:ee:99:
                    b2:ac:b4:7d:ec:c0:35:74:90:f8:de:74:64:6e:0b:12:
                    18:c7:21:ce:93:0d:d9:a1:ac:9b:db:9e:b9:b4:1f:e5:
                    e0:03:2f:a5:84:fd:af:96:5f:60:49:27:81:78:ac:44:
                    c2:66:e9:ac:eb:4b:d8:8d:15:76:1d:5a:f7:42:2a:2a:
                    06:fa:b7:1d:6b:09:b5:52:0c:46:ab:ff:12:5f:33:cb:
                    ae:05:95:a9:5c:3b:a0:7c:34:e0:3e:e8:63:14:cd:4b:
                    07:e1:02:ac:20:40:a0:eb:c0:ae:d9:44:ea:62:49:c2:
                    0a:8d:f2:6d:fe:a8:21:56:c3:7a:45:f6:73:d0:58:ad:
                    7a:27:b1:a7:14:39:57:0a:30:d1:05:90:b7:63:cd:90:
                    b2:0b:18:7a:6d:a5:c7:39:51:0b:ef:1f:b6:0f:64:b9:
                    28:1b:cb:58:91:75:a8:a3:f2:90:99:f4:33:b1:0b:7b:
                    4b:83:5e:41:25:bf:b5:9a:2e:20:85:75:b6:37:52:da:
                    36:73:9c:ac:6d:20:e1:d6:1b:41:ca:1f:24:78:30:29:
                    7a:83:d0:69:99:de:94:8e:c8:ce:39:8f:c9:31:f7:1d:
                    c5:1a:6f:eb:3f:14:88:15:0d:14:a4:ee:17:90:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        63:df:cd:3f:d6:f9:31:51:16:c3:e1:56:52:85:b4:09:
        43:01:fa:50:8e:fd:db:e6:5e:fb:9e:34:d3:45:2c:b8:
        50:50:03:50:29:2c:80:50:43:11:24:53:ac:e9:4a:03:
        23:61:f8:2b:95:4d:91:f2:cd:bc:56:41:ac:40:38:d9:
        73:eb:70:f7:2a:8b:80:3b:be:bc:86:e0:24:71:aa:f1:
        08:24:80:87:67:2d:0b:a6:04:f6:1f:40:d2:30:10:da:
        76:c6:22:d3:2d:b3:d3:ab:05:ef:06:9c:ac:1a:b9:7d:
        55:fd:86:1c:b5:a7:d1:f0:d5:50:c1:c2:3a:f0:88:ea:
        2d:d8:9f:c6:4d:5e:0b:82:35:8d:8e:15:da:28:dd:e4:
        fe:31:f3:1d:9b:33:1d:2c:cc:ec:65:03:e4:57:71:db:
        fc:e8:ab:aa:e6:0f:a7:e2:97:a8:d8:89:d5:d5:10:70:
        ba:65:03:d5:f9:79:76:e4:c8:ac:de:af:49:7f:58:53:
        9c:aa:c5:cb:8d:81:e9:68:10:02:fb:09:bb:c3:43:b2:
        7a:21:3f:42:7f:ba:ca:92:52:43:f9:c3:14:bb:d3:ca:
        bb:ea:09:05:d2:77:48:a4:d9:7f:91:dc:81:e7:4d:d7:
        62:00:48:6f:aa:9c:2b:1d:03:fd:b9:2d:15:b5:aa:2e
    Fingerprint (SHA-256):
        53:22:7F:DC:EF:61:07:7A:B8:17:21:28:91:83:5A:72:3A:82:59:00:96:59:39:6C:C8:FD:9A:31:A3:4D:F3:80
    Fingerprint (SHA1):
        A6:16:BD:64:15:86:DA:EB:C6:6A:3A:75:1D:EB:64:14:D1:0D:C7:2D
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #291: Certificate Key Usage Extension (2) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
y
-1
n
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:b4
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:48 2016
            Not After : Wed Sep 28 16:56:48 2016
        Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:0d:cd:1d:80:51:3d:a8:69:dd:64:ed:f2:97:9e:d6:
                    91:98:99:16:6f:8b:f0:75:d9:c8:2f:c1:a5:18:ed:8e:
                    1c:ba:c8:32:d1:c5:a7:d9:0e:51:a5:cb:ce:3e:c6:91:
                    67:6e:de:f7:9e:3b:66:e4:1e:de:e1:46:ae:d7:d9:15:
                    d3:a2:67:b6:73:a7:7d:63:4b:35:3d:40:e4:57:81:94:
                    74:a0:46:6e:b2:b4:6b:94:92:7d:57:50:2f:2b:6b:52:
                    08:89:47:37:63:92:05:b7:f0:12:f7:93:07:58:8b:ba:
                    3b:e1:41:21:55:fc:61:aa:6f:81:67:3e:ca:41:29:70:
                    d5:37:9a:dc:24:a4:ce:48:58:97:01:c0:3a:34:11:12:
                    c9:26:d0:d3:d9:88:fa:2d:fb:e5:27:79:2d:6b:64:a1:
                    9e:ce:16:45:19:1d:2e:89:a7:4d:f1:f8:e3:fd:f6:bb:
                    df:60:86:b2:e8:02:98:62:23:71:dc:32:7d:b1:cd:27:
                    c3:f5:10:b7:7a:12:ea:3a:08:31:66:e4:11:3c:96:38:
                    11:4a:c8:30:af:be:5e:81:a9:32:23:c2:d9:60:50:d5:
                    79:8b:85:cc:f0:1e:dd:de:cc:f5:1a:15:25:8e:61:a1:
                    b8:42:10:07:4b:81:d9:fb:64:2f:0c:2e:ee:f8:14:03
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        43:26:de:17:21:b4:0e:d7:77:24:6c:8e:12:9a:9d:a6:
        aa:37:0c:d7:64:1d:fa:61:85:04:1e:65:94:af:a6:31:
        0f:35:d6:3e:e2:e7:c2:d9:a0:32:16:0d:ed:fa:1f:21:
        8e:27:7d:df:b7:21:5c:89:2b:f8:51:f7:74:66:60:3f:
        6e:17:35:eb:28:c2:67:ee:7e:24:7d:6d:80:96:44:52:
        78:98:63:bb:e2:47:95:26:79:08:a2:56:d3:e7:ce:dc:
        18:04:b2:d7:ef:0e:3b:d1:65:63:dc:fe:da:37:87:36:
        e4:f2:b1:d4:f8:ed:54:0a:4c:1c:49:d8:cc:22:48:24:
        70:2d:da:39:dd:38:71:e5:0d:e9:f0:14:1c:4e:7e:f9:
        14:2d:eb:05:ac:cc:fe:64:b0:db:34:22:28:d3:42:75:
        cd:d6:8f:03:ef:71:74:5d:b4:e7:a6:cb:5f:14:3e:49:
        57:a1:07:fe:60:bc:1d:47:d8:bc:f6:28:8f:4e:2a:83:
        af:61:71:5e:a7:6c:0b:ae:98:3a:f6:b1:97:58:1f:3f:
        b3:38:62:bd:32:b0:f9:c3:a5:6a:ff:94:93:3d:f7:4f:
        7a:c2:46:ff:ab:25:5f:b1:70:8f:80:3f:92:98:80:bd:
        25:d0:a5:96:3f:40:02:81:c5:c2:10:ca:40:ad:51:61
    Fingerprint (SHA-256):
        31:C2:61:53:48:82:75:2A:E2:84:B2:A7:D3:82:E7:D4:39:86:3A:64:29:7D:83:4E:89:23:4F:AF:15:2F:C0:77
    Fingerprint (SHA1):
        FD:F0:8A:CB:65:B4:2B:30:54:F1:BF:FE:81:87:9D:D0:44:9A:4F:02
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #292: Certificate Basic Constraints Extension (3) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
n
-1
y
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:ba
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:57 2016
            Not After : Wed Sep 28 16:56:57 2016
        Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:03:20:82:f1:5b:54:22:26:1b:b3:e9:bc:64:6b:0a:
                    19:89:01:3f:2d:73:6c:11:44:30:71:01:d8:ca:b4:0d:
                    50:e7:c1:18:e7:d0:5c:eb:69:40:41:f3:f7:a5:ef:85:
                    0f:f1:04:0e:4e:3d:2b:76:60:fd:7e:aa:44:65:c0:ec:
                    91:22:f9:dd:ee:34:f5:df:db:f8:8d:9a:c8:79:8c:39:
                    3a:a3:8c:a7:5b:06:d1:49:01:65:22:e9:1a:7d:0a:a7:
                    a2:08:ac:e2:be:a1:30:56:4c:95:35:ce:d2:79:c3:f8:
                    51:9f:e9:2e:e1:2f:54:82:3b:bc:e7:fe:ad:23:8d:8d:
                    5c:c3:fa:59:d3:dd:97:8f:67:a5:85:42:81:d4:e3:1e:
                    e5:95:08:48:a0:13:c5:bb:34:1a:e7:1c:34:5b:33:b2:
                    55:c9:d0:78:1c:87:0f:bd:73:33:14:cf:36:23:25:67:
                    81:89:f3:6b:2a:16:3a:5e:75:e8:2d:6e:f5:29:25:5c:
                    7d:79:bd:2d:12:ea:af:f3:63:63:7a:2f:88:b7:81:59:
                    7c:5e:f8:b5:29:dc:57:e0:15:44:81:be:21:6d:02:a0:
                    48:7c:03:64:44:f0:e9:c8:e6:14:56:ae:3a:01:53:ca:
                    6f:26:05:19:34:6b:9b:3e:78:f1:39:b2:8c:61:48:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is not a CA.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:86:2f:88:0a:c0:5c:95:31:fd:66:ed:82:0e:44:e9:
        c6:07:f9:4e:0e:0b:4d:4f:12:0c:3e:46:98:23:8e:c1:
        8b:da:32:ec:72:c0:38:78:89:d4:88:88:18:fb:95:3f:
        9c:68:08:81:d0:17:1f:7c:dc:f8:8a:e5:e5:d3:e1:43:
        72:5b:f0:96:e2:61:d2:23:1a:88:ca:6f:76:1d:e2:5e:
        2a:4b:fb:eb:3b:35:dc:ae:b4:4b:2b:96:73:92:53:02:
        a3:51:ad:3b:50:b1:f9:fe:5a:e5:9b:3e:57:e0:f6:f6:
        c4:9b:02:9b:9d:d7:01:f4:6c:ee:8b:66:d0:5d:be:7e:
        cb:63:32:b3:ae:a8:c6:c1:a9:62:fc:6b:cf:dd:5c:7a:
        3e:b0:29:44:2d:c0:16:7f:5a:5f:1e:c0:c3:b7:b9:b0:
        8c:3c:8f:70:7c:d9:4f:54:b8:77:a1:cb:9e:c7:03:64:
        99:83:5e:23:82:65:ab:ff:2a:d6:1f:fa:37:38:73:2e:
        09:15:45:be:19:6f:b2:3b:7b:5c:75:18:63:1c:3c:83:
        22:ab:21:e5:50:cc:f4:c5:a0:6c:1d:3b:c8:26:b0:4e:
        c1:e4:08:fd:53:84:73:d6:4c:18:03:e7:ec:c3:03:6b:
        87:d3:27:2f:70:fc:d8:46:a0:77:49:bf:59:03:98:53
    Fingerprint (SHA-256):
        A5:FE:B7:D7:C4:FE:49:D1:F6:69:7B:B4:2D:59:70:F6:97:69:96:F5:C0:6A:8F:EA:E0:B7:6C:7A:06:7D:84:D2
    Fingerprint (SHA1):
        41:92:03:E6:B1:7A:09:57:1B:3E:45:12:DA:0C:56:57:13:70:CB:4F
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #293: Certificate Basic Constraints Extension (4) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
y
12341235123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt5
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:cc
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:06 2016
            Not After : Wed Sep 28 16:57:06 2016
        Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:7a:a5:36:c0:0b:d8:3d:24:d5:b6:a8:18:43:08:dd:
                    fa:7c:3a:f1:c1:cf:1b:83:24:aa:37:8e:e5:6a:5c:d1:
                    c9:a0:a4:4f:16:8f:f0:a4:0b:5e:95:a9:23:9e:df:92:
                    9a:78:4f:c0:66:6b:fd:f6:6a:09:c0:c3:c4:8c:44:c4:
                    d9:06:9f:2f:00:2b:ae:02:24:ec:a9:33:54:6d:15:cc:
                    1d:56:c5:fa:0a:ba:4a:06:87:54:89:91:77:1c:0b:44:
                    c6:b5:37:0e:1d:85:be:34:f3:5d:f8:d9:9c:72:a4:6d:
                    f3:8f:61:2f:9b:c4:6b:99:13:9c:5c:94:22:79:59:9f:
                    e9:ec:af:5b:1b:8a:54:22:46:44:ff:b2:08:2c:ca:cd:
                    ea:cb:d7:a6:37:fc:5f:55:0b:6b:a5:c7:ad:41:cc:5f:
                    77:db:ea:60:d1:00:25:5f:05:17:00:fa:b2:0e:11:6e:
                    30:b6:40:13:1a:d2:66:07:cd:db:87:51:ee:74:12:35:
                    ab:4c:ce:8e:f3:ff:dd:64:98:6b:93:96:89:a0:5d:fa:
                    bd:40:56:6a:a1:38:27:36:9f:5e:75:90:f6:b9:02:12:
                    c7:b1:94:fb:31:9f:2d:c8:45:62:38:f6:74:25:6c:77:
                    c4:4d:04:2f:ed:0d:2a:61:0b:0f:68:6a:26:70:2c:19
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Key ID:
                12341235123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b6:b3:3e:f8:cf:61:b9:80:06:8a:37:09:93:64:4c:cb:
        4a:90:a9:e5:10:58:9f:ca:f7:47:a1:88:98:f2:4f:c2:
        f2:8a:47:7c:5f:6a:9c:8c:64:82:6c:51:78:a8:6b:59:
        25:f3:00:b7:5b:84:f8:06:03:71:3a:63:29:d9:ed:ad:
        3f:94:22:1a:51:eb:00:b5:cd:0f:d8:1c:b2:ba:bd:ae:
        a4:3e:c9:a0:91:46:f8:cb:12:ff:7a:b0:03:0b:49:81:
        85:64:5e:ce:ac:a7:d8:b2:55:ee:ea:ee:53:18:be:43:
        df:18:d0:7c:32:18:8f:ba:ee:e3:9a:bb:96:db:db:1b:
        f3:52:b7:e2:b3:da:4b:96:7a:14:90:bd:88:67:13:3a:
        0e:1b:4a:3c:ea:73:17:59:90:6d:65:9a:a4:2f:95:a2:
        3d:33:34:c1:79:8e:df:78:44:43:51:d6:49:62:0b:12:
        02:85:30:13:59:c0:04:4a:67:87:33:c7:3c:a4:ef:6d:
        33:8f:0c:2e:7d:db:a6:87:e8:73:4d:97:a1:b0:3e:5c:
        da:c6:3e:59:6b:94:53:a6:27:59:be:ce:b5:80:ac:1c:
        42:d6:b4:10:1b:95:d4:8f:30:57:f5:1b:88:5f:cb:96:
        b1:ad:3f:e7:21:81:11:51:ff:16:db:48:53:1d:ac:f7
    Fingerprint (SHA-256):
        ED:29:CC:A3:16:E0:A6:DA:3F:04:A6:1F:75:DD:48:55:5A:FB:B1:90:E1:B2:CC:03:8A:1C:D2:4F:5F:24:EA:C3
    Fingerprint (SHA1):
        0F:40:82:77:F7:1B:10:6F:C4:68:D2:A8:36:9E:AF:85:56:19:35:33
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #294: Certificate Authority Key Identifier Extension (5) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
y
3
test.com
214123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt6
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:dd
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:09 2016
            Not After : Wed Sep 28 16:57:09 2016
        Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e0:ff:cb:03:a8:14:f2:e2:74:df:c2:0d:a3:ec:11:13:
                    58:40:28:24:95:43:0b:9b:1b:71:3d:97:6c:44:cc:4e:
                    3b:4b:01:a2:34:82:a8:00:85:e5:75:79:fe:c3:e9:1f:
                    b1:5a:86:17:f0:b1:58:dd:e0:39:38:4f:b4:b5:b4:98:
                    b8:ac:41:df:a7:6d:66:63:41:d2:c9:2d:11:21:ea:d0:
                    08:39:46:a1:e1:c5:4d:32:14:03:cf:d9:71:67:3a:f9:
                    7e:2c:72:ba:7a:18:60:da:ad:3f:df:f7:e6:59:76:85:
                    eb:0d:8b:a4:60:15:9f:cc:b8:75:98:37:38:99:50:70:
                    97:47:a7:cf:90:df:7c:99:9c:59:09:a6:8e:63:ee:81:
                    c8:60:fd:bc:8c:f6:98:70:ec:ba:c3:37:50:eb:db:e1:
                    42:4d:77:b7:b0:47:da:ff:5f:82:5d:ef:91:4b:38:39:
                    f5:9e:41:b0:75:6b:ec:5e:3b:b9:87:d9:e0:23:58:35:
                    ff:e1:ea:01:56:e3:df:76:b9:07:46:05:2f:3a:3c:34:
                    ec:a0:74:77:42:6d:3f:63:7f:55:24:5f:e7:4b:47:7b:
                    07:60:fd:80:25:fc:bc:54:f6:46:a4:55:f7:cb:23:d9:
                    8c:88:5b:35:46:ab:63:5b:f9:9a:23:59:c8:31:34:97
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Issuer: 
                DNS name: "test.com"
            Serial Number:
                214123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:c7:06:02:37:b7:e7:1c:f2:ec:9b:38:13:1d:9c:86:
        df:b1:25:c3:eb:2a:7b:c5:08:ea:86:a0:ad:b5:04:68:
        53:a1:90:d5:6a:e5:14:bb:ff:11:53:01:41:b3:23:b6:
        dc:f6:7a:d1:4f:4e:64:a5:1d:06:1a:e2:40:58:35:99:
        2f:5f:85:84:4b:3a:d0:c9:d1:26:da:70:a6:f4:78:90:
        b2:46:98:f8:87:b3:9b:b4:a1:10:e4:ac:15:ce:ef:09:
        10:14:95:75:a4:16:e7:37:f7:99:28:79:8a:75:d9:00:
        6a:4e:0d:3a:53:43:72:94:c0:a8:50:f4:5f:58:ba:3e:
        ab:79:c4:83:fd:05:cc:9c:f8:f6:ed:bf:61:6c:04:56:
        5a:fe:4d:fe:fa:15:b7:2b:b1:8b:59:38:95:81:66:a5:
        88:36:6f:7d:62:fc:6a:31:a4:a4:2c:99:bf:96:d4:40:
        8d:24:68:c3:65:07:97:41:1e:01:d9:84:29:28:1b:30:
        6a:63:d7:53:39:c6:1b:cc:be:6d:fc:fc:20:c5:5c:18:
        cc:8e:97:30:6b:0b:74:c9:f7:5f:ed:e9:a3:cc:73:80:
        6e:1a:a9:18:ce:7f:4c:a0:3b:d2:1b:0a:d0:bd:34:d6:
        0a:42:7a:35:70:50:93:1b:8f:0a:2e:2d:55:6e:bb:bd
    Fingerprint (SHA-256):
        CB:AF:26:67:50:B6:17:FB:9A:F3:93:45:B3:FB:B6:C8:EF:C1:5B:79:96:A9:7B:81:AE:78:C2:D4:8F:45:DE:B9
    Fingerprint (SHA1):
        83:C9:21:3A:46:82:9D:C9:4C:7E:5B:E6:37:0C:79:D7:B8:AB:81:B4
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #295: Certificate Authority Key Identifier Extension (6) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
1
2
rfc822@name.tld
3
test.com
8
1.2.3.4
9
OID.0.2.213
10
0
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt7
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:e3
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:15 2016
            Not After : Wed Sep 28 16:57:15 2016
        Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:3f:ae:98:ee:e7:d7:40:5c:41:e3:e2:85:a1:fc:7f:
                    15:eb:81:b4:fb:2c:93:a2:5a:5b:0f:64:06:b9:87:ac:
                    cf:98:49:b1:28:19:63:bd:d0:0a:5f:f7:6b:ff:f9:23:
                    c4:39:8e:32:73:68:ad:09:98:f8:51:0f:c9:1a:f4:3f:
                    e2:2a:5b:40:96:7e:70:8e:03:3c:4b:19:4d:3c:7a:10:
                    5a:ad:86:82:35:27:cd:48:2f:6b:25:00:84:f8:59:53:
                    56:2a:06:a2:56:76:4b:2b:64:1f:39:c9:9f:10:03:9f:
                    3f:1c:e2:12:6f:af:f6:83:8b:80:b3:29:64:bf:1a:f5:
                    d3:ec:20:08:bc:85:b3:ed:50:18:29:29:2b:bb:ab:44:
                    09:07:79:14:94:5f:5e:a5:2e:26:1d:36:13:a9:44:45:
                    0f:03:a4:81:34:01:43:81:9b:40:d7:31:a5:b4:58:d0:
                    cf:37:90:1b:72:d6:8e:64:98:e0:d5:2b:c0:c1:74:ff:
                    b4:4e:f6:13:04:b5:d4:51:f0:b4:7f:eb:4d:68:62:51:
                    90:10:7a:5b:ad:61:29:3a:58:43:a2:75:6a:b3:0c:4e:
                    4e:e7:7f:d5:e5:71:0d:8a:c3:9e:af:62:ac:5f:67:bc:
                    ab:3e:40:47:91:89:fd:8e:60:fa:1b:7f:c5:59:d7:e3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RFC822 Name: "rfc822@name.tld"
                DNS name: "test.com"
                IP Address:
                    87:07:31:2e:32:2e:33:2e:34
                Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51
                Reasons:
                    80
                    (7 least significant bits unused)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        16:94:03:5b:f7:5c:2b:db:5c:20:f9:af:e9:e1:ea:92:
        16:4d:fa:26:1e:2f:cc:3a:c7:db:9f:1e:f5:4f:1d:0e:
        9a:22:e0:23:38:de:06:7a:a7:1e:e5:49:3f:85:1f:d2:
        2f:c4:07:1f:a5:c0:b1:8e:d8:64:bf:9c:d4:15:27:a7:
        32:1f:e0:b9:69:08:52:da:61:3f:e0:13:1a:c3:46:b5:
        0d:44:00:43:30:1c:f5:aa:48:d3:4f:b2:b3:91:0a:ed:
        d8:7e:ba:fb:fd:be:79:c6:8c:49:df:99:57:02:e6:32:
        96:85:f3:d8:7b:9e:30:ae:4b:cb:f5:f6:56:3f:be:d7:
        1f:3e:30:b3:17:41:a5:d7:82:36:24:bb:a3:f6:39:ee:
        b7:66:92:5b:67:b9:2b:e3:1e:5c:a5:4c:e8:e3:d7:8d:
        f2:72:39:35:07:65:a8:26:34:42:60:79:3e:7e:ab:7c:
        aa:77:89:1d:bb:d2:3d:58:85:74:70:07:c3:f6:f7:83:
        d4:4d:a0:6d:de:76:78:c8:e3:53:dc:31:52:e7:ec:f8:
        78:0b:ee:23:14:7c:7a:46:23:51:20:1c:24:f2:4c:c7:
        82:1c:34:b3:ae:c5:47:7b:c3:47:c7:ad:99:d1:81:3e:
        58:c7:ed:d5:ab:94:b2:e9:b8:71:d6:6b:b5:fd:d1:3c
    Fingerprint (SHA-256):
        2B:B7:05:52:A1:E3:B7:A7:15:EF:FB:62:26:F8:55:77:D9:58:9E:6E:69:BB:01:91:C3:52:FE:83:7B:87:D4:88
    Fingerprint (SHA1):
        86:0A:2E:23:6D:20:F3:C6:54:CA:33:47:34:89:EB:EF:FB:C0:5E:35
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #296: CRL Distribution Points Extension (7) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
2
SN=asdfsdf
4
3
test.com
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > Enter the relative name: 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt8
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:ee
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:20 2016
            Not After : Wed Sep 28 16:57:20 2016
        Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    da:67:ed:f8:43:77:93:56:cf:ac:ba:18:6b:35:74:be:
                    df:c1:d9:44:eb:2b:c8:58:00:59:3f:c1:ad:11:ec:00:
                    82:ef:f0:94:4a:21:9c:f6:68:e7:68:60:f5:c7:18:14:
                    31:31:b7:85:48:10:b6:1e:6f:03:11:d7:9a:3d:13:f4:
                    3c:ee:61:bf:7d:b9:0a:1b:2b:b9:e0:74:0b:83:6a:c6:
                    9e:7b:80:2d:37:48:6a:2b:5b:fa:ae:97:27:30:6e:5f:
                    87:00:0f:88:c0:ca:cb:ec:bc:9f:06:83:0e:ed:39:01:
                    eb:98:2f:4d:68:bf:90:2b:88:bf:ba:73:80:b3:87:17:
                    c5:24:b1:c2:bc:d8:9f:69:73:64:28:de:0d:c8:ad:8c:
                    98:9c:9e:7c:3c:b8:7c:e6:fd:a6:50:41:81:83:b5:06:
                    fa:4e:02:dc:4d:27:cb:e5:7f:23:a9:45:8c:9a:01:37:
                    24:aa:bc:56:23:f8:9b:48:6e:5a:ec:2d:b5:dd:9e:0b:
                    3d:1d:14:bb:65:4c:8d:0a:19:d4:72:25:1b:9e:c2:98:
                    03:b7:3d:fb:04:0b:69:23:68:2d:62:10:ce:cc:64:7a:
                    0b:28:6a:65:4c:a9:57:1a:97:aa:fd:72:6d:3a:dd:14:
                    07:ed:36:df:b5:76:c9:4e:f8:a0:bd:a4:a8:c4:bf:ed
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RDN: "SN=asdfsdf"
                Reasons:
                    08
                    (7 least significant bits unused)
                CRL issuer: 
                    DNS name: "test.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5e:7c:ea:62:a1:f5:e5:10:48:88:04:b1:9d:72:5d:e5:
        be:39:2a:9d:12:f0:9d:3a:6f:ca:1c:8a:d8:18:2c:c8:
        10:5f:38:44:be:8f:f4:3f:b7:7e:1a:84:56:5f:7c:4b:
        40:85:f6:99:35:fd:6a:c4:13:b3:aa:56:4a:e2:e4:1d:
        5c:42:9c:3b:27:be:62:0c:a8:00:ae:74:f9:c8:c5:38:
        9c:2e:37:e7:60:15:ae:4d:d9:a2:08:92:ae:d9:52:56:
        2b:f8:1a:f0:56:47:10:0a:ae:0a:db:11:e8:da:23:e4:
        10:1f:d7:48:1e:36:10:20:e9:f8:74:bc:e2:1c:43:be:
        21:14:48:94:01:a5:a2:58:6d:27:0d:42:59:fe:af:61:
        7d:29:bc:00:d0:5b:88:f5:1e:1c:b0:86:2b:7c:12:6a:
        2e:ea:b6:f6:d2:f6:80:b1:a1:76:9e:23:47:9b:a4:31:
        0e:f2:06:7a:1a:84:b0:7c:4f:15:8b:5e:a0:78:b1:24:
        15:e0:eb:89:aa:3b:7e:d0:a8:05:f1:6f:a5:4c:2d:44:
        ac:d2:24:1b:fb:64:43:06:18:73:43:da:a1:71:97:12:
        23:1a:6c:79:9c:9f:30:a0:0a:0c:f5:3c:fd:03:53:b0:
        e8:c2:20:05:17:e1:f5:e8:df:da:41:db:5b:5e:dd:cb
    Fingerprint (SHA-256):
        27:C1:76:41:0A:D2:CA:DD:B4:BC:81:AB:0C:67:CE:E7:59:7F:B0:74:59:06:06:3F:0C:5A:8E:59:48:75:F6:CE
    Fingerprint (SHA1):
        C4:F1:35:21:BE:B7:9B:90:D5:F5:EA:82:27:9A:17:91:CF:8A:46:29
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #297: CRL Distribution Points Extension (8) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
0
1
2
10
n
Generating key.  This may take a few moments...
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:30:f7
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:25 2016
            Not After : Wed Sep 28 16:57:25 2016
        Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:76:39:91:b0:b1:55:c6:7e:c1:f0:3a:7b:b9:4d:16:
                    44:10:82:70:04:26:a5:b0:55:f2:40:52:83:59:a7:df:
                    b9:d6:75:36:57:87:6a:38:b1:75:95:a0:95:2d:2b:79:
                    c0:4f:f1:39:22:16:09:c3:60:d1:98:c0:32:a0:12:4d:
                    23:f0:fb:82:87:c9:b2:c5:ed:cf:e6:73:d7:6d:db:d6:
                    4b:9f:9f:35:74:ac:84:6d:e2:ff:0d:14:ff:57:d3:00:
                    3c:71:76:26:2f:e1:ef:4f:49:d5:4b:1d:c3:22:8b:11:
                    1e:f0:f0:72:6e:55:c9:70:67:a1:98:a9:97:ba:e0:f4:
                    c5:e0:93:4e:2a:17:6a:05:35:63:8d:73:d8:8d:1a:18:
                    b4:7d:76:2a:46:d3:37:a5:5c:05:4f:53:a2:6a:8a:7d:
                    10:50:40:52:d0:02:ba:9a:11:43:49:da:43:5a:9e:32:
                    af:6d:3f:a6:c1:60:26:45:22:c5:c5:f0:2d:fa:f8:3a:
                    5b:a8:d4:8b:de:8c:a6:34:6d:7b:8a:61:95:89:24:f0:
                    6b:99:ba:2a:7f:30:c3:3a:35:b5:4f:22:16:aa:47:0a:
                    b5:6f:06:98:61:b8:19:d9:1b:cb:e4:c2:c0:56:d2:cb:
                    7e:c0:ea:be:6b:ec:88:44:06:6f:5c:30:37:32:b9:f5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL Client,SSL Server,S/MIME>
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:dd:0c:10:03:cb:96:8f:e5:22:40:93:57:56:a9:0c:
        7f:ae:4f:94:32:63:45:7d:8e:d9:64:41:50:6c:c1:a5:
        64:68:17:03:a7:72:08:87:ab:5e:b2:cc:f2:9c:cd:19:
        8b:49:2b:34:1c:2c:c1:7b:4f:f5:08:e0:f0:21:eb:a8:
        5d:c9:c8:7c:93:33:74:1d:85:ea:c7:9f:c6:ee:54:06:
        39:0a:20:96:7a:dc:8b:0f:b1:ba:ba:bc:80:f6:af:01:
        bb:95:ae:b6:41:68:49:ae:43:a4:ab:7a:7e:a6:16:5f:
        c2:26:e8:5e:57:4f:47:45:30:36:2c:ad:04:76:68:83:
        c8:d1:66:46:94:0d:8f:a7:d4:d0:82:8a:f1:1f:a1:cd:
        39:68:ed:ad:68:13:00:25:5c:c1:a8:02:b2:18:83:59:
        98:35:54:e8:53:f0:ff:01:35:f3:88:5c:61:73:94:00:
        98:b6:17:86:f4:6c:84:b2:f1:b4:ce:76:f6:b8:3a:34:
        68:55:b5:fe:c1:a4:45:b8:12:ab:bc:b0:c1:98:2b:8b:
        a7:6d:68:7b:b2:6a:b4:5e:f7:d7:ae:a8:28:70:97:31:
        8e:80:be:a0:f0:75:2b:29:aa:4f:7e:64:04:bb:e5:e1:
        4f:35:24:04:c1:72:e4:04:7f:05:d5:c2:3a:b4:94:b1
    Fingerprint (SHA-256):
        B4:34:43:D9:80:F8:51:DE:93:94:1B:EC:97:9B:BC:1C:FA:54:66:69:5C:A2:4B:E7:62:58:74:FB:05:CF:02:44
    Fingerprint (SHA1):
        94:6C:C8:1E:CD:0A:79:12:63:03:64:FD:59:5D:93:EE:BE:92:51:CE
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #298: Certificate Type Extension (9) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt10
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:31:00
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:28 2016
            Not After : Wed Sep 28 16:57:28 2016
        Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ea:6c:a8:ed:7d:c6:4d:52:0a:4c:e5:97:61:a9:a0:c0:
                    c9:13:98:0f:10:f9:81:23:2c:2e:f4:6c:f3:5c:c2:6f:
                    90:6a:55:4b:de:ec:b4:64:7c:1a:3e:3b:d8:16:7f:dd:
                    4a:3c:d1:e5:56:31:b1:32:84:fa:be:bc:9d:b2:cd:db:
                    bb:57:e4:7e:0a:be:e6:f7:85:8c:35:87:23:58:1f:06:
                    89:3b:31:8f:15:e7:f6:5f:f8:e3:4f:2c:66:08:ae:5a:
                    4c:44:f7:ce:8e:3b:73:96:ca:02:91:8c:f8:a3:2c:85:
                    a0:70:41:44:b9:e6:1f:10:8d:7e:c3:44:84:1e:0c:60:
                    18:32:df:27:2a:2c:5a:44:c0:3d:27:8f:e5:75:f7:01:
                    0f:5c:9c:6b:b6:30:90:9c:4b:30:82:f6:25:0e:e7:63:
                    39:57:7d:ef:05:2a:34:e2:15:66:dd:25:77:f6:08:21:
                    7b:ad:8e:07:b2:af:f8:4e:e4:fd:92:d2:8c:31:a9:74:
                    aa:da:ba:c8:8f:59:7c:57:19:a1:10:47:df:b5:b4:0c:
                    68:1a:0e:06:b0:86:eb:7e:30:e2:06:13:ab:bd:11:63:
                    d7:b4:ca:05:e1:4e:07:08:c0:38:68:d8:60:b2:56:d1:
                    37:76:37:4b:67:de:d0:a9:17:36:4b:04:40:86:2a:49
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Extended Key Usage
            Critical: True
                TLS Web Server Authentication Certificate
                TLS Web Client Authentication Certificate
                Code Signing Certificate
                E-Mail Protection Certificate
                Time Stamping Certifcate
                OCSP Responder Certificate
                Strong Crypto Export Approved
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bd:3f:b0:38:50:3b:0a:c6:ca:27:d1:02:c1:c1:68:0c:
        ae:d6:c9:53:25:76:8c:6c:a9:bd:71:7f:81:58:59:57:
        15:54:09:e1:64:58:5a:54:34:c2:4b:98:9c:63:56:95:
        22:ba:eb:87:16:5b:16:bf:b3:7b:77:65:a8:4b:12:13:
        ec:f8:4f:42:b6:65:d7:36:8e:95:42:0f:f6:25:5d:b0:
        40:17:c9:10:59:54:a5:d9:69:ea:03:a3:93:18:2d:96:
        a8:9f:9f:d0:0e:ea:52:6f:b4:44:43:2b:a0:65:4f:45:
        62:49:3b:4e:b0:dd:54:38:b7:0a:17:2f:ca:28:a7:12:
        4f:60:af:bb:e4:e6:15:33:1e:68:db:29:e7:fd:c7:4d:
        5f:04:f4:19:85:10:58:80:37:39:50:7b:bf:1f:e1:23:
        f3:65:39:7b:a1:ed:07:d6:7c:8c:24:ff:70:82:f0:00:
        e0:b5:e7:6f:e5:c6:6b:ee:14:59:4d:75:6c:be:4f:91:
        e1:e5:0a:f8:d7:19:a6:c7:0c:6a:f1:b0:6a:6f:d6:15:
        d0:58:7b:05:28:9b:81:83:2b:54:fc:84:f7:1f:89:d8:
        59:21:9f:8f:32:70:1b:7d:a2:c3:ad:74:73:51:09:f9:
        da:cc:68:c1:48:ad:60:8e:4e:46:c3:e4:bf:50:7d:2c
    Fingerprint (SHA-256):
        05:C1:42:3F:95:1E:AD:6B:9E:EC:09:EF:46:FA:31:6F:DE:9C:ED:DF:DA:76:DA:0F:C2:6D:61:C2:0E:A9:5D:23
    Fingerprint (SHA1):
        61:DC:AB:C1:5E:EF:05:D1:2F:55:39:83:B5:08:AE:0C:97:D9:D7:13
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #299: Extended Key Usage Extension (10) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/test.args
certutil options:
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -L -n TestExt11
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:31:06
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 16:57:33 2016
            Not After : Wed Sep 28 16:57:33 2016
        Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:d0:83:c9:10:c7:f0:8f:61:09:bb:ce:f3:8d:10:7d:
                    a7:32:01:e4:e1:4e:4f:d7:4f:87:ae:18:71:5c:17:d5:
                    22:c3:64:88:54:f4:7b:e5:bb:3f:1a:0a:b1:83:c9:4c:
                    dc:1a:0e:f0:b2:ee:ef:93:9c:e0:6c:7c:44:b4:66:06:
                    ee:87:96:92:a7:3f:5c:58:0f:fb:7d:9f:d0:ca:c9:bd:
                    11:3e:30:49:82:da:97:28:b1:bf:2e:dc:d5:c1:c7:da:
                    99:19:8d:fc:b7:6e:a9:ad:69:07:d8:c9:18:ea:61:e7:
                    2f:4d:62:08:15:74:1f:5e:33:8d:b8:fe:09:8d:8a:a7:
                    05:4a:3c:b3:3a:84:fd:e4:4f:96:36:aa:e5:ce:89:26:
                    fb:b5:bc:2a:f8:ad:1c:37:1b:92:ca:43:a5:9c:bd:29:
                    19:9a:f4:33:60:7b:8a:6f:46:17:df:0d:67:93:50:98:
                    6f:ad:d3:bc:e5:5a:0b:16:4f:a9:9e:9e:e6:4f:1a:55:
                    80:be:1d:fe:34:a5:52:e9:80:58:e3:62:da:59:19:95:
                    3a:cc:79:fb:e2:63:df:6a:be:a7:26:ae:82:29:ce:85:
                    7a:a6:1f:f1:25:f1:65:19:7b:9f:c0:26:a6:97:b8:c2:
                    9a:1c:53:70:54:3e:fc:2c:01:46:be:70:7f:33:86:a9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9b:fe:46:0f:60:7a:ed:23:73:67:12:e4:4f:b3:cb:6d:
        7a:8f:f7:54:7d:58:d6:c2:27:7d:85:6a:35:0a:03:4e:
        6b:49:6b:12:1c:f8:97:83:3b:74:02:2b:0d:12:6d:5c:
        b3:6f:75:94:3d:22:f9:41:af:7c:42:c4:68:0e:c4:0b:
        64:bf:b4:72:f0:98:0e:12:ef:d4:20:eb:ac:00:f2:d8:
        2f:d2:57:90:76:98:2c:d7:a8:06:df:85:a1:6b:a7:80:
        a6:ff:9d:a0:ef:c8:ce:25:ab:5a:b3:aa:ab:f1:96:d8:
        c1:10:33:cb:f3:58:68:d4:90:02:79:d6:de:b2:5d:d2:
        81:53:a4:89:ee:62:89:53:c8:ec:87:eb:b6:9f:af:56:
        9e:36:81:d9:2e:f3:6c:f4:0d:1c:f3:4d:50:f3:83:42:
        ad:ed:6b:87:38:a5:52:78:a4:aa:2f:86:92:29:c1:32:
        38:45:52:8b:cb:d9:71:f7:0b:d9:18:e3:48:2a:34:69:
        11:56:71:93:dc:36:3b:0f:84:37:51:e9:2b:47:e3:ea:
        7a:27:e4:f4:7a:32:0c:de:fb:8d:b7:a6:59:e6:d5:91:
        f3:1c:72:db:d7:0c:51:2e:05:2c:90:f6:3d:c8:b4:3d:
        f9:f5:5e:45:f1:85:86:02:f1:89:18:74:9c:0d:d5:e0
    Fingerprint (SHA-256):
        27:EA:E5:69:07:C2:49:A9:FB:AB:92:62:09:8D:FA:9D:7D:1B:CE:B2:43:2D:7F:D0:C0:67:2F:B7:A9:8E:68:5D
    Fingerprint (SHA1):
        F5:A3:54:F9:F3:13:82:F5:F2:37:9C:7B:7F:B6:7A:31:59:FB:9D:27
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #300: Certificate Key Usage Extension (11) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #301: create cert with invalid SAN parameter (12) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #302: create cert with invalid SAN parameter (13) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com
Generating key.  This may take a few moments...
cert.sh: #303: create cert with valid SAN parameter (14) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:31:2d
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 16:58:06 2016
            Not After : Wed Sep 28 16:58:06 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:ac:66:c9:01:98:92:40:bf:e7:31:c0:33:79:58:b7:
                    aa:da:97:4f:d3:e6:48:79:a8:ae:3e:e9:7a:66:87:21:
                    11:84:e0:c0:d4:98:5b:60:1f:92:51:0b:94:7c:fc:17:
                    dd:c5:ac:8c:94:f3:90:d6:95:dc:e1:4a:77:4f:39:56:
                    7d:58:f5:37:1d:15:34:e4:3e:7a:0a:61:06:bf:81:f4:
                    2b:dc:ce:2c:5e:91:f1:05:c9:21:bf:7f:9d:ee:16:8b:
                    07:b8:ec:07:f6:1a:fb:8b:ab:bb:ee:6c:24:81:b9:68:
                    77:4f:5c:b0:89:5b:d7:f7:1f:42:e9:25:ef:e9:b6:d8:
                    df:4d:d1:de:7e:f7:d0:c4:e2:7a:e0:88:f5:fa:90:25:
                    69:89:ce:c5:b1:9a:b6:a1:8f:e3:52:f8:24:ad:b3:92:
                    18:1a:ad:68:63:7e:72:59:5c:8a:0f:c4:32:79:1d:8e:
                    b7:53:b6:f2:79:fd:d6:25:e1:83:dc:77:b1:73:b2:5c:
                    8d:ac:d5:1e:02:38:eb:0e:93:f5:e9:67:b0:71:fe:22:
                    fb:d5:7b:7f:af:dd:e3:c1:84:b0:6a:ef:b6:b9:2d:4b:
                    13:4e:e0:9c:0c:dc:15:02:e6:7b:9c:9f:ec:05:2f:f0:
                    dd:e8:01:99:8f:5f:64:8d:c2:f2:bf:eb:c4:0f:d6:05
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b0:3c:49:ee:c8:49:b7:be:bc:2a:d6:8c:b9:54:1d:75:
        95:a0:46:f0:b9:6f:ad:42:59:96:e3:70:79:a1:1e:26:
        95:8c:6e:6e:14:8e:b8:00:2c:1e:bb:c8:b3:8f:bd:2b:
        22:f7:6c:b1:5c:fd:60:56:1f:c6:8a:0a:e0:7d:e1:d2:
        74:47:ba:21:f5:69:25:db:d7:98:3f:15:3e:1f:df:5c:
        03:78:a1:37:c6:08:d9:0f:c6:04:d5:33:3a:a2:6f:1d:
        3c:c1:e9:f4:d9:56:51:bd:e7:96:df:2a:c9:ce:51:1c:
        f3:da:e8:b1:fd:5e:4f:d2:79:4c:ba:13:81:88:ee:10:
        e7:62:7e:b9:01:7f:66:96:b5:4a:6e:de:c3:bc:4b:2a:
        c8:e9:5b:d5:4a:74:d4:bc:af:d7:0e:02:5a:5b:1b:31:
        5d:78:d2:ff:76:0f:fc:9e:a7:48:23:ab:b0:de:1f:fc:
        59:76:d2:3b:73:ed:b4:bc:73:19:c4:6d:e3:bc:77:59:
        db:1e:1b:e4:dd:48:31:74:78:ec:60:7f:28:c5:2c:b4:
        86:4c:ca:da:23:16:f2:04:76:e2:9b:0a:6a:fa:34:bb:
        fe:fe:d7:4f:c7:07:83:cb:6a:89:82:a1:3b:b9:ac:df:
        81:c6:d6:bd:39:f8:e5:b3:1b:f5:b8:4c:1d:92:3d:1f
    Fingerprint (SHA-256):
        95:65:D3:BA:78:B5:6A:25:81:62:74:4A:FE:54:94:B2:5A:3F:6C:54:E7:D1:29:75:F0:D9:04:01:8E:EE:3F:60
    Fingerprint (SHA1):
        0F:45:75:DF:4D:9E:0D:3E:F8:6D:4B:83:85:C4:1C:01:F7:A0:9A:C9
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #304: create cert with valid SAN parameter (15) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17
writing output to /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der
cert.sh: #305: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der (16) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #306: create cert with valid SAN parameter (17) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #307: expect failure to list cert, because we deleted it (18) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success
cert.sh: #308: create cert with invalid generic ext parameter (19) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success
cert.sh: #309: create cert with invalid generic ext parameter (20) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der: error 0: Success
cert.sh: #310: create cert with invalid generic ext parameter (21) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions/sanext.der
Generating key.  This may take a few moments...
cert.sh: #311: create cert with valid generic ext parameter (22) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:31:6a
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 16:58:31 2016
            Not After : Wed Sep 28 16:58:31 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:9c:a4:a4:1f:1a:a2:12:d1:50:1c:19:aa:50:52:a3:
                    4b:0b:bc:7a:9a:48:92:d3:06:94:f5:aa:29:a1:04:5c:
                    af:d6:09:bd:44:f4:16:29:43:e7:63:7c:39:39:f8:5a:
                    07:ed:50:de:3e:de:98:55:7b:fe:4d:9d:94:b6:cd:47:
                    d5:34:1a:52:1c:56:7e:2f:23:1f:e6:8f:a9:96:79:41:
                    ba:e3:22:76:cc:be:09:e9:c2:07:40:b2:f6:95:a8:bb:
                    e3:30:22:ca:39:be:a8:e0:c0:1f:61:9b:a7:38:e3:d4:
                    b8:4a:ca:59:20:68:d2:86:82:7a:ed:20:b2:b3:e0:d8:
                    1f:f9:1e:1c:e1:e8:cc:8c:01:2a:c6:9f:bf:a2:dc:20:
                    32:b7:ff:54:b4:e8:e2:db:97:7a:31:c0:44:1b:51:0b:
                    bc:b4:22:80:cd:26:50:f1:28:ee:91:a0:14:18:23:04:
                    09:da:52:92:7a:30:41:44:52:e2:2b:94:b4:99:4f:1f:
                    f6:ed:a2:bc:93:26:12:e5:64:bd:9c:70:35:d6:1d:df:
                    4e:a9:7c:61:95:58:b3:b4:20:2c:e4:e5:02:09:41:69:
                    e1:51:04:2b:dd:91:45:de:47:21:d0:c5:d8:63:20:51:
                    08:6b:97:32:26:fb:02:45:1d:f5:72:51:46:3d:08:f5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        aa:1c:86:3a:d2:04:4a:3f:5b:8c:ae:4f:d7:82:89:90:
        cc:07:e3:d2:54:38:74:05:c9:6f:02:4f:11:a5:5e:47:
        52:33:c5:d5:16:3c:84:25:d3:2e:7e:a0:f4:bd:79:0d:
        13:95:76:ae:ef:f1:d4:47:df:c0:79:80:bd:bd:8d:8e:
        64:a1:08:cb:16:57:e3:9d:84:c6:a9:00:af:92:1d:19:
        71:04:0b:62:13:6f:10:9b:ad:01:5c:87:6c:d2:1c:16:
        6a:06:ce:5e:7b:7a:e8:48:19:02:ed:d0:a7:66:be:2e:
        9f:3d:c2:b1:c5:21:3a:b2:63:53:88:3d:27:30:66:a0:
        9e:5b:a6:b5:84:12:d8:9a:2d:a2:d5:20:f8:4a:9e:09:
        14:a2:0d:c7:dd:3a:a7:db:38:d5:06:08:ac:76:e2:5e:
        5c:de:f4:b8:95:3f:a9:a4:d3:53:7b:dd:fb:45:40:04:
        da:f3:f6:4e:5a:5c:40:11:21:f5:fa:01:ab:23:05:94:
        76:54:fc:5d:68:cd:3d:9b:39:b3:9a:0c:b9:47:4e:82:
        b0:f3:5c:6d:26:b3:0f:d4:50:4a:97:71:bf:25:4b:95:
        03:5c:35:a6:4f:35:ff:d8:ca:28:e4:4c:7f:f1:dd:cc:
        58:6c:73:33:55:dd:fe:22:fb:78:12:a0:dd:98:3d:2e
    Fingerprint (SHA-256):
        AD:58:4D:5D:30:5A:21:76:42:4C:B3:B2:E6:0D:B2:66:19:11:49:48:B9:68:1F:F2:06:17:E1:27:42:EC:C3:06
    Fingerprint (SHA1):
        13:87:FB:A3:18:A6:32:26:70:D5:17:D9:4E:23:54:72:F6:93:D9:C3
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #312: create cert with valid generic ext parameter (23) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #313: create cert with valid generic ext parameter (24) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #314: expect failure to list cert, because we deleted it (25) - PASSED
cert.sh: Create A Password Test Cert  ==============
cert.sh: Create A Password Test Ca  --------
cert.sh: Creating a CA Certificate PasswordCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass
cert.sh: Creating CA Cert DB --------------------------
certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -f ../tests.pw
cert.sh: #315: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #316: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert PasswordCA  --------------------------
certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #317: Creating CA Cert PasswordCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -o root.cert
cert.sh: #318: Exporting Root Cert - PASSED
cert.sh: Changing password on Password Test Cert's Cert DB --------------------------
certutil -W -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -f ../tests.pw -@ ../tests.fipspw
Password changed successfully.
cert.sh: #319: Changing password on Password Test Cert's Cert DB - PASSED
cert.sh: Generate Certificate for Password Test Cert with new password --------------------------
certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -f ../tests.fipspw -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #320: Generate Certificate for Password Test Cert with new password - PASSED
cert.sh SUCCESS: PASSWORD passed
cert.sh: Verify Certificate for Password Test Cert with new password --------------------------
certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/dbpass -f ../tests.fipspw
certutil: certificate is valid
cert.sh: #321: Verify Certificate for Password Test Cert with new password - PASSED
cert.sh: Creating Distrusted Certificate
cert.sh: Initializing Distrusted's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
cert.sh: #322: Initializing Distrusted's Cert DB - PASSED
cert.sh: Loading root cert module to Distrusted's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #323: Loading root cert module to Distrusted's Cert DB - PASSED
cert.sh: Import Root CA for Distrusted --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -i ../CA/TestCA.ca.cert
cert.sh: #324: Import Root CA for Distrusted - PASSED
cert.sh: Import DSA Root CA for Distrusted --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -i ../CA/TestCA-dsa.ca.cert
cert.sh: #325: Import DSA Root CA for Distrusted - PASSED
cert.sh: Import EC Root CA for Distrusted --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -i ../CA/TestCA-ec.ca.cert
cert.sh: #326: Import EC Root CA for Distrusted - PASSED
cert.sh: Generate Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #327: Generate Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's Request --------------------------
certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw 
cert.sh: #328: Sign Distrusted's Request - PASSED
cert.sh: Import Distrusted's Cert --------------------------
certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #329: Import Distrusted's Cert - PASSED
cert.sh SUCCESS: Distrusted's Cert Created
cert.sh: Generate DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #330: Generate DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 2000 -v 60 -d ../CA -i req -o Distrusted-dsa.cert -f ../tests.pw 
cert.sh: #331: Sign Distrusted's DSA Request - PASSED
cert.sh: Import Distrusted's DSA Cert --------------------------
certutil -A -n Distrusted-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #332: Import Distrusted's DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #333: Generate mixed DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 22000 -v 60 -d ../CA -i req -o Distrusted-dsamixed.cert -f ../tests.pw 
cert.sh: #334: Sign Distrusted's DSA Request with RSA - PASSED
cert.sh: Import Distrusted's mixed DSA Cert --------------------------
certutil -A -n Distrusted-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #335: Import Distrusted's mixed DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #336: Generate EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request --------------------------
certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw 
cert.sh: #337: Sign Distrusted's EC Request - PASSED
cert.sh: Import Distrusted's EC Cert --------------------------
certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #338: Import Distrusted's EC Cert - PASSED
cert.sh SUCCESS: Distrusted's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #339: Generate mixed EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request with RSA --------------------------
certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw 
cert.sh: #340: Sign Distrusted's EC Request with RSA - PASSED
cert.sh: Import Distrusted's mixed EC Cert --------------------------
certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i Distrusted-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #341: Import Distrusted's mixed EC Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed EC Cert Created
cert.sh: Mark CERT as unstrusted --------------------------
certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
cert.sh: #342: Mark CERT as unstrusted - PASSED
cert.sh: Creating Distrusted Intermediate
cert.sh: Creating a CA Certificate DistrustedCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA
cert.sh: Creating CA Cert DistrustedCA  --------------------------
certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Is this a critical extension [y/N]?
cert.sh: #343: Creating CA Cert DistrustedCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -o root.cert
cert.sh: #344: Exporting Root Cert - PASSED
cert.sh: Import Distrusted Intermediate --------------------------
certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -i ../CA/DistrustedCA.ca.cert
cert.sh: #345: Import Distrusted Intermediate - PASSED
cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA --------------------------
certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #346: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED
cp: './req' and '/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA/req' are the same file
cert.sh: Sign LeafChainedToDistrustedCA's Request --------------------------
certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw
cert.sh: #347: Sign LeafChainedToDistrustedCA's Request - PASSED
cert.sh: Import LeafChainedToDistrustedCA's Cert  -t u,u,u --------------------------
certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #348: Import LeafChainedToDistrustedCA's Cert  -t u,u,u - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server --------------------------
certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #349: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client --------------------------
certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #350: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #351: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient --------------------------
certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #352: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder --------------------------
certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #353: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #354: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED
cert.sh: Verify Distrusted Cert for SSL Server --------------------------
certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #355: Verify Distrusted Cert for SSL Server - PASSED
cert.sh: Verify Distrusted Cert for SSL Client --------------------------
certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #356: Verify Distrusted Cert for SSL Client - PASSED
cert.sh: Verify Distrusted Cert for Email signer --------------------------
certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #357: Verify Distrusted Cert for Email signer - PASSED
cert.sh: Verify Distrusted Cert for Email recipient --------------------------
certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #358: Verify Distrusted Cert for Email recipient - PASSED
cert.sh: Verify Distrusted Cert for OCSP responder --------------------------
certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #359: Verify Distrusted Cert for OCSP responder - PASSED
cert.sh: Verify Distrusted Cert for Object Signer --------------------------
certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #360: Verify Distrusted Cert for Object Signer - PASSED
cert.sh: OCSP response creation selftest
cert.sh: perform selftest --------------------------
ocspresp /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/serverCA serverCA chain-1-serverCA -f ../tests.pw
cert.sh: #361: perform selftest - PASSED
cert.sh: Creating Client CA Issued Certificates Range 40 - 52 ===
cert.sh: Generate Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #362: Generate Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw 
cert.sh: #363: Sign TestUser40's Request - PASSED
cert.sh: Import TestUser40's Cert --------------------------
certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #364: Import TestUser40's Cert - PASSED
cert.sh SUCCESS: TestUser40's Cert Created
cert.sh: Generate DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #365: Generate DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o TestUser40-dsa.cert -f ../tests.pw 
cert.sh: #366: Sign TestUser40's DSA Request - PASSED
cert.sh: Import TestUser40's DSA Cert --------------------------
certutil -A -n TestUser40-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #367: Import TestUser40's DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #368: Generate mixed DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o TestUser40-dsamixed.cert -f ../tests.pw 
cert.sh: #369: Sign TestUser40's DSA Request with RSA - PASSED
cert.sh: Import TestUser40's mixed DSA Cert --------------------------
certutil -A -n TestUser40-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #370: Import TestUser40's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #371: Generate EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw 
cert.sh: #372: Sign TestUser40's EC Request - PASSED
cert.sh: Import TestUser40's EC Cert --------------------------
certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #373: Import TestUser40's EC Cert - PASSED
cert.sh SUCCESS: TestUser40's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #374: Generate mixed EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw 
cert.sh: #375: Sign TestUser40's EC Request with RSA - PASSED
cert.sh: Import TestUser40's mixed EC Cert --------------------------
certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser40-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #376: Import TestUser40's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #377: Generate Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's Request --------------------------
certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw 
cert.sh: #378: Sign TestUser41's Request - PASSED
cert.sh: Import TestUser41's Cert --------------------------
certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #379: Import TestUser41's Cert - PASSED
cert.sh SUCCESS: TestUser41's Cert Created
cert.sh: Generate DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #380: Generate DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 41 -v 60 -d ../CA -i req -o TestUser41-dsa.cert -f ../tests.pw 
cert.sh: #381: Sign TestUser41's DSA Request - PASSED
cert.sh: Import TestUser41's DSA Cert --------------------------
certutil -A -n TestUser41-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #382: Import TestUser41's DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #383: Generate mixed DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20041 -v 60 -d ../CA -i req -o TestUser41-dsamixed.cert -f ../tests.pw 
cert.sh: #384: Sign TestUser41's DSA Request with RSA - PASSED
cert.sh: Import TestUser41's mixed DSA Cert --------------------------
certutil -A -n TestUser41-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #385: Import TestUser41's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #386: Generate EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request --------------------------
certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw 
cert.sh: #387: Sign TestUser41's EC Request - PASSED
cert.sh: Import TestUser41's EC Cert --------------------------
certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #388: Import TestUser41's EC Cert - PASSED
cert.sh SUCCESS: TestUser41's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #389: Generate mixed EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw 
cert.sh: #390: Sign TestUser41's EC Request with RSA - PASSED
cert.sh: Import TestUser41's mixed EC Cert --------------------------
certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser41-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #391: Import TestUser41's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #392: Generate Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's Request --------------------------
certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw 
cert.sh: #393: Sign TestUser42's Request - PASSED
cert.sh: Import TestUser42's Cert --------------------------
certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #394: Import TestUser42's Cert - PASSED
cert.sh SUCCESS: TestUser42's Cert Created
cert.sh: Generate DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #395: Generate DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 42 -v 60 -d ../CA -i req -o TestUser42-dsa.cert -f ../tests.pw 
cert.sh: #396: Sign TestUser42's DSA Request - PASSED
cert.sh: Import TestUser42's DSA Cert --------------------------
certutil -A -n TestUser42-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #397: Import TestUser42's DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #398: Generate mixed DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20042 -v 60 -d ../CA -i req -o TestUser42-dsamixed.cert -f ../tests.pw 
cert.sh: #399: Sign TestUser42's DSA Request with RSA - PASSED
cert.sh: Import TestUser42's mixed DSA Cert --------------------------
certutil -A -n TestUser42-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #400: Import TestUser42's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #401: Generate EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request --------------------------
certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw 
cert.sh: #402: Sign TestUser42's EC Request - PASSED
cert.sh: Import TestUser42's EC Cert --------------------------
certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #403: Import TestUser42's EC Cert - PASSED
cert.sh SUCCESS: TestUser42's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #404: Generate mixed EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw 
cert.sh: #405: Sign TestUser42's EC Request with RSA - PASSED
cert.sh: Import TestUser42's mixed EC Cert --------------------------
certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser42-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #406: Import TestUser42's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #407: Generate Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's Request --------------------------
certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw 
cert.sh: #408: Sign TestUser43's Request - PASSED
cert.sh: Import TestUser43's Cert --------------------------
certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #409: Import TestUser43's Cert - PASSED
cert.sh SUCCESS: TestUser43's Cert Created
cert.sh: Generate DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #410: Generate DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 43 -v 60 -d ../CA -i req -o TestUser43-dsa.cert -f ../tests.pw 
cert.sh: #411: Sign TestUser43's DSA Request - PASSED
cert.sh: Import TestUser43's DSA Cert --------------------------
certutil -A -n TestUser43-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #412: Import TestUser43's DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #413: Generate mixed DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20043 -v 60 -d ../CA -i req -o TestUser43-dsamixed.cert -f ../tests.pw 
cert.sh: #414: Sign TestUser43's DSA Request with RSA - PASSED
cert.sh: Import TestUser43's mixed DSA Cert --------------------------
certutil -A -n TestUser43-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #415: Import TestUser43's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #416: Generate EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request --------------------------
certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw 
cert.sh: #417: Sign TestUser43's EC Request - PASSED
cert.sh: Import TestUser43's EC Cert --------------------------
certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #418: Import TestUser43's EC Cert - PASSED
cert.sh SUCCESS: TestUser43's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #419: Generate mixed EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw 
cert.sh: #420: Sign TestUser43's EC Request with RSA - PASSED
cert.sh: Import TestUser43's mixed EC Cert --------------------------
certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser43-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #421: Import TestUser43's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #422: Generate Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's Request --------------------------
certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw 
cert.sh: #423: Sign TestUser44's Request - PASSED
cert.sh: Import TestUser44's Cert --------------------------
certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #424: Import TestUser44's Cert - PASSED
cert.sh SUCCESS: TestUser44's Cert Created
cert.sh: Generate DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #425: Generate DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 44 -v 60 -d ../CA -i req -o TestUser44-dsa.cert -f ../tests.pw 
cert.sh: #426: Sign TestUser44's DSA Request - PASSED
cert.sh: Import TestUser44's DSA Cert --------------------------
certutil -A -n TestUser44-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #427: Import TestUser44's DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #428: Generate mixed DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20044 -v 60 -d ../CA -i req -o TestUser44-dsamixed.cert -f ../tests.pw 
cert.sh: #429: Sign TestUser44's DSA Request with RSA - PASSED
cert.sh: Import TestUser44's mixed DSA Cert --------------------------
certutil -A -n TestUser44-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #430: Import TestUser44's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #431: Generate EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request --------------------------
certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw 
cert.sh: #432: Sign TestUser44's EC Request - PASSED
cert.sh: Import TestUser44's EC Cert --------------------------
certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #433: Import TestUser44's EC Cert - PASSED
cert.sh SUCCESS: TestUser44's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #434: Generate mixed EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw 
cert.sh: #435: Sign TestUser44's EC Request with RSA - PASSED
cert.sh: Import TestUser44's mixed EC Cert --------------------------
certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser44-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #436: Import TestUser44's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #437: Generate Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's Request --------------------------
certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw 
cert.sh: #438: Sign TestUser45's Request - PASSED
cert.sh: Import TestUser45's Cert --------------------------
certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #439: Import TestUser45's Cert - PASSED
cert.sh SUCCESS: TestUser45's Cert Created
cert.sh: Generate DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #440: Generate DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 45 -v 60 -d ../CA -i req -o TestUser45-dsa.cert -f ../tests.pw 
cert.sh: #441: Sign TestUser45's DSA Request - PASSED
cert.sh: Import TestUser45's DSA Cert --------------------------
certutil -A -n TestUser45-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #442: Import TestUser45's DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #443: Generate mixed DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20045 -v 60 -d ../CA -i req -o TestUser45-dsamixed.cert -f ../tests.pw 
cert.sh: #444: Sign TestUser45's DSA Request with RSA - PASSED
cert.sh: Import TestUser45's mixed DSA Cert --------------------------
certutil -A -n TestUser45-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #445: Import TestUser45's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #446: Generate EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request --------------------------
certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw 
cert.sh: #447: Sign TestUser45's EC Request - PASSED
cert.sh: Import TestUser45's EC Cert --------------------------
certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #448: Import TestUser45's EC Cert - PASSED
cert.sh SUCCESS: TestUser45's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #449: Generate mixed EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw 
cert.sh: #450: Sign TestUser45's EC Request with RSA - PASSED
cert.sh: Import TestUser45's mixed EC Cert --------------------------
certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser45-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #451: Import TestUser45's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #452: Generate Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's Request --------------------------
certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw 
cert.sh: #453: Sign TestUser46's Request - PASSED
cert.sh: Import TestUser46's Cert --------------------------
certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #454: Import TestUser46's Cert - PASSED
cert.sh SUCCESS: TestUser46's Cert Created
cert.sh: Generate DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #455: Generate DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 46 -v 60 -d ../CA -i req -o TestUser46-dsa.cert -f ../tests.pw 
cert.sh: #456: Sign TestUser46's DSA Request - PASSED
cert.sh: Import TestUser46's DSA Cert --------------------------
certutil -A -n TestUser46-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #457: Import TestUser46's DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #458: Generate mixed DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20046 -v 60 -d ../CA -i req -o TestUser46-dsamixed.cert -f ../tests.pw 
cert.sh: #459: Sign TestUser46's DSA Request with RSA - PASSED
cert.sh: Import TestUser46's mixed DSA Cert --------------------------
certutil -A -n TestUser46-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #460: Import TestUser46's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #461: Generate EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request --------------------------
certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw 
cert.sh: #462: Sign TestUser46's EC Request - PASSED
cert.sh: Import TestUser46's EC Cert --------------------------
certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #463: Import TestUser46's EC Cert - PASSED
cert.sh SUCCESS: TestUser46's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #464: Generate mixed EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw 
cert.sh: #465: Sign TestUser46's EC Request with RSA - PASSED
cert.sh: Import TestUser46's mixed EC Cert --------------------------
certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser46-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #466: Import TestUser46's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #467: Generate Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's Request --------------------------
certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw 
cert.sh: #468: Sign TestUser47's Request - PASSED
cert.sh: Import TestUser47's Cert --------------------------
certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #469: Import TestUser47's Cert - PASSED
cert.sh SUCCESS: TestUser47's Cert Created
cert.sh: Generate DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #470: Generate DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 47 -v 60 -d ../CA -i req -o TestUser47-dsa.cert -f ../tests.pw 
cert.sh: #471: Sign TestUser47's DSA Request - PASSED
cert.sh: Import TestUser47's DSA Cert --------------------------
certutil -A -n TestUser47-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #472: Import TestUser47's DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #473: Generate mixed DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20047 -v 60 -d ../CA -i req -o TestUser47-dsamixed.cert -f ../tests.pw 
cert.sh: #474: Sign TestUser47's DSA Request with RSA - PASSED
cert.sh: Import TestUser47's mixed DSA Cert --------------------------
certutil -A -n TestUser47-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #475: Import TestUser47's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #476: Generate EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request --------------------------
certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw 
cert.sh: #477: Sign TestUser47's EC Request - PASSED
cert.sh: Import TestUser47's EC Cert --------------------------
certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #478: Import TestUser47's EC Cert - PASSED
cert.sh SUCCESS: TestUser47's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #479: Generate mixed EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw 
cert.sh: #480: Sign TestUser47's EC Request with RSA - PASSED
cert.sh: Import TestUser47's mixed EC Cert --------------------------
certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser47-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #481: Import TestUser47's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #482: Generate Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's Request --------------------------
certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw 
cert.sh: #483: Sign TestUser48's Request - PASSED
cert.sh: Import TestUser48's Cert --------------------------
certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #484: Import TestUser48's Cert - PASSED
cert.sh SUCCESS: TestUser48's Cert Created
cert.sh: Generate DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #485: Generate DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 48 -v 60 -d ../CA -i req -o TestUser48-dsa.cert -f ../tests.pw 
cert.sh: #486: Sign TestUser48's DSA Request - PASSED
cert.sh: Import TestUser48's DSA Cert --------------------------
certutil -A -n TestUser48-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #487: Import TestUser48's DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #488: Generate mixed DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20048 -v 60 -d ../CA -i req -o TestUser48-dsamixed.cert -f ../tests.pw 
cert.sh: #489: Sign TestUser48's DSA Request with RSA - PASSED
cert.sh: Import TestUser48's mixed DSA Cert --------------------------
certutil -A -n TestUser48-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #490: Import TestUser48's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #491: Generate EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request --------------------------
certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw 
cert.sh: #492: Sign TestUser48's EC Request - PASSED
cert.sh: Import TestUser48's EC Cert --------------------------
certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #493: Import TestUser48's EC Cert - PASSED
cert.sh SUCCESS: TestUser48's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #494: Generate mixed EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw 
cert.sh: #495: Sign TestUser48's EC Request with RSA - PASSED
cert.sh: Import TestUser48's mixed EC Cert --------------------------
certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser48-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #496: Import TestUser48's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #497: Generate Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's Request --------------------------
certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw 
cert.sh: #498: Sign TestUser49's Request - PASSED
cert.sh: Import TestUser49's Cert --------------------------
certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #499: Import TestUser49's Cert - PASSED
cert.sh SUCCESS: TestUser49's Cert Created
cert.sh: Generate DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #500: Generate DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 49 -v 60 -d ../CA -i req -o TestUser49-dsa.cert -f ../tests.pw 
cert.sh: #501: Sign TestUser49's DSA Request - PASSED
cert.sh: Import TestUser49's DSA Cert --------------------------
certutil -A -n TestUser49-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #502: Import TestUser49's DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #503: Generate mixed DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20049 -v 60 -d ../CA -i req -o TestUser49-dsamixed.cert -f ../tests.pw 
cert.sh: #504: Sign TestUser49's DSA Request with RSA - PASSED
cert.sh: Import TestUser49's mixed DSA Cert --------------------------
certutil -A -n TestUser49-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #505: Import TestUser49's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #506: Generate EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request --------------------------
certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw 
cert.sh: #507: Sign TestUser49's EC Request - PASSED
cert.sh: Import TestUser49's EC Cert --------------------------
certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #508: Import TestUser49's EC Cert - PASSED
cert.sh SUCCESS: TestUser49's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #509: Generate mixed EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw 
cert.sh: #510: Sign TestUser49's EC Request with RSA - PASSED
cert.sh: Import TestUser49's mixed EC Cert --------------------------
certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser49-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #511: Import TestUser49's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #512: Generate Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw 
cert.sh: #513: Sign TestUser50's Request - PASSED
cert.sh: Import TestUser50's Cert --------------------------
certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #514: Import TestUser50's Cert - PASSED
cert.sh SUCCESS: TestUser50's Cert Created
cert.sh: Generate DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #515: Generate DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o TestUser50-dsa.cert -f ../tests.pw 
cert.sh: #516: Sign TestUser50's DSA Request - PASSED
cert.sh: Import TestUser50's DSA Cert --------------------------
certutil -A -n TestUser50-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #517: Import TestUser50's DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #518: Generate mixed DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o TestUser50-dsamixed.cert -f ../tests.pw 
cert.sh: #519: Sign TestUser50's DSA Request with RSA - PASSED
cert.sh: Import TestUser50's mixed DSA Cert --------------------------
certutil -A -n TestUser50-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #520: Import TestUser50's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #521: Generate EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw 
cert.sh: #522: Sign TestUser50's EC Request - PASSED
cert.sh: Import TestUser50's EC Cert --------------------------
certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #523: Import TestUser50's EC Cert - PASSED
cert.sh SUCCESS: TestUser50's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #524: Generate mixed EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw 
cert.sh: #525: Sign TestUser50's EC Request with RSA - PASSED
cert.sh: Import TestUser50's mixed EC Cert --------------------------
certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser50-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #526: Import TestUser50's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #527: Generate Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's Request --------------------------
certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw 
cert.sh: #528: Sign TestUser51's Request - PASSED
cert.sh: Import TestUser51's Cert --------------------------
certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #529: Import TestUser51's Cert - PASSED
cert.sh SUCCESS: TestUser51's Cert Created
cert.sh: Generate DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #530: Generate DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 51 -v 60 -d ../CA -i req -o TestUser51-dsa.cert -f ../tests.pw 
cert.sh: #531: Sign TestUser51's DSA Request - PASSED
cert.sh: Import TestUser51's DSA Cert --------------------------
certutil -A -n TestUser51-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #532: Import TestUser51's DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #533: Generate mixed DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20051 -v 60 -d ../CA -i req -o TestUser51-dsamixed.cert -f ../tests.pw 
cert.sh: #534: Sign TestUser51's DSA Request with RSA - PASSED
cert.sh: Import TestUser51's mixed DSA Cert --------------------------
certutil -A -n TestUser51-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #535: Import TestUser51's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #536: Generate EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request --------------------------
certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw 
cert.sh: #537: Sign TestUser51's EC Request - PASSED
cert.sh: Import TestUser51's EC Cert --------------------------
certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #538: Import TestUser51's EC Cert - PASSED
cert.sh SUCCESS: TestUser51's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #539: Generate mixed EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw 
cert.sh: #540: Sign TestUser51's EC Request with RSA - PASSED
cert.sh: Import TestUser51's mixed EC Cert --------------------------
certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser51-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #541: Import TestUser51's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #542: Generate Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's Request --------------------------
certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw 
cert.sh: #543: Sign TestUser52's Request - PASSED
cert.sh: Import TestUser52's Cert --------------------------
certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #544: Import TestUser52's Cert - PASSED
cert.sh SUCCESS: TestUser52's Cert Created
cert.sh: Generate DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #545: Generate DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 52 -v 60 -d ../CA -i req -o TestUser52-dsa.cert -f ../tests.pw 
cert.sh: #546: Sign TestUser52's DSA Request - PASSED
cert.sh: Import TestUser52's DSA Cert --------------------------
certutil -A -n TestUser52-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #547: Import TestUser52's DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #548: Generate mixed DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20052 -v 60 -d ../CA -i req -o TestUser52-dsamixed.cert -f ../tests.pw 
cert.sh: #549: Sign TestUser52's DSA Request with RSA - PASSED
cert.sh: Import TestUser52's mixed DSA Cert --------------------------
certutil -A -n TestUser52-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #550: Import TestUser52's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #551: Generate EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request --------------------------
certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw 
cert.sh: #552: Sign TestUser52's EC Request - PASSED
cert.sh: Import TestUser52's EC Cert --------------------------
certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #553: Import TestUser52's EC Cert - PASSED
cert.sh SUCCESS: TestUser52's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #554: Generate mixed EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw 
cert.sh: #555: Sign TestUser52's EC Request with RSA - PASSED
cert.sh: Import TestUser52's mixed EC Cert --------------------------
certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/client -f ../tests.pw -i TestUser52-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #556: Import TestUser52's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed EC Cert Created
cert.sh: Creating CA CRL =====================================
cert.sh: Generating CRL for range 40-42 TestCA authority --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or
cert.sh: #557: Generating CRL for range 40-42 TestCA authority - PASSED
cert.sh: Generating CRL (DSA) for range 40-42 TestCA-dsa authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -G -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or-dsa
cert.sh: #558: Generating CRL (DSA) for range 40-42 TestCA-dsa authority - PASSED
cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec
cert.sh: #559: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED
cert.sh: Modifying CA CRL by adding one more cert ============
cert.sh: Modify CRL by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or
cert.sh: #560: Modify CRL by adding one more cert - PASSED
cert.sh: Modify CRL (DSA) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or1-dsa -i ../server/root.crl_40-42_or-dsa
cert.sh: #561: Modify CRL (DSA) by adding one more cert - PASSED
cert.sh: Modify CRL (ECC) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec
cert.sh: #562: Modify CRL (ECC) by adding one more cert - PASSED
cert.sh: Modifying CA CRL by removing one cert ===============
cert.sh: Modify CRL by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #563: Modify CRL by removing one cert - PASSED
cert.sh: Modify CRL (DSA) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #564: Modify CRL (DSA) by removing one cert - PASSED
cert.sh: Modify CRL (ECC) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec
cert.sh: #565: Modify CRL (ECC) by removing one cert - PASSED
cert.sh: Creating CA CRL for groups 1 and 2  ===============
cert.sh: Creating CRL for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42
cert.sh: #566: Creating CRL for groups 1 and 2 - PASSED
cert.sh: Creating CRL (ECC) for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec
cert.sh: #567: Creating CRL (ECC) for groups 1 and 2 - PASSED
cert.sh: Creating CA CRL for groups 1, 2 and 3  ===============
cert.sh: Creating CRL for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48
cert.sh: #568: Creating CRL for groups 1, 2 and 3 - PASSED
cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec
cert.sh: #569: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED
cert.sh: Importing Server CA Issued CRL for certs  trough 52
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -D -n TestCA -f ../tests.pw -d ../server
crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #570: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server
cert.sh: #571: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server
crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #572: Importing CRL (ECC) for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server
cert.sh: #573: Importing CRL (ECC) for groups 1 - PASSED
cert.sh SUCCESS: SSL CRL prep passed
cert.sh cert.sh: finished cert.sh
TIMESTAMP cert END: Tue Jun 28 17:00:28 UTC 2016
Running tests for dbtests
TIMESTAMP dbtests BEGIN: Tue Jun 28 17:00:28 UTC 2016
dbtests.sh: CERT and Key DB Tests ===============================
---------------------------------------------------------------
| test opening the database read/write in a nonexisting directory
---------------------------------------------------------------
certutil: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
dbtests.sh: #574: Certutil didn't work in a nonexisting dir 255 - PASSED
dbdir selected is ./non_existent_dir
ERROR: Directory "./non_existent_dir" does not exist.
dbtest: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
dbtests.sh: #575: Dbtest readonly didn't work in a nonexisting dir 46 - PASSED
---------------------------------------------------------------
| test force opening the database in a nonexisting directory
---------------------------------------------------------------
dbdir selected is ./non_existent_dir
ERROR: Directory "./non_existent_dir" does not exist.
dbtests.sh: #576: Dbtest force succeeded in a nonexisting dir 0 - PASSED
---------------------------------------------------------------
| test opening the database readonly in an empty directory
---------------------------------------------------------------
tstclnt: unable to open cert database: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
dbtests.sh: #577: Tstclnt didn't work in an empty dir 1 - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/key3.db" does not exist.
dbtest: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
dbtests.sh: #578: Dbtest readonly didn't work in an empty dir 46 - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir
dbtests.sh: #579: Dbtest logout after empty DB Init has key - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir
dbtests.sh: #580: Dbtest password DB Init maintains needlogin state - PASSED
certutil: could not find certificate named "xxxx": SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #581: Certutil didn't work in an empty dir 255 - PASSED
---------------------------------------------------------------
| test force opening the database  readonly in a empty directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/emptydir/key3.db" does not exist.
dbtests.sh: #582: Dbtest force readonly succeeded in an empty dir 0 - PASSED
---------------------------------------------------------------
| test opening the database r/w in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir
ERROR: Directory "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db" is not writeable.
dbtest: function failed: SEC_ERROR_LEGACY_DATABASE: The certificate/key database is in an old, unsupported format.
dbtests.sh: #583: Dbtest r/w didn't work in an readonly dir 46 - PASSED
certutil: could not find certificate named "TestUser": SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #584: Certutil didn't work in an readonly dir 255 - PASSED
---------------------------------------------------------------
| test opening the database ronly in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db
dbtests.sh: #585: Dbtest readonly succeeded in a readonly dir 0 - PASSED
---------------------------------------------------------------
| test force opening the database  r/w in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir
ERROR: Directory "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db" is not writeable.
dbtests.sh: #586: Dbtest force succeeded in a readonly dir 0 - PASSED
---------------------------------------------------------------
| ls -l /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir
---------------------------------------------------------------
dr-xr-xr-x. 2 mockbuild mockbuild   4096 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir
-r--r-----. 1 mockbuild mockbuild   1221 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/TestUser-dsa.cert
-r--r-----. 1 mockbuild mockbuild   1424 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/TestUser-dsamixed.cert
-r--r-----. 1 mockbuild mockbuild    578 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/TestUser-ec.cert
-r--r-----. 1 mockbuild mockbuild    705 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/TestUser-ecmixed.cert
-r--r-----. 1 mockbuild mockbuild    870 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/TestUser.cert
-r--------. 1 mockbuild mockbuild 229376 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/cert8.db
-r--------. 1 mockbuild mockbuild 176128 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/key3.db
-r--r-----. 1 mockbuild mockbuild    393 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/req
-r--------. 1 mockbuild mockbuild  16384 Jun 28 17:00 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/ronlydir/secmod.db
---------------------------------------------------------------
| test creating a new cert with a conflicting nickname
---------------------------------------------------------------
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/conflictdir
certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database.
dbtests.sh: #587: Nicknane conflict test, could not import conflict nickname 255 - PASSED
---------------------------------------------------------------
| test importing an old cert to a conflicting nickname
---------------------------------------------------------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 40 (0x28)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:56:14 2016
            Not After : Mon Jun 28 16:56:14 2021
        Subject: "CN=Bob,E=Bob@bogus.com,O=BOGUS NSS,L=Mountain View,ST=Calif
            ornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b4:76:0f:ac:f3:cb:a3:a1:56:75:49:10:09:3a:e1:38:
                    c5:72:0b:b1:0e:f5:58:e0:a9:c1:03:42:2f:f2:4c:bc:
                    77:2c:83:a5:96:6c:19:9c:85:20:b1:2a:cf:a2:92:3d:
                    25:a6:09:66:91:8d:8a:f2:28:13:b8:d2:0a:dc:55:00:
                    73:cf:73:34:8f:25:a3:a3:1c:05:9f:93:60:79:e4:48:
                    18:d9:1d:0e:e0:d1:a4:f6:c3:ab:de:af:83:36:b6:8a:
                    04:35:11:b3:f4:e2:aa:47:6d:00:4f:78:9d:c3:81:1c:
                    d7:37:a3:76:82:5b:bd:17:03:bb:8a:cc:54:86:1e:2b:
                    7e:0f:ac:07:e0:44:77:d3:67:b7:ca:85:9e:4b:99:00:
                    5e:6d:7d:f6:bf:4a:c3:3c:5b:cc:d6:14:fc:6b:7d:56:
                    e7:93:94:16:bc:9b:df:0d:fe:33:42:58:e1:f1:6e:10:
                    8e:d9:5b:70:35:e7:f9:04:af:05:7b:88:d0:8f:12:b5:
                    0c:49:5c:30:8b:3b:c9:4a:96:2a:a1:b4:f5:94:08:98:
                    7b:6c:51:82:31:b1:ff:1c:c3:6b:62:9b:22:0a:13:5c:
                    c3:7a:4b:1a:54:fd:62:0a:44:2a:d3:f1:c7:0e:3f:2c:
                    18:9e:bb:c2:f1:20:24:c3:40:e7:42:be:d3:ca:73:77
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:54:47:5d:e9:37:8a:6e:31:ee:28:e3:8d:d2:f3:78:
        d6:1a:bb:58:6d:90:ff:3b:e2:45:ee:55:ba:3c:7a:12:
        42:e2:6d:34:3e:77:70:aa:3d:4e:2f:f6:57:ac:04:5a:
        a7:4b:1a:c7:75:37:1a:09:a8:a8:a2:5d:39:06:bf:15:
        a6:9d:a0:a1:23:49:30:3d:fb:f5:88:06:72:1d:2f:c9:
        73:8f:01:3a:0f:99:af:10:46:36:2c:a1:d7:c1:46:10:
        4e:07:df:af:32:b6:3d:c6:3c:22:18:25:5b:6a:d9:cb:
        95:79:45:27:6c:1c:aa:96:75:78:38:ee:d2:a9:e0:9c:
        d2:81:cd:cd:31:38:ba:ea:7b:66:72:1f:b3:6c:7f:ea:
        18:a4:75:b7:22:23:0d:5f:d0:4c:09:73:f3:31:c6:6e:
        18:50:39:c8:d6:d5:3e:24:e9:94:15:0e:22:b3:25:39:
        c1:82:5e:76:7a:9c:a6:51:17:4b:ae:99:64:3c:28:5c:
        64:63:b0:3a:92:93:db:84:99:4f:04:ac:21:04:34:5a:
        8d:0c:2d:ad:0d:5b:58:c6:da:c4:d4:96:df:5a:6b:a8:
        7e:24:8d:d5:e5:c6:f9:f3:a8:6a:4c:d8:4d:a5:f4:74:
        0a:d9:bb:a4:de:71:05:43:8a:e5:5a:fa:2d:5f:db:17
    Fingerprint (SHA-256):
        36:DF:42:63:60:F9:ED:87:0F:4C:BE:97:1F:8D:EB:93:5E:4B:34:F9:37:D6:6C:CC:64:DD:AF:C0:0B:70:AC:50
    Fingerprint (SHA1):
        F5:1E:64:AF:F8:28:E2:4E:7C:81:AC:49:AD:05:66:AC:1B:51:5E:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
dbtests.sh: #588: Nicknane conflict test-setting nickname conflict was correctly rejected - PASSED
TIMESTAMP dbtests END: Tue Jun 28 17:00:29 UTC 2016
Running tests for tools
TIMESTAMP tools BEGIN: Tue Jun 28 17:00:29 UTC 2016
tools.sh: Tools Tests with ECC ===============================
tools.sh: Exporting Alice's email cert & key - default ciphers
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #589: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                cd:a6:ed:61:aa:e6:b3:e0:34:81:98:fd:0f:4f:1c:dc
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #590: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #591: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's email EC cert & key---------------
pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \
         -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #592: Exporting Alice's email EC cert & key (pk12util -o)  - PASSED
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #593: Importing Alice's email EC cert & key (pk12util -i)  - PASSED
tools.sh: Listing Alice's pk12 EC file -----------------
pk12util -l Alice-ec.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice-ec
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                90:9e:07:81:2d:ad:e6:59:81:ab:e7:a4:27:a4:90:83
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 16:55:13 2016
            Not After : Mon Jun 28 16:55:13 2066
        Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor
            nia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:23
            EC Public Key:
                PublicValue:
                    04:01:10:1b:1a:1f:ab:08:ae:9d:6e:8e:83:b9:49:9a:
                    c4:23:d4:ed:fc:53:cc:62:e9:bc:ec:31:bd:cc:62:e4:
                    e7:88:b7:e8:31:5e:66:0b:cc:4f:85:7f:b8:15:bc:e0:
                    5f:e7:88:85:a5:00:66:58:93:70:e4:a6:25:2f:8e:ef:
                    c6:e5:86:01:d5:e8:83:f4:4d:f2:6a:24:fe:d2:1c:5c:
                    b8:79:9c:30:1a:fd:b0:69:50:29:fe:dc:a0:8b:b6:46:
                    c6:a9:09:91:e7:c3:12:d1:36:c1:e4:a8:a7:03:92:d7:
                    ac:46:7d:cc:c5:92:f7:41:29:a7:86:64:69:da:16:dd:
                    5c:2b:cc:1d:16
                Curve: SECG elliptic curve secp521r1 (aka NIST P-521)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:00:a7:11:22:08:bb:90:96:5e:2a:13:
        b3:a1:73:7b:d7:cf:5a:a7:4f:80:28:6c:08:17:36:32:
        99:95:b0:ce:f9:8d:b1:1a:37:f1:80:a7:59:f6:63:59:
        91:6b:b4:e2:aa:09:6f:5d:5a:b8:dc:84:58:e6:e0:62:
        72:29:4f:2d:b2:21:8a:02:42:01:7b:58:f1:95:9f:5d:
        d4:51:71:db:1a:78:27:a6:68:37:3d:3d:65:d1:d1:68:
        74:c8:1f:81:fa:e8:b7:6f:f4:9e:d6:1f:19:b4:14:00:
        5b:13:b1:b5:dd:ac:27:51:5a:d6:5c:b4:42:d3:90:1a:
        10:ea:b5:9c:db:ef:cf:e0:f5:dd:e0
    Fingerprint (SHA-256):
        0C:57:A0:03:3A:91:BF:37:97:C5:70:E1:CF:A9:C4:84:10:F1:51:5F:10:80:F6:37:87:3C:91:33:27:79:4E:69
    Fingerprint (SHA1):
        BC:D6:01:F5:1F:5E:E0:58:7E:A2:87:C1:6D:EB:62:E0:39:02:99:19
    Friendly Name: TestCA-ec
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:00 2016
            Not After : Mon Jun 28 16:56:00 2021
        Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S
            T=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:22
            EC Public Key:
                PublicValue:
                    04:ea:61:59:d9:f1:7a:44:53:f3:27:84:5a:95:73:04:
                    62:62:4a:e3:50:79:96:c0:26:a9:98:3e:70:6c:70:8d:
                    0e:53:75:5f:8e:fe:34:03:cb:4b:dc:a9:0b:9e:96:46:
                    74:71:f2:c0:40:ca:e2:a1:5e:ec:92:79:0c:96:45:9d:
                    0e:1a:c6:cb:44:e6:8d:96:6e:ce:e4:87:69:49:74:84:
                    c0:e7:a4:2a:c7:95:14:ad:90:e4:97:d8:91:26:40:1d:
                    2c
                Curve: SECG elliptic curve secp384r1 (aka NIST P-384)
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:00:91:7f:4a:7b:76:e7:17:50:56:af:
        6f:e5:c1:fe:16:df:e1:cc:ee:db:1c:76:57:ea:b6:7f:
        6e:dd:6c:ea:81:b4:52:ad:14:52:e0:cd:93:f8:55:95:
        50:21:91:0c:5c:71:5e:88:2b:2e:42:fe:3f:3c:19:4d:
        4d:fe:ef:c9:5b:aa:62:02:42:01:96:e1:36:c4:18:97:
        4b:6b:b1:32:dd:3b:22:2e:e5:d2:ea:94:3b:cd:65:58:
        c1:89:e2:07:0f:1f:21:73:f9:9f:32:3e:83:1f:ce:71:
        33:b6:ec:97:90:7d:bd:07:7f:eb:10:be:e0:f6:39:a7:
        20:a1:dd:82:06:2a:4d:58:88:f9:64
    Fingerprint (SHA-256):
        D1:D5:FF:42:91:73:9B:17:0A:40:B6:92:3A:D5:70:B9:01:6B:D3:69:98:17:A0:A9:38:7B:B5:71:8D:AC:51:4E
    Fingerprint (SHA1):
        33:C3:40:81:01:64:C1:78:E5:9F:DF:8F:8F:CF:1F:E0:ED:F0:5A:A3
    Friendly Name: Alice-ec
tools.sh: #594: Listing Alice's pk12 EC file (pk12util -l)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #595: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                0f:ac:df:ff:8d:56:52:e6:3b:e0:8f:62:d5:47:86:a2
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #596: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #597: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #598: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                42:b7:88:1d:58:d8:11:da:ca:9c:40:f2:34:41:0b:f0
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #599: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #600: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #601: Exporting with [RC2-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                c6:a4:10:62:5d:bd:69:e0:6e:df:86:47:89:07:c5:14
            Iteration Count: 2000 (0x7d0)
tools.sh: #602: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #603: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #604: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                99:0c:f5:c3:04:4d:d4:dc:a3:20:87:5f:28:e7:10:00
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #605: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #606: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #607: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f9:bd:cf:68:f8:cf:28:d5:f3:d4:64:b4:95:45:2e:e4
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #608: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #609: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #610: Exporting with [DES-EDE3-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                61:3f:fe:84:88:68:bd:05:ae:21:c7:80:bf:d3:6e:37
            Iteration Count: 2000 (0x7d0)
tools.sh: #611: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #612: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #613: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        ec:4b:2c:f5:e2:9d:a4:71:35:0d:fc:08:40:8e:a2:d9
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:ac:8d:bb:ff:98:b4:06:a0:18:33:98:8c:9f:81:
                    de:2b
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #614: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #615: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #616: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        75:39:30:18:6a:be:3c:ad:33:ba:85:8e:20:a9:71:4d
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:38:43:23:4f:eb:83:58:16:1f:52:e8:c0:29:ad:
                    44:b9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #617: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #618: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #619: Exporting with [AES-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        b2:d1:ce:18:a9:b3:a8:db:2f:f1:d4:8f:cf:98:17:ba
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:e0:b7:25:36:d7:de:a5:27:53:c3:25:33:1f:cf:
                    d8:e4
tools.sh: #620: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #621: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #622: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        23:e2:0b:1f:40:c3:b5:cd:50:80:22:ca:5c:74:22:88
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:a0:d6:ef:d7:91:e0:93:56:e1:23:b5:f7:e6:f2:
                    fc:35
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #623: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #624: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #625: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        69:80:71:43:c2:7a:28:8b:ba:5f:ad:5c:7f:5a:17:0e
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:34:3c:06:11:94:24:50:53:eb:cd:fe:ec:05:a6:
                    ca:3e
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #626: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #627: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #628: Exporting with [AES-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        ef:c6:27:08:0e:79:a7:06:2a:b7:36:40:84:37:7f:8e
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:10:8f:2b:62:9f:9c:1d:5f:ca:84:77:f0:86:d8:
                    ae:87
tools.sh: #629: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #630: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #631: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        3d:3f:bc:99:0f:8f:be:1e:c2:b9:69:50:af:80:ae:bf
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:3a:8a:2b:f7:98:49:e4:e4:36:55:a4:4f:22:37:
                    08:fc
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #632: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #633: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #634: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        a5:08:2b:0e:7c:64:74:9a:30:11:bf:a3:28:e7:8f:f6
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:74:35:77:2b:aa:da:04:ee:16:1e:73:50:b5:25:
                    4c:57
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #635: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #636: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #637: Exporting with [AES-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        c4:fb:16:d0:ef:97:af:09:13:72:16:6d:66:d3:ae:d5
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:b2:bb:cd:6e:11:cd:0e:5a:58:66:74:fe:24:48:
                    30:15
tools.sh: #638: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #639: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #640: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        cc:aa:1c:f1:2b:41:68:d6:87:e6:57:a0:e9:e8:ef:2a
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:b5:aa:79:ed:a9:28:87:1f:1e:da:68:fd:d7:c0:
                    3e:aa
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #641: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #642: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #643: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        2b:80:bb:77:bf:58:6f:76:f1:ad:d8:fb:c1:46:67:10
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:62:35:4f:64:64:c1:11:8a:1c:a7:9d:44:ad:a9:
                    a0:dd
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #644: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #645: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #646: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        70:80:bc:69:04:5c:ee:72:69:a5:8a:a6:cb:0a:6f:fc
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:fc:69:e3:fd:f2:df:0f:8d:2a:f7:51:d8:58:26:
                    48:99
tools.sh: #647: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #648: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #649: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        f2:83:d1:10:9f:85:9b:47:4a:18:61:38:28:ee:10:0c
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:0b:b9:a2:af:c3:74:84:77:8a:87:67:d1:0a:a9:
                    2c:db
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #650: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #651: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #652: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        39:ff:6a:d1:04:5f:40:a9:bc:b8:f5:cd:6a:a4:0a:bd
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:ca:b9:be:d9:c8:9b:1b:62:42:e9:3c:75:37:4e:
                    46:64
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #653: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #654: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #655: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        61:8b:86:bc:42:cc:b9:24:9a:33:e4:cf:30:23:23:67
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:9e:b9:10:e3:2b:9d:a1:bb:16:ba:2c:4a:83:8c:
                    f8:ad
tools.sh: #656: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #657: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #658: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        18:7f:48:b7:87:bf:a3:f0:58:70:7a:57:38:6a:e1:a8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:83:77:76:22:c3:4f:33:ed:1f:44:56:fb:36:5c:
                    7e:27
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #659: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #660: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #661: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        5b:a9:b7:75:d4:4e:89:f5:60:08:36:3b:4b:35:d0:c4
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:e1:7b:60:cc:4a:16:85:55:26:2b:3d:1d:4f:62:
                    85:f9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #662: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #663: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #664: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        bf:1b:45:b9:cc:3d:bf:6b:f0:80:5b:54:a1:ad:96:3e
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:61:ef:3f:bf:3f:37:ff:9b:03:85:5f:50:f5:08:
                    c0:6a
tools.sh: #665: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #666: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #667: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                2f:64:34:30:ec:15:ca:1b:c8:66:8e:58:a3:d8:ef:d8
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #668: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #669: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #670: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                51:6b:1d:45:f5:5a:c5:72:17:01:15:3c:ce:3d:e5:30
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #671: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #672: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #673: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                48:6f:a6:fa:f0:b8:27:0b:13:c3:de:38:5c:0e:73:66
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #674: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #675: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #676: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                2e:11:76:7c:63:32:9e:12:d7:81:56:d9:0d:9f:65:96
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #677: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #678: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #679: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                7f:4f:06:0a:4e:32:a2:63:96:8e:58:6a:3d:2f:72:f2
            Iteration Count: 2000 (0x7d0)
tools.sh: #680: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #681: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #682: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                23:e6:e0:ed:5f:04:f5:62:9e:d8:f6:3a:d8:66:d6:13
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #683: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #684: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #685: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                40:a8:0d:ce:e8:52:aa:1e:59:1a:46:cf:da:b5:0d:5b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #686: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #687: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #688: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                38:b4:1c:b5:03:4e:e8:4b:4c:5a:77:58:91:9c:f8:b9
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #689: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #690: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #691: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                fc:a2:9a:1a:2c:72:11:58:a8:eb:bb:91:ec:eb:4b:f7
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #692: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #693: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #694: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                b4:fb:f8:82:f7:bf:6a:8e:0a:78:a7:88:e7:11:9f:2a
            Iteration Count: 2000 (0x7d0)
tools.sh: #695: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #696: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #697: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                69:91:05:dd:28:5b:96:7f:ab:e7:fe:d5:26:53:f1:49
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #698: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #699: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #700: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                44:ef:56:b4:3a:a3:bb:01:23:07:a7:aa:c5:0c:90:18
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #701: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #702: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #703: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                3c:81:e2:0f:f6:45:28:1a:8a:f3:19:48:af:47:86:f3
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #704: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #705: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #706: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                a5:be:e2:a2:a8:dc:83:48:d1:88:8f:ef:41:a4:67:2c
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #707: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #708: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #709: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                21:2b:3d:dd:ee:c2:1c:ce:b3:fa:03:22:4c:be:d4:5e
            Iteration Count: 2000 (0x7d0)
tools.sh: #710: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #711: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #712: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                1d:f6:4b:00:ea:0b:ca:9a:23:52:fc:d7:c1:74:95:02
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #713: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #714: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #715: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                98:34:d1:f2:96:73:59:71:d8:10:2c:d6:ce:16:7a:16
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #716: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #717: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #718: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f7:c2:07:7e:4c:c1:d7:be:f0:20:c1:c0:c2:20:e6:dd
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #719: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #720: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #721: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                b2:75:dc:1e:08:0c:2f:f2:3c:c6:a6:0f:a9:a6:61:da
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #722: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #723: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:null]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #724: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                56:60:03:6d:c7:70:3d:d4:7b:70:4f:df:1d:65:06:9b
            Iteration Count: 2000 (0x7d0)
tools.sh: #725: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #726: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #727: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                e2:04:ad:e1:6d:51:39:2e:a9:fa:0d:89:90:69:4e:39
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #728: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #729: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #730: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                b4:ca:26:26:c1:db:22:cb:ad:d9:fa:f0:d9:ae:42:6b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #731: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #732: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #733: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                13:87:b3:49:6a:aa:c7:43:7d:64:23:71:c5:e6:de:f6
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #734: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #735: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #736: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                0c:72:29:86:d1:8a:08:04:79:05:59:28:43:18:08:6b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #737: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #738: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #739: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                1d:95:81:df:54:b4:79:41:2d:1b:3e:d4:0c:38:48:78
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #740: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #741: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #742: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                bc:67:f4:40:cf:72:fb:c2:70:71:6f:27:13:97:6c:87
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #743: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #744: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #745: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                2d:93:74:31:40:0b:47:22:64:57:c4:62:fd:5f:21:31
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #746: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #747: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #748: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                85:18:0f:d2:08:bf:02:af:82:bc:7a:b1:36:2e:ab:34
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #749: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #750: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #751: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f2:0b:8c:e0:97:7f:29:bf:9f:e5:cd:f6:72:20:92:0d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #752: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #753: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #754: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                e2:81:28:35:74:45:e0:02:f7:32:a5:96:34:73:69:13
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #755: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #756: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c null
pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm.
tools.sh: #757: Exporting with [null:default] (pk12util -o)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #758: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Create objsign cert -------------------------------
signtool -G "objectsigner" -d ../tools/signdir -p "nss"
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit the browser before continuing this operation. Enter 
"y" to continue, or anything else to abort: 
Enter certificate information.  All fields are optional. Acceptable
characters are numbers, letters, spaces, and apostrophes.
certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair
certificate request generated
certificate has been signed
certificate "objsigner" added to database
Exported certificate to x509.raw and x509.cacert.
tools.sh: #759: Create objsign cert (signtool -G)  - PASSED
tools.sh: Signing a jar of files ----------------------------
signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
adding ../tools/html/signjs.html to nojs.jar...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.jar...(deflated 26%)
Generating zigbert.sf file..
adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 37%)
adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 33%)
tree "../tools/html" signed successfully
tools.sh: #760: Signing a jar of files (signtool -Z)  - PASSED
tools.sh: Listing signed files in jar ----------------------
signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner
archive "nojs.jar" has passed crypto verification.
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
found a RSA signature file: META-INF/zigbert.rsa
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #761: Listing signed files in jar (signtool -v)  - PASSED
tools.sh: Show who signed jar ------------------------------
signtool -w nojs.jar -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #762: Show who signed jar (signtool -w)  - PASSED
tools.sh: Signing a xpi of files ----------------------------
signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
--> sign.html
Generating zigbert.sf file..
Creating XPI Compatible Archive 
adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 33%)
--> signjs.html
adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.xpi...(deflated 26%)
adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 37%)
tree "../tools/html" signed successfully
tools.sh: #763: Signing a xpi of files (signtool -Z -X)  - PASSED
tools.sh: Listing signed files in xpi ----------------------
signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner
archive "nojs.xpi" has passed crypto verification.
found a RSA signature file: META-INF/zigbert.rsa
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #764: Listing signed files in xpi (signtool -v)  - PASSED
tools.sh: Show who signed xpi ------------------------------
signtool -w nojs.xpi -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #765: Show who signed xpi (signtool -w)  - PASSED
TIMESTAMP tools END: Tue Jun 28 17:00:42 UTC 2016
Running tests for fips
TIMESTAMP fips BEGIN: Tue Jun 28 17:00:42 UTC 2016
fips.sh: FIPS 140 Compliance Tests ===============================
fips.sh: Verify this module is in FIPS mode  -----------------
modutil -dbdir ../fips -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal FIPS PKCS #11 Module
	 slots: 1 slot attached
	status: loaded
	 slot: NSS FIPS 140-2 User Private Key Services
	token: NSS FIPS 140-2 Certificate DB
  2. RootCerts
	library name: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so
	 slots: 1 slot attached
	status: loaded
	 slot: NSS Builtin Objects
	token: Builtin Object Token
-----------------------------------------------------------
FIPS mode enabled.
fips.sh: #766: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #767: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys -------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate
fips.sh: #768: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Attempt to list FIPS module keys with incorrect password
certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.fipsbadpw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
fips.sh: #769: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED
certutil -K returned 255
fips.sh: Validate the certificate --------------------------
certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw
certutil: certificate is valid
fips.sh: #770: Validate the certificate (certutil -V -e) . - PASSED
fips.sh: Export the certificate and key as a PKCS#12 file --
pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 EXPORT SUCCESSFUL
fips.sh: #771: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED
fips.sh: Export the certificate as a DER-encoded file ------
certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt
fips.sh: #772: Export the certificate as a DER (certutil -L -r) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #773: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Delete the certificate and key from the FIPS module
certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw
fips.sh: #774: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #775: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys.
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
certutil: no keys found
fips.sh: #776: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #777: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #778: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   FIPS_PUB_140_Test_Certificate
fips.sh: #779: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Delete the certificate from the FIPS module
certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate
fips.sh: #780: Delete the certificate from the FIPS module (certutil -D) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #781: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #782: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #783: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   FIPS_PUB_140_Test_Certificate
fips.sh: #784: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Run PK11MODE in FIPSMODE  -----------------
pk11mode -d ../fips -p fips- -f ../tests.fipspw
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
**** Total number of TESTS ran in FIPS MODE is 106. ****
**** ALL TESTS PASSED ****
fips.sh: #785: Run PK11MODE in FIPS mode (pk11mode) . - PASSED
fips.sh: Run PK11MODE in Non FIPSMODE  -----------------
pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
**** Total number of TESTS ran in NON FIPS MODE is 104. ****
**** ALL TESTS PASSED ****
fips.sh: #786: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED
mkdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest1.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
fips.sh: Detect mangled softoken--------------------------
mangling /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so
mangle -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle/libsoftokn3.so -o -8 -b 5
cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle
Changing byte 0x00033e94 (212628): from 01 (1) to 21 (33)
LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/fips/mangle dbtest -r -d ../fips
fips.sh: #787: Init NSS with a corrupted library (dbtest -r) . - PASSED
fips.sh done
TIMESTAMP fips END: Tue Jun 28 17:01:27 UTC 2016
Running tests for sdr
TIMESTAMP sdr BEGIN: Tue Jun 28 17:01:27 UTC 2016
sdr.sh: SDR Tests ===============================
sdr.sh: Creating an SDR key/SDR Encrypt - Value 1
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v1.14577 -t "Test1"
sdr.sh: #788: Creating SDR Key/Encrypt - Value 1  - PASSED
sdr.sh: SDR Encrypt - Value 2
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v2.14577 -t "The quick brown fox jumped over the lazy dog"
sdr.sh: #789: Encrypt - Value 2  - PASSED
sdr.sh: SDR Encrypt - Value 3
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v3.14577 -t "1234567"
sdr.sh: #790: Encrypt - Value 3  - PASSED
sdr.sh: SDR Decrypt - Value 1
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v1.14577 -t "Test1"
sdr.sh: #791: Decrypt - Value 1  - PASSED
sdr.sh: SDR Decrypt - Value 2
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v2.14577 -t "The quick brown fox jumped over the lazy dog"
sdr.sh: #792: Decrypt - Value 2  - PASSED
sdr.sh: SDR Decrypt - Value 3
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v3.14577 -t "1234567"
sdr.sh: #793: Decrypt - Value 3  - PASSED
TIMESTAMP sdr END: Tue Jun 28 17:01:28 UTC 2016
Running tests for crmf
TIMESTAMP crmf BEGIN: Tue Jun 28 17:01:28 UTC 2016
crmf.sh: CRMF/CMMF Tests ===============================
crmf.sh: CRMF/CMMF Tests ------------------------------
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode
crmftest v1.0
Generating CRMF request
Decoding CRMF request
crmftest: Processing cert request 0
crmftest: Processing cert request 1
Exiting successfully!!!
crmf.sh: #794: CRMF test . - PASSED
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf
crmftest v1.0
Doing CMMF Stuff
Exiting successfully!!!
crmf.sh: #795: CMMF test . - PASSED
TIMESTAMP crmf END: Tue Jun 28 17:01:28 UTC 2016
Running tests for smime
TIMESTAMP smime BEGIN: Tue Jun 28 17:01:28 UTC 2016
smime.sh: S/MIME Tests with ECC ===============================
smime.sh: Signing Detached Message {SHA1} ------------------
cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1
smime.sh: #796: Create Detached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #797: Verifying Alice's Detached Signature (SHA1) . - PASSED
smime.sh: Signing Attached Message (SHA1) ------------------
cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1
smime.sh: #798: Create Attached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1
smime.sh: #799: Decode Alice's Attached Signature (SHA1) . - PASSED
diff alice.txt alice.data.SHA1
smime.sh: #800: Compare Attached Signed Data and Original (SHA1) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------
cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1
smime.sh: #801: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #802: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------
cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1
smime.sh: #803: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1
smime.sh: #804: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED
diff alice.txt alice-ec.data.SHA1
smime.sh: #805: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Detached Message {SHA256} ------------------
cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256
smime.sh: #806: Create Detached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #807: Verifying Alice's Detached Signature (SHA256) . - PASSED
smime.sh: Signing Attached Message (SHA256) ------------------
cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256
smime.sh: #808: Create Attached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256
smime.sh: #809: Decode Alice's Attached Signature (SHA256) . - PASSED
diff alice.txt alice.data.SHA256
smime.sh: #810: Compare Attached Signed Data and Original (SHA256) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------
cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256
smime.sh: #811: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #812: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------
cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256
smime.sh: #813: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256
smime.sh: #814: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED
diff alice.txt alice-ec.data.SHA256
smime.sh: #815: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Detached Message {SHA384} ------------------
cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384
smime.sh: #816: Create Detached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #817: Verifying Alice's Detached Signature (SHA384) . - PASSED
smime.sh: Signing Attached Message (SHA384) ------------------
cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384
smime.sh: #818: Create Attached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384
smime.sh: #819: Decode Alice's Attached Signature (SHA384) . - PASSED
diff alice.txt alice.data.SHA384
smime.sh: #820: Compare Attached Signed Data and Original (SHA384) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------
cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384
smime.sh: #821: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #822: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------
cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384
smime.sh: #823: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384
smime.sh: #824: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED
diff alice.txt alice-ec.data.SHA384
smime.sh: #825: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Detached Message {SHA512} ------------------
cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512
smime.sh: #826: Create Detached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #827: Verifying Alice's Detached Signature (SHA512) . - PASSED
smime.sh: Signing Attached Message (SHA512) ------------------
cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512
smime.sh: #828: Create Attached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512
smime.sh: #829: Decode Alice's Attached Signature (SHA512) . - PASSED
diff alice.txt alice.data.SHA512
smime.sh: #830: Compare Attached Signed Data and Original (SHA512) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------
cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512
smime.sh: #831: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #832: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------
cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512
smime.sh: #833: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512
smime.sh: #834: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED
diff alice.txt alice-ec.data.SHA512
smime.sh: #835: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED
smime.sh: Enveloped Data Tests ------------------------------
cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \
        -o alice.env
smime.sh: #836: Create Enveloped Data Alice . - PASSED
cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1
smime.sh: #837: Decode Enveloped Data Alice . - PASSED
diff alice.txt alice.data1
smime.sh: #838: Compare Decoded Enveloped Data and Original . - PASSED
smime.sh: Testing multiple recipients ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \
        -r bob@bogus.com,dave@bogus.com
smime.sh: #839: Create Multiple Recipients Enveloped Data Alice . - PASSED
smime.sh: Testing multiple email addrs ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \
        -r eve@bogus.net
smime.sh: #840: Encrypt to a Multiple Email cert . - PASSED
cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2
smime.sh: #841: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED
cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3
smime.sh: #842: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED
cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4
smime.sh: #843: Decrypt with a Multiple Email cert . - PASSED
smime.sh: #844: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED
smime.sh: #845: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED
smime.sh: #846: Compare Decoded with Multiple Email cert . - PASSED
smime.sh: Sending CERTS-ONLY Message ------------------------------
cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \
        -d ../alicedir > co.der
smime.sh: #847: Create Certs-Only Alice . - PASSED
cmsutil -D -i co.der -d ../bobdir
smime.sh: #848: Verify Certs-Only by CA . - PASSED
smime.sh: Encrypted-Data Message ---------------------------------
cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \
        -r "bob@bogus.com" > alice.enc
smime.sh: #849: Create Encrypted-Data . - PASSED
cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \
        -o alice.data2
smime.sh: #850: Decode Encrypted-Data . - PASSED
smime.sh: #851: Compare Decoded and Original Data . - PASSED
smime.sh: p7 util Data Tests ------------------------------
p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env
smime.sh: #852: Creating envelope for user Alice . - PASSED
p7content -d ../alicedir -i alice.env -o alice_p7.data
smime.sh: #853: Verifying file delivered to user Alice . - PASSED
diff alice.txt alice_p7.data.sed
smime.sh: #854: Compare Decoded Enveloped Data and Original . - PASSED
p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e
smime.sh: #855: Signing file for user Alice . - PASSED
p7verify -d ../alicedir -c alice.txt -s alice.sig
Signature is valid.
smime.sh: #856: Verifying file delivered to user Alice . - PASSED
TIMESTAMP smime END: Tue Jun 28 17:01:33 UTC 2016
Running tests for ssl
TIMESTAMP ssl BEGIN: Tue Jun 28 17:01:33 UTC 2016
./ssl.sh: line 306: syntax error near unexpected token `('
./ssl.sh: line 306: `            echo "exp/ssl2/ssl3 test should fail: (NSS_NO_SSL2,EXP,SSL2,SSL3)=(${NSS_NO_SSL2},${EXP},${SSL2},${SSL3})"'
TIMESTAMP ssl END: Tue Jun 28 17:01:33 UTC 2016
Running tests for ocsp
TIMESTAMP ocsp BEGIN: Tue Jun 28 17:01:33 UTC 2016
ocsp.sh: OCSP tests ===============================
TIMESTAMP ocsp END: Tue Jun 28 17:01:33 UTC 2016
Running tests for merge
TIMESTAMP merge BEGIN: Tue Jun 28 17:01:33 UTC 2016
merge.sh: Merge Tests ===============================
merge.sh: Creating an SDR key & Encrypt
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #857: Creating SDR Key  - PASSED
merge.sh: Merging in Key for Existing user
certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #858: Merging Dave  - PASSED
merge.sh: Merging in new user 
certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #859: Merging server  - PASSED
merge.sh: Merging in new chain 
certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #860: Merging ext_client  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #861: Merging conflicting nicknames 1  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #862: Merging conflicting nicknames 2  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #4)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45 (0x2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:59:30 2016
            Not After : Mon Jun 28 16:59:30 2021
        Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c7:f5:6a:bc:f1:20:04:d2:2c:66:61:eb:2f:ff:51:71:
                    d4:a5:75:47:8c:ad:11:ab:2b:84:c6:4f:d6:c2:36:2b:
                    1b:8c:0b:ef:e7:ba:27:ff:d6:9c:c5:4f:02:0c:3a:35:
                    78:a4:70:bf:d7:76:6a:95:07:e6:43:c6:de:c9:ba:c8:
                    06:5d:46:7d:cb:d4:f5:46:20:28:e9:65:f7:44:60:f5:
                    a6:7f:ff:13:42:26:a3:52:c6:90:07:af:4d:38:3f:07:
                    6e:0c:bd:72:cb:d2:e3:24:9a:93:7c:0c:82:16:03:83:
                    22:aa:03:8b:91:05:f1:6f:df:b3:ec:7c:a9:bf:c1:7c:
                    4b:59:3e:d0:c7:a3:e3:f4:0a:02:24:27:da:09:e0:9a:
                    aa:a4:16:9a:76:e1:72:ed:0a:cd:25:36:41:5b:09:4d:
                    ba:7a:af:a6:3e:db:d5:10:81:21:7f:fc:ed:62:63:6d:
                    23:fd:0a:94:51:ad:34:95:ad:00:1d:b5:2b:50:65:07:
                    b9:7c:33:4c:1f:78:6d:b8:da:66:4a:3b:51:29:e9:e0:
                    46:4e:ef:3f:0d:e9:3d:d8:81:9f:9b:00:96:ae:78:67:
                    90:7f:37:f1:d2:77:f6:dc:5f:9b:24:28:7f:e5:d1:dc:
                    c7:34:8b:bf:7b:33:40:4a:ac:60:15:1a:d6:49:f6:45
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        76:8e:97:eb:d2:e2:a0:e4:18:06:4e:60:e7:9b:39:b4:
        21:76:26:ed:c9:66:64:a5:49:b3:3a:e0:ff:26:4b:72:
        38:71:26:2a:d5:aa:c5:d1:d3:4a:d7:56:60:46:fb:d2:
        cf:b1:9a:c2:ce:44:f3:a9:8d:57:d8:7d:6d:e6:a7:22:
        79:58:e0:5e:32:14:b2:2c:23:f0:cd:16:08:e9:66:7c:
        34:f5:62:5f:9a:60:66:85:09:51:82:e2:c4:fe:b4:cb:
        91:99:1f:87:44:46:67:b0:7c:be:0b:a9:a8:3f:8e:f6:
        14:02:95:4a:36:cf:ca:c0:98:41:b9:31:5f:71:74:15:
        9a:73:70:d1:11:89:9e:e7:96:e7:f7:71:c2:90:11:be:
        78:e8:cc:6c:45:53:75:f6:63:be:ba:59:e2:5c:9a:be:
        c6:5f:15:fd:2f:ff:0b:5c:05:ea:9c:f3:6c:dc:89:53:
        5b:b2:7f:12:6e:4b:5f:cc:37:79:a2:dc:88:7b:eb:24:
        0e:2f:12:1d:74:eb:48:25:29:bc:bd:9d:66:90:bc:84:
        c2:64:2f:a2:6c:6a:25:f8:25:56:56:13:e0:05:a9:7a:
        35:e5:ae:2a:b6:d7:d2:a5:a5:bd:b7:44:3f:d2:6a:15:
        80:f3:87:82:52:73:20:00:2d:40:20:0c:53:a3:fc:22
    Fingerprint (SHA-256):
        B7:4D:33:E4:38:9E:CB:8D:83:6C:0B:3E:3A:53:1B:57:E8:42:F6:ED:08:CF:B4:53:C8:61:1B:86:3E:07:BD:2D
    Fingerprint (SHA1):
        64:04:D6:97:DB:43:2A:A9:C2:1E:92:95:BB:13:DB:20:A9:14:6D:C0
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #863: Verify nicknames were deconflicted (Alice #4)  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #100)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:59:34 2016
            Not After : Mon Jun 28 16:59:34 2021
        Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:f3:b8:f4:56:66:f8:76:cc:dc:79:07:3a:73:a8:dc:
                    bc:f0:ac:90:a0:29:e3:34:e5:05:15:2a:00:e0:aa:fd:
                    51:4e:c0:c6:6a:c7:5a:b4:bc:81:08:dd:6b:96:34:ef:
                    75:46:c8:4f:0e:60:61:ff:34:0a:9e:43:2c:70:55:43:
                    68:d0:98:fb:d2:15:b4:9d:a3:b7:58:87:3e:1e:98:5d:
                    10:e9:35:9c:e3:e2:29:42:e2:b7:c7:2c:04:0f:07:dc:
                    e1:f7:50:d4:d7:99:81:aa:f8:24:09:62:46:81:f7:0a:
                    ac:6c:75:82:0b:fd:b5:3f:4c:2c:ca:fa:ce:80:89:72:
                    4c:f9:50:a5:a6:c5:82:72:85:ee:69:fb:7f:7e:c4:8f:
                    9d:d4:1b:59:7e:0b:e9:0a:16:c1:77:b0:41:c8:b9:be:
                    55:02:df:80:93:4b:f7:49:15:77:d3:98:dd:44:6c:0b:
                    76:26:61:43:9a:e1:93:1e:5c:d2:07:ca:78:90:35:f2:
                    53:70:f7:99:1e:91:84:9b:67:d2:17:df:76:e5:28:d5:
                    4f:aa:9a:4f:1b:f2:cb:07:c1:34:0d:57:db:70:67:c0:
                    86:09:8b:93:91:b8:ae:dc:67:75:ee:15:59:da:05:4c:
                    eb:b9:69:52:71:46:09:6d:c4:6b:93:ef:d1:0f:58:f1
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3c:04:86:ad:de:30:9d:6a:23:81:32:d8:6a:1f:ac:2c:
        e7:e4:2e:c8:6d:36:0f:5a:50:68:3c:2a:0d:d1:be:fc:
        f2:1f:9c:4e:7e:b7:a0:1d:53:c6:5e:9f:1e:02:4f:91:
        72:69:b2:2e:9c:cd:56:eb:99:d0:e4:f3:16:b2:31:0f:
        92:ec:be:96:34:94:a8:ac:b7:2d:fd:c7:09:b3:d9:3d:
        9b:ab:96:51:8e:2b:5e:8e:b9:9b:11:30:6e:86:04:62:
        e1:dc:4a:a1:21:e9:10:94:9c:69:3f:70:f3:6c:10:36:
        b0:66:37:f3:3e:41:37:c9:79:d2:8f:16:55:de:56:74:
        52:5a:3f:dd:92:9f:43:fc:8e:41:f9:f6:9d:0b:cf:de:
        e6:2a:24:26:f9:d4:e0:2d:d8:40:4e:9d:4b:4b:39:9b:
        4a:e2:c5:c5:dc:b6:d9:7c:39:c6:3f:59:73:b6:58:bc:
        10:f7:c0:eb:ea:20:87:68:d8:c4:ef:64:0c:c8:b4:ee:
        1f:5d:9a:1e:69:a8:4d:df:19:0e:f8:04:39:f6:01:df:
        b5:24:19:16:d5:b7:b8:7b:67:7f:65:32:61:d3:67:bf:
        ee:c7:8b:13:bb:9e:b7:f3:f1:8b:05:2e:7e:e0:b3:ab:
        21:b4:e8:34:bb:2e:9a:75:4b:a9:6c:ed:25:83:a0:c9
    Fingerprint (SHA-256):
        F7:44:3E:C7:CE:A8:23:AC:E0:91:CA:3C:0B:E9:F2:A7:2A:17:15:B9:13:FE:28:F1:97:66:C8:14:38:9D:D4:B9
    Fingerprint (SHA1):
        17:8E:63:C6:02:90:4E:96:59:99:6A:69:03:43:C2:A4:23:2D:48:A9
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #864: Verify nicknames were deconflicted (Alice #100)  - PASSED
merge.sh: Merging in SDR 
certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #865: Merging SDR  - PASSED
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
TestCA-dsa                                                   CT,C,C
Alice-ec                                                     u,u,u
Dave                                                         u,u,u
localhost.localdomain-dsamixed                               ,,   
serverCA-dsa                                                 C,C,C
chain-2-clientCA-ec                                          ,,   
Alice #1                                                     ,,   
Dave-dsa                                                     ,,   
localhost.localdomain-ecmixed                                ,,   
localhost-sni.localdomain-dsamixed                           ,,   
Alice #99                                                    ,,   
Alice-dsamixed                                               u,u,u
eve@bogus.com                                                ,,   
bob-ec@bogus.com                                             ,,   
localhost.localdomain                                        u,u,u
localhost-sni.localdomain-ecmixed                            ,,   
clientCA                                                     T,C,C
Alice #3                                                     ,,   
TestCA                                                       CT,C,C
TestCA-ec                                                    CT,C,C
Alice-ecmixed                                                u,u,u
Dave-ecmixed                                                 ,,   
localhost.localdomain-dsa                                    ,,   
localhost-sni.localdomain                                    u,u,u
localhost-sni.localdomain-ec                                 ,,   
ExtendedSSLUser                                              u,u,u
serverCA                                                     C,C,C
ExtendedSSLUser-ec                                           ,,   
serverCA-ec                                                  C,C,C
chain-1-clientCA                                             ,,   
clientCA-dsa                                                 T,C,C
chain-1-clientCA-ec                                          ,,   
Alice #2                                                     ,,   
Alice #4                                                     ,,   
Alice                                                        u,u,u
Dave-ec                                                      ,,   
localhost-sni.localdomain-dsa                                ,,   
ExtendedSSLUser-dsa                                          ,,   
ExtendedSSLUser-ecmixed                                      ,,   
chain-2-clientCA                                             ,,   
chain-1-clientCA-dsa                                         ,,   
Alice #100                                                   ,,   
Alice-dsa                                                    u,u,u
ExtendedSSLUser-dsamixed                                     ,,   
chain-2-clientCA-dsa                                         ,,   
bob@bogus.com                                                ,,   
Dave-dsamixed                                                ,,   
localhost.localdomain-ec                                     ,,   
clientCA-ec                                                  T,C,C
CRL names                                CRL Type
TestCA                                   CRL  
TestCA-ec                                CRL  
merge.sh: Decrypt - With Original SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #866: Decrypt - Value 3  - PASSED
merge.sh: Decrypt - With Merged SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests.v1.14577 -t Test1 -f ../tests.pw
merge.sh: #867: Decrypt - Value 1  - PASSED
merge.sh: Signing with merged key  ------------------
cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig
merge.sh: #868: Create Detached Signature Dave . - PASSED
cmsutil -D -i dave.dsig -c alice.txt -d . 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
merge.sh: #869: Verifying Dave's Detached Signature  - PASSED
merge.sh: verifying  merged cert  ------------------
certutil -V -n ExtendedSSLUser -u C -d .
certutil: certificate is valid
merge.sh: #870: Verifying ExtendedSSL User Cert  - PASSED
merge.sh: verifying  merged crl  ------------------
crlutil -L -n TestCA -d .
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US"
    This Update: Tue Jun 28 17:00:23 2016
    Entry 1 (0x1):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 16:54:43 2016
        Entry Extensions:
            Name: CRL reason code
    Entry 2 (0x2):
        Serial Number: 42 (0x2a)
        Revocation Date: Tue Jun 28 17:00:19 2016
    CRL Extensions:
        Name: Certificate Issuer Alt Name
        RFC822 Name: "caemail@ca.com"
        DNS name: "ca.com"
        Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo
            rnia,C=US"
        URI: "http://ca.com"
        IP Address:
            87:0b:31:39:32:2e:31:36:38:2e:30:2e:31
merge.sh: #871: Verifying TestCA CRL  - PASSED
TIMESTAMP merge END: Tue Jun 28 17:01:35 UTC 2016
Running tests for pkits
TIMESTAMP pkits BEGIN: Tue Jun 28 17:01:35 UTC 2016
pkits.sh: PKITS data directory not defined, skipping.
TIMESTAMP pkits END: Tue Jun 28 17:01:35 UTC 2016
Running tests for chains
TIMESTAMP chains BEGIN: Tue Jun 28 17:01:35 UTC 2016
chains.sh: Certificate Chains Tests ===============================
chains.sh: Creating DB OCSPRootDB
certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd
chains.sh: #872: OCSPD: Creating DB OCSPRootDB  - PASSED
chains.sh: Creating Root CA OCSPRoot
certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot  -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170136 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #873: OCSPD: Creating Root CA OCSPRoot  - PASSED
chains.sh: Exporting Root CA OCSPRoot.der
certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der
chains.sh: #874: OCSPD: Exporting Root CA OCSPRoot.der  - PASSED
chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #875: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database  - PASSED
chains.sh: Creating DB OCSPCA1DB
certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd
chains.sh: #876: OCSPD: Creating DB OCSPCA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der
certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US"  -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPCA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #877: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der  - PASSED
chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #878: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database
certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #879: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database  - PASSED
chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #880: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database  - PASSED
chains.sh: Creating DB OCSPCA2DB
certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd
chains.sh: #881: OCSPD: Creating DB OCSPCA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der
certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US"  -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPCA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #882: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der  - PASSED
chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #883: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database
certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #884: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database  - PASSED
chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #885: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database  - PASSED
chains.sh: Creating DB OCSPCA3DB
certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd
chains.sh: #886: OCSPD: Creating DB OCSPCA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der
certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US"  -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPCA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #887: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der  - PASSED
chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #888: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database
certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #889: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database  - PASSED
chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #890: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database  - PASSED
chains.sh: Creating DB OCSPEE11DB
certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd
chains.sh: #891: OCSPD: Creating DB OCSPEE11DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE11Req.der
certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US"  -R  -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #892: OCSPD: Creating EE certifiate request OCSPEE11Req.der  - PASSED
chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #893: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database
certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #894: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database  - PASSED
chains.sh: Creating DB OCSPEE12DB
certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd
chains.sh: #895: OCSPD: Creating DB OCSPEE12DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE12Req.der
certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US"  -R  -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #896: OCSPD: Creating EE certifiate request OCSPEE12Req.der  - PASSED
chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #897: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database
certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #898: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database  - PASSED
chains.sh: Creating DB OCSPEE13DB
certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd
chains.sh: #899: OCSPD: Creating DB OCSPEE13DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE13Req.der
certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US"  -R  -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #900: OCSPD: Creating EE certifiate request OCSPEE13Req.der  - PASSED
chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #901: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database
certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #902: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database  - PASSED
chains.sh: Creating DB OCSPEE14DB
certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd
chains.sh: #903: OCSPD: Creating DB OCSPEE14DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE14Req.der
certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US"  -R  -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE14Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #904: OCSPD: Creating EE certifiate request OCSPEE14Req.der  - PASSED
chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #905: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database
certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #906: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database  - PASSED
chains.sh: Creating DB OCSPEE15DB
certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd
chains.sh: #907: OCSPD: Creating DB OCSPEE15DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE15Req.der
certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US"  -R  -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE15Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #908: OCSPD: Creating EE certifiate request OCSPEE15Req.der  - PASSED
chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #909: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database
certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #910: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database  - PASSED
chains.sh: Creating DB OCSPEE21DB
certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd
chains.sh: #911: OCSPD: Creating DB OCSPEE21DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE21Req.der
certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US"  -R  -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #912: OCSPD: Creating EE certifiate request OCSPEE21Req.der  - PASSED
chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #913: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database
certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #914: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database  - PASSED
chains.sh: Creating DB OCSPEE22DB
certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd
chains.sh: #915: OCSPD: Creating DB OCSPEE22DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE22Req.der
certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US"  -R  -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #916: OCSPD: Creating EE certifiate request OCSPEE22Req.der  - PASSED
chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #917: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database
certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #918: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database  - PASSED
chains.sh: Creating DB OCSPEE23DB
certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd
chains.sh: #919: OCSPD: Creating DB OCSPEE23DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE23Req.der
certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US"  -R  -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #920: OCSPD: Creating EE certifiate request OCSPEE23Req.der  - PASSED
chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #921: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database
certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #922: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database  - PASSED
chains.sh: Creating DB OCSPEE31DB
certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd
chains.sh: #923: OCSPD: Creating DB OCSPEE31DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE31Req.der
certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US"  -R  -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE31Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #924: OCSPD: Creating EE certifiate request OCSPEE31Req.der  - PASSED
chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #925: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database
certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #926: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database  - PASSED
chains.sh: Creating DB OCSPEE32DB
certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd
chains.sh: #927: OCSPD: Creating DB OCSPEE32DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE32Req.der
certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US"  -R  -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #928: OCSPD: Creating EE certifiate request OCSPEE32Req.der  - PASSED
chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #929: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database
certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #930: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database  - PASSED
chains.sh: Creating DB OCSPEE33DB
certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd
chains.sh: #931: OCSPD: Creating DB OCSPEE33DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE33Req.der
certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US"  -R  -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OCSPEE33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #932: OCSPD: Creating EE certifiate request OCSPEE33Req.der  - PASSED
chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #933: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database
certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #934: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database  - PASSED
chains.sh: Create CRL for OCSPRootDB
crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628170256Z
nextupdate=20170628170256Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 17:02:56 2016
    Next Update: Wed Jun 28 17:02:56 2017
    CRL Extensions:
chains.sh: #935: OCSPD: Create CRL for OCSPRootDB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPRoot
crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628170257Z
addcert 2 20160628170257Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 17:02:57 2016
    Next Update: Wed Jun 28 17:02:56 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:02:57 2016
    CRL Extensions:
chains.sh: #936: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot  - PASSED
chains.sh: Create CRL for OCSPCA1DB
crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628170257Z
nextupdate=20170628170257Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:02:57 2016
    Next Update: Wed Jun 28 17:02:57 2017
    CRL Extensions:
chains.sh: #937: OCSPD: Create CRL for OCSPCA1DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628170258Z
addcert 2 20160628170258Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:02:58 2016
    Next Update: Wed Jun 28 17:02:57 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:02:58 2016
    CRL Extensions:
chains.sh: #938: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1  - PASSED
chains.sh: Revoking certificate with SN 4 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628170259Z
addcert 4 20160628170259Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:02:59 2016
    Next Update: Wed Jun 28 17:02:57 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:02:58 2016
    Entry 2 (0x2):
        Serial Number: 4 (0x4)
        Revocation Date: Tue Jun 28 17:02:59 2016
    CRL Extensions:
chains.sh: #939: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1  - PASSED
chains.sh: Create CRL for OCSPCA2DB
crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628170259Z
nextupdate=20170628170259Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:02:59 2016
    Next Update: Wed Jun 28 17:02:59 2017
    CRL Extensions:
chains.sh: #940: OCSPD: Create CRL for OCSPCA2DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628170300Z
addcert 2 20160628170300Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:03:00 2016
    Next Update: Wed Jun 28 17:02:59 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:03:00 2016
    CRL Extensions:
chains.sh: #941: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628170301Z
addcert 3 20160628170301Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:03:01 2016
    Next Update: Wed Jun 28 17:02:59 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:03:00 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 17:03:01 2016
    CRL Extensions:
chains.sh: #942: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2  - PASSED
chains.sh: Create CRL for OCSPCA3DB
crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628170301Z
nextupdate=20170628170301Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:03:01 2016
    Next Update: Wed Jun 28 17:03:01 2017
    CRL Extensions:
chains.sh: #943: OCSPD: Create CRL for OCSPCA3DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628170302Z
addcert 2 20160628170302Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:03:02 2016
    Next Update: Wed Jun 28 17:03:01 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:03:02 2016
    CRL Extensions:
chains.sh: #944: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628170303Z
addcert 3 20160628170303Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:03:03 2016
    Next Update: Wed Jun 28 17:03:01 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:03:02 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 17:03:03 2016
    CRL Extensions:
chains.sh: #945: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3  - PASSED
chains.sh: Creating DB ServerDB
certutil -N -d ServerDB -f ServerDB/dbpasswd
chains.sh: #946: OCSPD: Creating DB ServerDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ServerDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der
chains.sh: #947: OCSPD: Importing certificate OCSPRoot.der to ServerDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ServerDB database
crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl
chains.sh: #948: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #949: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #950: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #951: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #952: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database  - PASSED
chains.sh: Creating DB ClientDB
certutil -N -d ClientDB -f ClientDB/dbpasswd
chains.sh: #953: OCSPD: Creating DB ClientDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ClientDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der
chains.sh: #954: OCSPD: Importing certificate OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ClientDB database
crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl
chains.sh: #955: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA1OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der
chains.sh: #956: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA2OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der
chains.sh: #957: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA3OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der
chains.sh: #958: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE11OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der
chains.sh: #959: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE12OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der
chains.sh: #960: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE13OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der
chains.sh: #961: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE14OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der
chains.sh: #962: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE15OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der
chains.sh: #963: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE21OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der
chains.sh: #964: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE22OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der
chains.sh: #965: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE23OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der
chains.sh: #966: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE31OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der
chains.sh: #967: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE32OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der
chains.sh: #968: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE33OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der
chains.sh: #969: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database  - PASSED
httpserv starting at Tue Jun 28 17:03:05 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \
         -O get -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:03:05 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 25772 >/dev/null 2>/dev/null
httpserv with PID 25772 found at Tue Jun 28 17:03:05 UTC 2016
httpserv with PID 25772 started at Tue Jun 28 17:03:05 UTC 2016
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #970: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170136 (0x25711d98)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:01:36 2016
            Not After : Mon Jun 28 17:01:36 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    94:3a:a9:c1:5d:50:50:3e:57:5e:88:d3:c3:50:b6:24:
                    35:34:8a:c0:7e:98:b9:14:bd:2f:f8:bc:78:28:ae:67:
                    f5:a8:ba:a3:cd:53:8c:0c:3a:19:65:cb:ba:d8:10:09:
                    fc:d0:e8:1d:4a:11:e3:90:82:5d:7b:4f:b6:f5:82:a3:
                    e3:e3:51:6d:e7:bc:4d:54:4e:7c:28:f8:5d:18:90:38:
                    2b:c5:ba:f9:d6:47:dc:f8:3f:1a:d9:1d:02:ec:76:c9:
                    cd:6e:a8:e0:8f:9c:60:8d:bb:d7:79:81:65:c5:ee:f6:
                    3e:89:bf:a7:21:bd:db:a8:62:71:b3:87:60:85:57:01:
                    25:37:db:71:41:2a:75:d3:82:36:8d:24:a7:9f:46:79:
                    cd:e9:40:df:3f:4b:bd:d3:d7:be:20:8c:6b:61:8c:86:
                    b3:27:17:0d:6f:de:c2:4a:fb:d6:af:82:af:25:15:5e:
                    a5:cd:d2:a0:55:8d:49:ac:3f:90:05:ea:bd:5e:9b:3f:
                    10:71:c8:f1:ca:65:cb:e5:9b:e6:ca:be:71:35:dc:6b:
                    a0:a0:cc:42:f2:51:46:a8:8b:f6:e9:26:9a:e8:bc:bc:
                    a3:5e:58:f7:eb:89:bc:af:10:37:9f:0c:93:a0:d9:cc:
                    13:47:03:67:43:1d:31:78:33:07:72:22:92:51:5b:5f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        46:4d:58:9a:20:c8:18:86:1d:68:eb:44:0e:0a:84:83:
        bc:c9:06:1d:99:d4:8b:a0:f9:e5:50:7a:12:19:de:41:
        76:75:73:6b:39:9b:15:12:37:7b:35:b8:5d:86:22:e3:
        96:98:11:94:97:07:39:61:61:1b:9e:54:69:bd:4e:a5:
        2b:1b:c7:94:f2:ff:44:45:16:a4:85:0a:e1:a4:aa:68:
        ce:9a:92:6d:d9:d5:81:3c:28:d1:34:2b:8c:23:5d:5b:
        79:9b:d9:00:b2:e9:4e:32:17:cf:8b:ea:f0:82:fe:fe:
        af:b0:7d:ce:9b:65:e2:52:2e:e6:ce:72:cc:1b:a3:82:
        73:25:6e:fd:65:13:ce:ed:df:96:25:f8:48:c2:a4:e4:
        11:99:a1:50:ef:af:95:dc:71:85:d3:43:03:a1:5e:c1:
        30:85:2e:2c:46:fb:32:31:b3:4e:82:1a:1d:7a:3d:4a:
        22:50:e6:42:54:8b:4e:18:bf:27:49:e4:7d:36:2e:84:
        55:c5:ed:8f:5e:eb:c5:8b:64:e5:ab:05:b6:b8:14:1f:
        9f:a9:dd:1f:db:9e:18:12:e8:93:b3:52:61:aa:16:0d:
        ba:67:00:c5:5d:b8:a0:f4:b5:bc:0d:fb:98:c0:31:47:
        c0:6e:d9:17:71:dc:be:59:fd:88:b9:36:13:1b:a8:1f
    Fingerprint (SHA-256):
        31:98:A3:A5:E6:31:93:70:86:14:76:1E:2B:4A:57:41:7D:72:60:5A:7B:07:23:30:92:C6:18:9A:EC:BD:80:5F
    Fingerprint (SHA1):
        4C:2C:92:71:A0:C2:36:F5:6B:07:7C:07:AF:24:6A:5C:6C:08:60:38
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #971: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #972: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #973: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 25772 at Tue Jun 28 17:03:06 UTC 2016
kill -USR1 25772
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 25772 killed at Tue Jun 28 17:03:06 UTC 2016
httpserv starting at Tue Jun 28 17:03:06 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \
         -O post -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:03:06 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 25941 >/dev/null 2>/dev/null
httpserv with PID 25941 found at Tue Jun 28 17:03:06 UTC 2016
httpserv with PID 25941 started at Tue Jun 28 17:03:06 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #974: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. OCSPEE12OCSPCA1 :
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #975: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #976: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #977: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170136 (0x25711d98)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:01:36 2016
            Not After : Mon Jun 28 17:01:36 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    94:3a:a9:c1:5d:50:50:3e:57:5e:88:d3:c3:50:b6:24:
                    35:34:8a:c0:7e:98:b9:14:bd:2f:f8:bc:78:28:ae:67:
                    f5:a8:ba:a3:cd:53:8c:0c:3a:19:65:cb:ba:d8:10:09:
                    fc:d0:e8:1d:4a:11:e3:90:82:5d:7b:4f:b6:f5:82:a3:
                    e3:e3:51:6d:e7:bc:4d:54:4e:7c:28:f8:5d:18:90:38:
                    2b:c5:ba:f9:d6:47:dc:f8:3f:1a:d9:1d:02:ec:76:c9:
                    cd:6e:a8:e0:8f:9c:60:8d:bb:d7:79:81:65:c5:ee:f6:
                    3e:89:bf:a7:21:bd:db:a8:62:71:b3:87:60:85:57:01:
                    25:37:db:71:41:2a:75:d3:82:36:8d:24:a7:9f:46:79:
                    cd:e9:40:df:3f:4b:bd:d3:d7:be:20:8c:6b:61:8c:86:
                    b3:27:17:0d:6f:de:c2:4a:fb:d6:af:82:af:25:15:5e:
                    a5:cd:d2:a0:55:8d:49:ac:3f:90:05:ea:bd:5e:9b:3f:
                    10:71:c8:f1:ca:65:cb:e5:9b:e6:ca:be:71:35:dc:6b:
                    a0:a0:cc:42:f2:51:46:a8:8b:f6:e9:26:9a:e8:bc:bc:
                    a3:5e:58:f7:eb:89:bc:af:10:37:9f:0c:93:a0:d9:cc:
                    13:47:03:67:43:1d:31:78:33:07:72:22:92:51:5b:5f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        46:4d:58:9a:20:c8:18:86:1d:68:eb:44:0e:0a:84:83:
        bc:c9:06:1d:99:d4:8b:a0:f9:e5:50:7a:12:19:de:41:
        76:75:73:6b:39:9b:15:12:37:7b:35:b8:5d:86:22:e3:
        96:98:11:94:97:07:39:61:61:1b:9e:54:69:bd:4e:a5:
        2b:1b:c7:94:f2:ff:44:45:16:a4:85:0a:e1:a4:aa:68:
        ce:9a:92:6d:d9:d5:81:3c:28:d1:34:2b:8c:23:5d:5b:
        79:9b:d9:00:b2:e9:4e:32:17:cf:8b:ea:f0:82:fe:fe:
        af:b0:7d:ce:9b:65:e2:52:2e:e6:ce:72:cc:1b:a3:82:
        73:25:6e:fd:65:13:ce:ed:df:96:25:f8:48:c2:a4:e4:
        11:99:a1:50:ef:af:95:dc:71:85:d3:43:03:a1:5e:c1:
        30:85:2e:2c:46:fb:32:31:b3:4e:82:1a:1d:7a:3d:4a:
        22:50:e6:42:54:8b:4e:18:bf:27:49:e4:7d:36:2e:84:
        55:c5:ed:8f:5e:eb:c5:8b:64:e5:ab:05:b6:b8:14:1f:
        9f:a9:dd:1f:db:9e:18:12:e8:93:b3:52:61:aa:16:0d:
        ba:67:00:c5:5d:b8:a0:f4:b5:bc:0d:fb:98:c0:31:47:
        c0:6e:d9:17:71:dc:be:59:fd:88:b9:36:13:1b:a8:1f
    Fingerprint (SHA-256):
        31:98:A3:A5:E6:31:93:70:86:14:76:1E:2B:4A:57:41:7D:72:60:5A:7B:07:23:30:92:C6:18:9A:EC:BD:80:5F
    Fingerprint (SHA1):
        4C:2C:92:71:A0:C2:36:F5:6B:07:7C:07:AF:24:6A:5C:6C:08:60:38
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #978: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #979: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #980: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 25941 at Tue Jun 28 17:03:07 UTC 2016
kill -USR1 25941
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 25941 killed at Tue Jun 28 17:03:07 UTC 2016
httpserv starting at Tue Jun 28 17:03:07 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \
         -O random -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:03:07 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 26188 >/dev/null 2>/dev/null
httpserv with PID 26188 found at Tue Jun 28 17:03:07 UTC 2016
httpserv with PID 26188 started at Tue Jun 28 17:03:07 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #981: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #982: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170137 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #983: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #984: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #985: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170138 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #986: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #987: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #988: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #989: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170139 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #990: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #991: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170140 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #992: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #993: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #994: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #995: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #996: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628170141   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #997: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #998: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #999: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #1000: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #1001: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170138 (0x25711d9a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:20 2016
            Not After : Mon Jun 28 17:03:20 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:09:65:3d:91:93:57:08:82:f6:19:db:3b:bf:71:c0:
                    17:9a:11:ac:6a:d6:53:c9:fd:61:7e:ff:d5:89:1b:37:
                    f5:28:d2:c2:d9:ec:e9:42:4d:fb:5f:4b:8c:28:00:e8:
                    16:27:42:7c:2f:50:65:8e:1c:b2:b7:a5:22:4a:7c:8b:
                    df:01:2c:e7:39:f8:84:25:b8:e4:e0:a4:53:e0:53:f3:
                    31:18:51:c9:1c:18:55:34:c3:ba:eb:dc:28:6e:58:cc:
                    14:3e:76:0c:ee:22:a2:19:ff:af:7e:86:2b:7d:df:a8:
                    50:26:57:94:39:cc:d0:dd:a3:86:d3:fe:8a:c3:e9:7a:
                    2d:75:59:9f:a4:08:d7:79:93:57:ff:62:b2:e1:2f:a1:
                    3e:af:f2:ce:ab:5e:fa:84:4e:cd:b0:23:43:1a:cf:72:
                    88:26:9a:21:26:cb:a4:b4:90:bc:f2:77:a8:56:8f:4c:
                    5f:52:2e:f7:e6:26:73:77:c4:59:1a:bd:5f:23:80:a7:
                    c7:a8:c8:70:c3:14:62:f9:6f:4b:0a:de:1a:4c:73:3c:
                    d3:0e:e0:ac:06:d7:71:58:30:02:6e:b1:55:a3:43:35:
                    8b:c9:2e:e3:b1:2b:9c:3a:aa:ab:90:81:19:ee:a8:03:
                    ae:37:9e:c7:95:26:ba:d7:3a:4d:b6:ab:40:e1:82:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4d:85:d2:09:0b:71:8d:ec:c8:3a:0d:f0:8b:56:9b:77:
        9c:15:40:0e:1d:b4:43:b6:04:2b:a5:a5:4b:34:1d:aa:
        80:9e:97:cd:ea:cb:cf:16:13:06:c3:53:2b:ea:a4:fa:
        53:d8:cd:68:92:b8:8b:00:63:e3:b0:e9:9c:fb:db:75:
        08:ee:83:d8:a9:f2:52:24:7e:02:79:c0:fb:2a:f1:d9:
        b0:46:d2:fc:b5:7e:98:2e:2f:4c:47:fc:4a:bd:07:8f:
        1c:cd:b5:4e:c1:68:ac:6f:76:43:11:a9:0f:ea:39:95:
        6a:d4:b9:fa:60:0f:21:a9:1b:b8:94:17:5a:a0:fd:09:
        f3:00:c5:b1:6d:62:a2:ef:b0:ae:87:66:7f:40:e9:a6:
        25:3e:36:fc:ec:16:e2:ba:1d:11:d9:48:12:cd:4a:c7:
        82:dc:04:17:ff:ca:fe:9b:d4:c4:c6:bb:bd:11:50:3e:
        26:7d:cf:5d:54:e6:8a:34:09:b2:58:a9:23:de:da:ae:
        ec:54:85:f1:6e:62:ed:43:1c:15:4f:df:41:27:97:3a:
        6e:a0:b7:c6:84:7a:5a:ce:65:77:5b:23:79:cd:2b:fd:
        22:dd:b0:23:dc:e2:cf:fb:c8:49:d0:28:ca:de:fc:d3:
        c9:c2:6e:4e:74:a1:f6:bf:08:46:b1:fc:2f:b0:4c:e7
    Fingerprint (SHA-256):
        D0:81:FB:41:A1:33:69:F3:55:19:B3:01:5E:78:40:49:88:A2:44:2F:9B:B8:F5:2A:E8:DD:79:FF:65:33:7A:5D
    Fingerprint (SHA1):
        56:F9:8D:FB:6C:86:35:C7:8C:4F:00:0F:78:6B:98:CC:DE:BD:42:8E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1002: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170137 (0x25711d99)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:17 2016
            Not After : Mon Jun 28 17:03:17 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:12:95:e1:14:fb:27:b8:cc:b8:41:df:ac:a2:c5:90:
                    6d:ad:af:d6:09:00:48:2a:b0:44:03:b3:59:c1:ac:fb:
                    b3:32:b2:92:74:21:70:6f:e0:80:04:54:5e:cb:de:7c:
                    a5:b8:d3:ab:05:60:8f:8b:4e:53:a2:c6:49:16:2c:2c:
                    01:05:09:7e:c7:fb:3d:53:b2:a8:3d:e7:00:51:44:6c:
                    a5:4f:6e:e3:be:02:63:c0:e2:1a:0c:ee:dd:d3:f7:e8:
                    39:03:a9:6c:e2:9c:49:ca:ef:36:e2:23:84:eb:fa:7a:
                    26:fc:6b:62:55:26:94:97:b8:bf:d7:12:79:b4:44:9f:
                    51:2f:cd:b2:ff:61:4a:04:be:d8:8a:ab:b6:60:8a:64:
                    66:89:2f:ca:11:3a:2e:4c:ac:08:23:99:28:62:a4:1e:
                    5d:36:5e:f3:69:8a:80:c0:45:cc:94:85:8f:14:04:dd:
                    03:11:4e:52:bf:9c:02:8e:62:d5:de:ae:e6:05:59:ad:
                    97:85:35:3b:03:14:00:a8:34:97:ab:ec:fb:93:e9:00:
                    ad:ba:15:2f:fc:b6:78:9e:87:08:22:17:3a:38:07:a9:
                    e6:48:c0:c7:3d:75:7b:57:93:50:98:a9:0a:00:38:df:
                    24:cc:35:81:d4:76:b7:d5:37:43:43:92:4c:2a:3e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c1:71:af:60:67:76:b4:78:a5:e7:8f:86:4d:b5:86:18:
        ff:44:35:14:7e:44:a1:4d:ee:99:31:bf:93:af:12:70:
        ad:92:25:8a:c5:77:48:4c:fb:37:6a:59:e2:f7:9f:01:
        14:7e:1a:b7:12:a9:a8:8d:87:58:e1:0b:35:ef:74:dc:
        64:74:23:2e:ff:58:4b:2a:0d:9b:d7:64:66:aa:8a:9d:
        bf:03:83:4c:e1:6b:ac:27:34:5d:d7:0b:b4:aa:6d:41:
        0b:b6:a1:8b:5b:12:d8:a8:1a:76:05:ab:19:d8:da:22:
        fa:56:c0:36:f0:55:52:49:d5:6e:c7:1c:d4:ae:5d:bb:
        69:d7:7e:20:41:f7:da:5a:4c:03:1f:a3:50:ff:c7:71:
        6c:20:61:b1:ff:25:19:37:d5:e8:10:d4:25:04:0d:16:
        d6:a1:86:bb:89:5a:4f:1c:34:ef:ec:39:6b:0c:b4:0f:
        0c:94:2d:3a:93:66:5d:d7:b0:22:11:1b:67:48:f5:dd:
        88:6f:fe:b4:67:70:c5:e8:38:c7:da:8f:7d:96:43:a1:
        2a:3f:04:91:ab:ab:68:46:9c:35:b3:08:b4:84:19:0c:
        e9:85:04:70:38:7d:54:c7:c6:85:c6:8a:10:c6:e5:4b:
        30:d3:48:13:2f:e9:56:99:9b:22:22:9a:a4:0e:32:6c
    Fingerprint (SHA-256):
        E7:62:58:B7:1D:EA:DC:41:4D:2F:B1:4A:19:71:20:30:8F:2B:3C:F1:5E:2A:82:70:A9:DE:4B:F7:34:3A:64:44
    Fingerprint (SHA1):
        DF:0D:5F:B5:C3:C9:0C:0E:53:86:84:21:ED:F7:21:E1:5A:A0:F9:C5
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1003: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1004: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #1005: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #1006: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170137 (0x25711d99)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:17 2016
            Not After : Mon Jun 28 17:03:17 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:12:95:e1:14:fb:27:b8:cc:b8:41:df:ac:a2:c5:90:
                    6d:ad:af:d6:09:00:48:2a:b0:44:03:b3:59:c1:ac:fb:
                    b3:32:b2:92:74:21:70:6f:e0:80:04:54:5e:cb:de:7c:
                    a5:b8:d3:ab:05:60:8f:8b:4e:53:a2:c6:49:16:2c:2c:
                    01:05:09:7e:c7:fb:3d:53:b2:a8:3d:e7:00:51:44:6c:
                    a5:4f:6e:e3:be:02:63:c0:e2:1a:0c:ee:dd:d3:f7:e8:
                    39:03:a9:6c:e2:9c:49:ca:ef:36:e2:23:84:eb:fa:7a:
                    26:fc:6b:62:55:26:94:97:b8:bf:d7:12:79:b4:44:9f:
                    51:2f:cd:b2:ff:61:4a:04:be:d8:8a:ab:b6:60:8a:64:
                    66:89:2f:ca:11:3a:2e:4c:ac:08:23:99:28:62:a4:1e:
                    5d:36:5e:f3:69:8a:80:c0:45:cc:94:85:8f:14:04:dd:
                    03:11:4e:52:bf:9c:02:8e:62:d5:de:ae:e6:05:59:ad:
                    97:85:35:3b:03:14:00:a8:34:97:ab:ec:fb:93:e9:00:
                    ad:ba:15:2f:fc:b6:78:9e:87:08:22:17:3a:38:07:a9:
                    e6:48:c0:c7:3d:75:7b:57:93:50:98:a9:0a:00:38:df:
                    24:cc:35:81:d4:76:b7:d5:37:43:43:92:4c:2a:3e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c1:71:af:60:67:76:b4:78:a5:e7:8f:86:4d:b5:86:18:
        ff:44:35:14:7e:44:a1:4d:ee:99:31:bf:93:af:12:70:
        ad:92:25:8a:c5:77:48:4c:fb:37:6a:59:e2:f7:9f:01:
        14:7e:1a:b7:12:a9:a8:8d:87:58:e1:0b:35:ef:74:dc:
        64:74:23:2e:ff:58:4b:2a:0d:9b:d7:64:66:aa:8a:9d:
        bf:03:83:4c:e1:6b:ac:27:34:5d:d7:0b:b4:aa:6d:41:
        0b:b6:a1:8b:5b:12:d8:a8:1a:76:05:ab:19:d8:da:22:
        fa:56:c0:36:f0:55:52:49:d5:6e:c7:1c:d4:ae:5d:bb:
        69:d7:7e:20:41:f7:da:5a:4c:03:1f:a3:50:ff:c7:71:
        6c:20:61:b1:ff:25:19:37:d5:e8:10:d4:25:04:0d:16:
        d6:a1:86:bb:89:5a:4f:1c:34:ef:ec:39:6b:0c:b4:0f:
        0c:94:2d:3a:93:66:5d:d7:b0:22:11:1b:67:48:f5:dd:
        88:6f:fe:b4:67:70:c5:e8:38:c7:da:8f:7d:96:43:a1:
        2a:3f:04:91:ab:ab:68:46:9c:35:b3:08:b4:84:19:0c:
        e9:85:04:70:38:7d:54:c7:c6:85:c6:8a:10:c6:e5:4b:
        30:d3:48:13:2f:e9:56:99:9b:22:22:9a:a4:0e:32:6c
    Fingerprint (SHA-256):
        E7:62:58:B7:1D:EA:DC:41:4D:2F:B1:4A:19:71:20:30:8F:2B:3C:F1:5E:2A:82:70:A9:DE:4B:F7:34:3A:64:44
    Fingerprint (SHA1):
        DF:0D:5F:B5:C3:C9:0C:0E:53:86:84:21:ED:F7:21:E1:5A:A0:F9:C5
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1007: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170138 (0x25711d9a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:20 2016
            Not After : Mon Jun 28 17:03:20 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:09:65:3d:91:93:57:08:82:f6:19:db:3b:bf:71:c0:
                    17:9a:11:ac:6a:d6:53:c9:fd:61:7e:ff:d5:89:1b:37:
                    f5:28:d2:c2:d9:ec:e9:42:4d:fb:5f:4b:8c:28:00:e8:
                    16:27:42:7c:2f:50:65:8e:1c:b2:b7:a5:22:4a:7c:8b:
                    df:01:2c:e7:39:f8:84:25:b8:e4:e0:a4:53:e0:53:f3:
                    31:18:51:c9:1c:18:55:34:c3:ba:eb:dc:28:6e:58:cc:
                    14:3e:76:0c:ee:22:a2:19:ff:af:7e:86:2b:7d:df:a8:
                    50:26:57:94:39:cc:d0:dd:a3:86:d3:fe:8a:c3:e9:7a:
                    2d:75:59:9f:a4:08:d7:79:93:57:ff:62:b2:e1:2f:a1:
                    3e:af:f2:ce:ab:5e:fa:84:4e:cd:b0:23:43:1a:cf:72:
                    88:26:9a:21:26:cb:a4:b4:90:bc:f2:77:a8:56:8f:4c:
                    5f:52:2e:f7:e6:26:73:77:c4:59:1a:bd:5f:23:80:a7:
                    c7:a8:c8:70:c3:14:62:f9:6f:4b:0a:de:1a:4c:73:3c:
                    d3:0e:e0:ac:06:d7:71:58:30:02:6e:b1:55:a3:43:35:
                    8b:c9:2e:e3:b1:2b:9c:3a:aa:ab:90:81:19:ee:a8:03:
                    ae:37:9e:c7:95:26:ba:d7:3a:4d:b6:ab:40:e1:82:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4d:85:d2:09:0b:71:8d:ec:c8:3a:0d:f0:8b:56:9b:77:
        9c:15:40:0e:1d:b4:43:b6:04:2b:a5:a5:4b:34:1d:aa:
        80:9e:97:cd:ea:cb:cf:16:13:06:c3:53:2b:ea:a4:fa:
        53:d8:cd:68:92:b8:8b:00:63:e3:b0:e9:9c:fb:db:75:
        08:ee:83:d8:a9:f2:52:24:7e:02:79:c0:fb:2a:f1:d9:
        b0:46:d2:fc:b5:7e:98:2e:2f:4c:47:fc:4a:bd:07:8f:
        1c:cd:b5:4e:c1:68:ac:6f:76:43:11:a9:0f:ea:39:95:
        6a:d4:b9:fa:60:0f:21:a9:1b:b8:94:17:5a:a0:fd:09:
        f3:00:c5:b1:6d:62:a2:ef:b0:ae:87:66:7f:40:e9:a6:
        25:3e:36:fc:ec:16:e2:ba:1d:11:d9:48:12:cd:4a:c7:
        82:dc:04:17:ff:ca:fe:9b:d4:c4:c6:bb:bd:11:50:3e:
        26:7d:cf:5d:54:e6:8a:34:09:b2:58:a9:23:de:da:ae:
        ec:54:85:f1:6e:62:ed:43:1c:15:4f:df:41:27:97:3a:
        6e:a0:b7:c6:84:7a:5a:ce:65:77:5b:23:79:cd:2b:fd:
        22:dd:b0:23:dc:e2:cf:fb:c8:49:d0:28:ca:de:fc:d3:
        c9:c2:6e:4e:74:a1:f6:bf:08:46:b1:fc:2f:b0:4c:e7
    Fingerprint (SHA-256):
        D0:81:FB:41:A1:33:69:F3:55:19:B3:01:5E:78:40:49:88:A2:44:2F:9B:B8:F5:2A:E8:DD:79:FF:65:33:7A:5D
    Fingerprint (SHA1):
        56:F9:8D:FB:6C:86:35:C7:8C:4F:00:0F:78:6B:98:CC:DE:BD:42:8E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1008: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #1009: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #1010: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1011: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1012: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1013: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170138 (0x25711d9a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:20 2016
            Not After : Mon Jun 28 17:03:20 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:09:65:3d:91:93:57:08:82:f6:19:db:3b:bf:71:c0:
                    17:9a:11:ac:6a:d6:53:c9:fd:61:7e:ff:d5:89:1b:37:
                    f5:28:d2:c2:d9:ec:e9:42:4d:fb:5f:4b:8c:28:00:e8:
                    16:27:42:7c:2f:50:65:8e:1c:b2:b7:a5:22:4a:7c:8b:
                    df:01:2c:e7:39:f8:84:25:b8:e4:e0:a4:53:e0:53:f3:
                    31:18:51:c9:1c:18:55:34:c3:ba:eb:dc:28:6e:58:cc:
                    14:3e:76:0c:ee:22:a2:19:ff:af:7e:86:2b:7d:df:a8:
                    50:26:57:94:39:cc:d0:dd:a3:86:d3:fe:8a:c3:e9:7a:
                    2d:75:59:9f:a4:08:d7:79:93:57:ff:62:b2:e1:2f:a1:
                    3e:af:f2:ce:ab:5e:fa:84:4e:cd:b0:23:43:1a:cf:72:
                    88:26:9a:21:26:cb:a4:b4:90:bc:f2:77:a8:56:8f:4c:
                    5f:52:2e:f7:e6:26:73:77:c4:59:1a:bd:5f:23:80:a7:
                    c7:a8:c8:70:c3:14:62:f9:6f:4b:0a:de:1a:4c:73:3c:
                    d3:0e:e0:ac:06:d7:71:58:30:02:6e:b1:55:a3:43:35:
                    8b:c9:2e:e3:b1:2b:9c:3a:aa:ab:90:81:19:ee:a8:03:
                    ae:37:9e:c7:95:26:ba:d7:3a:4d:b6:ab:40:e1:82:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4d:85:d2:09:0b:71:8d:ec:c8:3a:0d:f0:8b:56:9b:77:
        9c:15:40:0e:1d:b4:43:b6:04:2b:a5:a5:4b:34:1d:aa:
        80:9e:97:cd:ea:cb:cf:16:13:06:c3:53:2b:ea:a4:fa:
        53:d8:cd:68:92:b8:8b:00:63:e3:b0:e9:9c:fb:db:75:
        08:ee:83:d8:a9:f2:52:24:7e:02:79:c0:fb:2a:f1:d9:
        b0:46:d2:fc:b5:7e:98:2e:2f:4c:47:fc:4a:bd:07:8f:
        1c:cd:b5:4e:c1:68:ac:6f:76:43:11:a9:0f:ea:39:95:
        6a:d4:b9:fa:60:0f:21:a9:1b:b8:94:17:5a:a0:fd:09:
        f3:00:c5:b1:6d:62:a2:ef:b0:ae:87:66:7f:40:e9:a6:
        25:3e:36:fc:ec:16:e2:ba:1d:11:d9:48:12:cd:4a:c7:
        82:dc:04:17:ff:ca:fe:9b:d4:c4:c6:bb:bd:11:50:3e:
        26:7d:cf:5d:54:e6:8a:34:09:b2:58:a9:23:de:da:ae:
        ec:54:85:f1:6e:62:ed:43:1c:15:4f:df:41:27:97:3a:
        6e:a0:b7:c6:84:7a:5a:ce:65:77:5b:23:79:cd:2b:fd:
        22:dd:b0:23:dc:e2:cf:fb:c8:49:d0:28:ca:de:fc:d3:
        c9:c2:6e:4e:74:a1:f6:bf:08:46:b1:fc:2f:b0:4c:e7
    Fingerprint (SHA-256):
        D0:81:FB:41:A1:33:69:F3:55:19:B3:01:5E:78:40:49:88:A2:44:2F:9B:B8:F5:2A:E8:DD:79:FF:65:33:7A:5D
    Fingerprint (SHA1):
        56:F9:8D:FB:6C:86:35:C7:8C:4F:00:0F:78:6B:98:CC:DE:BD:42:8E
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1014: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170138 (0x25711d9a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:20 2016
            Not After : Mon Jun 28 17:03:20 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:09:65:3d:91:93:57:08:82:f6:19:db:3b:bf:71:c0:
                    17:9a:11:ac:6a:d6:53:c9:fd:61:7e:ff:d5:89:1b:37:
                    f5:28:d2:c2:d9:ec:e9:42:4d:fb:5f:4b:8c:28:00:e8:
                    16:27:42:7c:2f:50:65:8e:1c:b2:b7:a5:22:4a:7c:8b:
                    df:01:2c:e7:39:f8:84:25:b8:e4:e0:a4:53:e0:53:f3:
                    31:18:51:c9:1c:18:55:34:c3:ba:eb:dc:28:6e:58:cc:
                    14:3e:76:0c:ee:22:a2:19:ff:af:7e:86:2b:7d:df:a8:
                    50:26:57:94:39:cc:d0:dd:a3:86:d3:fe:8a:c3:e9:7a:
                    2d:75:59:9f:a4:08:d7:79:93:57:ff:62:b2:e1:2f:a1:
                    3e:af:f2:ce:ab:5e:fa:84:4e:cd:b0:23:43:1a:cf:72:
                    88:26:9a:21:26:cb:a4:b4:90:bc:f2:77:a8:56:8f:4c:
                    5f:52:2e:f7:e6:26:73:77:c4:59:1a:bd:5f:23:80:a7:
                    c7:a8:c8:70:c3:14:62:f9:6f:4b:0a:de:1a:4c:73:3c:
                    d3:0e:e0:ac:06:d7:71:58:30:02:6e:b1:55:a3:43:35:
                    8b:c9:2e:e3:b1:2b:9c:3a:aa:ab:90:81:19:ee:a8:03:
                    ae:37:9e:c7:95:26:ba:d7:3a:4d:b6:ab:40:e1:82:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4d:85:d2:09:0b:71:8d:ec:c8:3a:0d:f0:8b:56:9b:77:
        9c:15:40:0e:1d:b4:43:b6:04:2b:a5:a5:4b:34:1d:aa:
        80:9e:97:cd:ea:cb:cf:16:13:06:c3:53:2b:ea:a4:fa:
        53:d8:cd:68:92:b8:8b:00:63:e3:b0:e9:9c:fb:db:75:
        08:ee:83:d8:a9:f2:52:24:7e:02:79:c0:fb:2a:f1:d9:
        b0:46:d2:fc:b5:7e:98:2e:2f:4c:47:fc:4a:bd:07:8f:
        1c:cd:b5:4e:c1:68:ac:6f:76:43:11:a9:0f:ea:39:95:
        6a:d4:b9:fa:60:0f:21:a9:1b:b8:94:17:5a:a0:fd:09:
        f3:00:c5:b1:6d:62:a2:ef:b0:ae:87:66:7f:40:e9:a6:
        25:3e:36:fc:ec:16:e2:ba:1d:11:d9:48:12:cd:4a:c7:
        82:dc:04:17:ff:ca:fe:9b:d4:c4:c6:bb:bd:11:50:3e:
        26:7d:cf:5d:54:e6:8a:34:09:b2:58:a9:23:de:da:ae:
        ec:54:85:f1:6e:62:ed:43:1c:15:4f:df:41:27:97:3a:
        6e:a0:b7:c6:84:7a:5a:ce:65:77:5b:23:79:cd:2b:fd:
        22:dd:b0:23:dc:e2:cf:fb:c8:49:d0:28:ca:de:fc:d3:
        c9:c2:6e:4e:74:a1:f6:bf:08:46:b1:fc:2f:b0:4c:e7
    Fingerprint (SHA-256):
        D0:81:FB:41:A1:33:69:F3:55:19:B3:01:5E:78:40:49:88:A2:44:2F:9B:B8:F5:2A:E8:DD:79:FF:65:33:7A:5D
    Fingerprint (SHA1):
        56:F9:8D:FB:6C:86:35:C7:8C:4F:00:0F:78:6B:98:CC:DE:BD:42:8E
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1015: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #1016: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #1017: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1018: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #1019: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #1020: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170137 (0x25711d99)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:17 2016
            Not After : Mon Jun 28 17:03:17 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:12:95:e1:14:fb:27:b8:cc:b8:41:df:ac:a2:c5:90:
                    6d:ad:af:d6:09:00:48:2a:b0:44:03:b3:59:c1:ac:fb:
                    b3:32:b2:92:74:21:70:6f:e0:80:04:54:5e:cb:de:7c:
                    a5:b8:d3:ab:05:60:8f:8b:4e:53:a2:c6:49:16:2c:2c:
                    01:05:09:7e:c7:fb:3d:53:b2:a8:3d:e7:00:51:44:6c:
                    a5:4f:6e:e3:be:02:63:c0:e2:1a:0c:ee:dd:d3:f7:e8:
                    39:03:a9:6c:e2:9c:49:ca:ef:36:e2:23:84:eb:fa:7a:
                    26:fc:6b:62:55:26:94:97:b8:bf:d7:12:79:b4:44:9f:
                    51:2f:cd:b2:ff:61:4a:04:be:d8:8a:ab:b6:60:8a:64:
                    66:89:2f:ca:11:3a:2e:4c:ac:08:23:99:28:62:a4:1e:
                    5d:36:5e:f3:69:8a:80:c0:45:cc:94:85:8f:14:04:dd:
                    03:11:4e:52:bf:9c:02:8e:62:d5:de:ae:e6:05:59:ad:
                    97:85:35:3b:03:14:00:a8:34:97:ab:ec:fb:93:e9:00:
                    ad:ba:15:2f:fc:b6:78:9e:87:08:22:17:3a:38:07:a9:
                    e6:48:c0:c7:3d:75:7b:57:93:50:98:a9:0a:00:38:df:
                    24:cc:35:81:d4:76:b7:d5:37:43:43:92:4c:2a:3e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c1:71:af:60:67:76:b4:78:a5:e7:8f:86:4d:b5:86:18:
        ff:44:35:14:7e:44:a1:4d:ee:99:31:bf:93:af:12:70:
        ad:92:25:8a:c5:77:48:4c:fb:37:6a:59:e2:f7:9f:01:
        14:7e:1a:b7:12:a9:a8:8d:87:58:e1:0b:35:ef:74:dc:
        64:74:23:2e:ff:58:4b:2a:0d:9b:d7:64:66:aa:8a:9d:
        bf:03:83:4c:e1:6b:ac:27:34:5d:d7:0b:b4:aa:6d:41:
        0b:b6:a1:8b:5b:12:d8:a8:1a:76:05:ab:19:d8:da:22:
        fa:56:c0:36:f0:55:52:49:d5:6e:c7:1c:d4:ae:5d:bb:
        69:d7:7e:20:41:f7:da:5a:4c:03:1f:a3:50:ff:c7:71:
        6c:20:61:b1:ff:25:19:37:d5:e8:10:d4:25:04:0d:16:
        d6:a1:86:bb:89:5a:4f:1c:34:ef:ec:39:6b:0c:b4:0f:
        0c:94:2d:3a:93:66:5d:d7:b0:22:11:1b:67:48:f5:dd:
        88:6f:fe:b4:67:70:c5:e8:38:c7:da:8f:7d:96:43:a1:
        2a:3f:04:91:ab:ab:68:46:9c:35:b3:08:b4:84:19:0c:
        e9:85:04:70:38:7d:54:c7:c6:85:c6:8a:10:c6:e5:4b:
        30:d3:48:13:2f:e9:56:99:9b:22:22:9a:a4:0e:32:6c
    Fingerprint (SHA-256):
        E7:62:58:B7:1D:EA:DC:41:4D:2F:B1:4A:19:71:20:30:8F:2B:3C:F1:5E:2A:82:70:A9:DE:4B:F7:34:3A:64:44
    Fingerprint (SHA1):
        DF:0D:5F:B5:C3:C9:0C:0E:53:86:84:21:ED:F7:21:E1:5A:A0:F9:C5
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1021: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170137 (0x25711d99)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:17 2016
            Not After : Mon Jun 28 17:03:17 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:12:95:e1:14:fb:27:b8:cc:b8:41:df:ac:a2:c5:90:
                    6d:ad:af:d6:09:00:48:2a:b0:44:03:b3:59:c1:ac:fb:
                    b3:32:b2:92:74:21:70:6f:e0:80:04:54:5e:cb:de:7c:
                    a5:b8:d3:ab:05:60:8f:8b:4e:53:a2:c6:49:16:2c:2c:
                    01:05:09:7e:c7:fb:3d:53:b2:a8:3d:e7:00:51:44:6c:
                    a5:4f:6e:e3:be:02:63:c0:e2:1a:0c:ee:dd:d3:f7:e8:
                    39:03:a9:6c:e2:9c:49:ca:ef:36:e2:23:84:eb:fa:7a:
                    26:fc:6b:62:55:26:94:97:b8:bf:d7:12:79:b4:44:9f:
                    51:2f:cd:b2:ff:61:4a:04:be:d8:8a:ab:b6:60:8a:64:
                    66:89:2f:ca:11:3a:2e:4c:ac:08:23:99:28:62:a4:1e:
                    5d:36:5e:f3:69:8a:80:c0:45:cc:94:85:8f:14:04:dd:
                    03:11:4e:52:bf:9c:02:8e:62:d5:de:ae:e6:05:59:ad:
                    97:85:35:3b:03:14:00:a8:34:97:ab:ec:fb:93:e9:00:
                    ad:ba:15:2f:fc:b6:78:9e:87:08:22:17:3a:38:07:a9:
                    e6:48:c0:c7:3d:75:7b:57:93:50:98:a9:0a:00:38:df:
                    24:cc:35:81:d4:76:b7:d5:37:43:43:92:4c:2a:3e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c1:71:af:60:67:76:b4:78:a5:e7:8f:86:4d:b5:86:18:
        ff:44:35:14:7e:44:a1:4d:ee:99:31:bf:93:af:12:70:
        ad:92:25:8a:c5:77:48:4c:fb:37:6a:59:e2:f7:9f:01:
        14:7e:1a:b7:12:a9:a8:8d:87:58:e1:0b:35:ef:74:dc:
        64:74:23:2e:ff:58:4b:2a:0d:9b:d7:64:66:aa:8a:9d:
        bf:03:83:4c:e1:6b:ac:27:34:5d:d7:0b:b4:aa:6d:41:
        0b:b6:a1:8b:5b:12:d8:a8:1a:76:05:ab:19:d8:da:22:
        fa:56:c0:36:f0:55:52:49:d5:6e:c7:1c:d4:ae:5d:bb:
        69:d7:7e:20:41:f7:da:5a:4c:03:1f:a3:50:ff:c7:71:
        6c:20:61:b1:ff:25:19:37:d5:e8:10:d4:25:04:0d:16:
        d6:a1:86:bb:89:5a:4f:1c:34:ef:ec:39:6b:0c:b4:0f:
        0c:94:2d:3a:93:66:5d:d7:b0:22:11:1b:67:48:f5:dd:
        88:6f:fe:b4:67:70:c5:e8:38:c7:da:8f:7d:96:43:a1:
        2a:3f:04:91:ab:ab:68:46:9c:35:b3:08:b4:84:19:0c:
        e9:85:04:70:38:7d:54:c7:c6:85:c6:8a:10:c6:e5:4b:
        30:d3:48:13:2f:e9:56:99:9b:22:22:9a:a4:0e:32:6c
    Fingerprint (SHA-256):
        E7:62:58:B7:1D:EA:DC:41:4D:2F:B1:4A:19:71:20:30:8F:2B:3C:F1:5E:2A:82:70:A9:DE:4B:F7:34:3A:64:44
    Fingerprint (SHA1):
        DF:0D:5F:B5:C3:C9:0C:0E:53:86:84:21:ED:F7:21:E1:5A:A0:F9:C5
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1022: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #1023: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170142 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1024: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #1025: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #1026: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170143 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1027: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #1028: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #1029: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170144 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1030: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #1031: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #1032: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170145 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1033: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #1034: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #1035: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170146 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1036: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #1037: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #1038: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170147 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1039: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #1040: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #1041: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170148 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1042: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #1043: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #1044: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170149 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1045: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #1046: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #1047: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170150 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1048: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #1049: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #1050: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1051: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628170151 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1052: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1053: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628170152 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1054: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1055: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628170153 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1056: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1057: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #1058: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #1059: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1060: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628170154 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1061: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1062: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628170155 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1063: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1064: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628170156 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1065: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1066: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #1067: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #1068: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1069: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628170157 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1070: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1071: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628170158 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1072: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1073: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628170159 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1074: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1075: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #1076: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #1077: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1078: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628170160 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1079: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1080: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628170161 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1081: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1082: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628170162 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1083: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1084: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #1085: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1086: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1087: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628170163   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1088: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1089: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1090: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1091: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170164   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1092: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1093: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170142 (0x25711d9e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:37 2016
            Not After : Mon Jun 28 17:03:37 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:0e:22:8a:51:d5:8b:09:17:c8:9a:d4:49:c5:15:5a:
                    a5:b2:1b:40:f3:4d:1f:46:4e:fc:3b:78:c1:ae:e0:2e:
                    83:78:ba:45:29:f1:92:b4:eb:a5:9e:02:cd:8d:e9:d4:
                    2d:9e:b8:1e:69:96:34:9d:24:41:87:29:19:92:85:27:
                    5d:57:ba:38:50:bc:51:21:b0:2f:61:4b:04:44:24:59:
                    c2:a7:43:14:4b:51:0d:ad:aa:76:d3:75:42:6a:92:c2:
                    66:4e:81:e3:c8:f5:a6:89:6e:1e:57:44:4a:15:e8:2a:
                    83:d8:13:4d:07:f4:bf:3e:6f:4a:b0:f3:47:32:c6:f1:
                    e0:0e:12:1e:1c:5a:74:c8:73:00:e8:fe:2d:2c:bf:64:
                    ab:8b:cc:e2:40:c3:1e:7f:e6:a8:1b:7a:c6:e5:4e:f5:
                    22:f5:f6:96:ab:77:3a:8e:97:57:33:0d:58:de:53:42:
                    bf:22:e8:9c:de:c2:c9:65:ce:d2:ad:34:6c:a0:af:24:
                    32:b4:0e:b1:42:1e:6b:c2:d6:e5:0e:46:c2:26:93:07:
                    0c:d5:1b:cb:c6:e0:43:c0:5c:65:0e:67:c0:ad:b4:3f:
                    b8:1e:d1:7c:4e:b0:cf:1c:27:1c:34:96:68:4c:97:9c:
                    d5:6b:19:c3:73:fa:59:c8:97:87:28:a6:3e:09:d0:e1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:69:9c:00:df:cc:7e:0f:02:ec:f0:e1:a3:b5:f0:c4:
        7d:34:67:9c:7e:99:f6:7d:aa:d7:c6:3f:d5:10:8a:bb:
        3f:04:1e:d6:f5:f6:d8:b8:7e:cc:c6:00:0b:0e:cc:22:
        a6:10:84:cb:65:93:4c:91:45:5f:6b:24:aa:d0:bb:42:
        92:2d:b4:43:3e:98:65:58:0a:90:82:d8:20:7d:27:ed:
        34:52:a3:2f:d6:02:e7:cf:97:f3:9d:55:97:02:7c:05:
        01:25:d7:65:c0:1f:de:68:53:d8:0e:80:61:98:0d:99:
        be:80:ac:5e:f8:3c:70:c2:a6:23:9e:6a:45:11:4a:52:
        56:dd:25:6a:de:8a:fe:71:33:a2:ae:86:17:d4:7f:37:
        aa:e1:5b:57:c1:02:ff:ed:b9:9d:8f:51:3a:6e:f4:dc:
        e3:a3:d1:c4:d4:da:3a:5c:89:85:1e:76:31:3f:09:66:
        73:9e:60:a3:cc:a0:4a:4d:58:60:31:e7:c5:a6:cb:84:
        de:48:f6:8b:a0:47:f6:2d:fc:d7:cb:3d:6f:71:cf:bf:
        03:86:c8:2f:17:2f:38:d8:80:88:96:cd:a5:72:e3:81:
        1d:c2:b0:79:91:53:17:7d:5e:a3:6f:26:4e:e9:d2:04:
        77:56:4b:87:e5:79:d5:dd:7a:43:08:68:91:67:9a:f2
    Fingerprint (SHA-256):
        3C:88:2A:87:BC:91:D2:DF:8D:58:9F:CB:3C:05:E0:45:34:2A:7B:DC:9C:95:1A:81:A0:8E:29:9B:F2:1C:85:CF
    Fingerprint (SHA1):
        DE:02:17:15:85:65:C3:CE:5A:65:87:E7:DB:D4:22:C1:F4:62:C8:4F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1094: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170143 (0x25711d9f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:47 2016
            Not After : Mon Jun 28 17:03:47 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:79:35:f6:93:ec:b9:2e:23:f1:a7:37:ad:95:74:55:
                    8e:96:5a:af:7d:fc:4a:7d:55:a4:7b:85:3c:00:f3:58:
                    ff:af:bc:3b:85:46:e5:14:5c:0c:a5:3e:3f:4f:81:5b:
                    2d:2b:be:79:40:85:62:6a:74:18:ad:28:de:ac:7d:50:
                    06:8f:f6:19:92:29:79:e8:bb:d7:15:b3:e0:2b:02:9a:
                    cc:03:2c:88:f3:db:c7:68:b6:61:7d:23:b3:4a:da:c8:
                    6a:f9:ce:5b:9f:29:9e:ca:d4:7c:b1:68:2a:9c:2e:cc:
                    f5:f2:04:41:73:c8:aa:1b:94:62:01:f5:dd:47:dc:69:
                    83:24:64:67:36:96:5f:cc:9d:50:e5:ac:de:88:37:51:
                    4e:4c:64:ea:dc:a3:18:ac:60:23:9b:c5:2b:c9:a3:de:
                    d7:6b:13:fc:20:f5:a1:09:76:f8:7a:62:c3:30:0e:98:
                    2f:2e:dd:0c:ac:58:34:f5:29:c0:92:66:eb:c0:66:bb:
                    74:98:37:71:68:b3:9a:6d:a4:cf:3f:de:47:b6:16:44:
                    db:ab:10:0c:b7:84:c4:4d:25:a2:43:e6:40:0f:a2:9a:
                    c1:ac:fc:64:2a:05:a6:c3:e6:db:5d:85:b7:c1:90:33:
                    f2:72:b7:54:fa:a2:0d:f4:b1:44:28:54:eb:0e:a5:79
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6c:6f:16:08:bf:0f:89:94:95:90:0b:bd:8d:39:8e:f9:
        5a:46:1d:e2:49:e3:ff:03:fc:49:9a:7d:71:63:d6:7a:
        73:9b:58:b1:91:8f:22:be:64:38:48:b4:16:ab:81:3f:
        2e:af:e8:03:13:9f:64:7f:b4:ec:86:00:5e:c6:70:d2:
        36:af:a1:14:c9:76:16:b8:7d:50:3a:bd:05:b6:c0:ba:
        d8:0c:8e:e5:46:97:e3:47:5c:3c:71:bb:44:8e:ca:1c:
        0b:65:08:e0:6c:d6:d3:55:3c:f3:62:6b:c3:85:97:fe:
        cf:85:fe:05:37:45:93:e7:34:0d:72:56:dc:ee:65:e7:
        26:c4:27:0a:7b:57:b0:24:3f:32:6c:70:e3:d6:96:55:
        cf:c1:b8:14:41:f6:f4:96:90:eb:43:e3:aa:6d:b0:fb:
        ed:67:2f:29:8b:67:b7:99:29:54:3d:a3:d2:89:78:14:
        4a:62:55:cc:04:1a:c3:16:42:72:af:7b:9b:04:e9:6c:
        96:d3:34:48:87:c9:08:1d:79:ff:72:f1:15:22:9a:9a:
        a9:fc:99:0d:9c:3f:30:cf:06:4b:ed:5a:a9:05:b9:57:
        74:1a:f2:8d:5c:74:89:90:72:09:7e:22:23:12:12:49:
        51:a8:b3:43:52:97:47:e6:28:6b:57:fa:77:f6:e8:e5
    Fingerprint (SHA-256):
        E6:55:EE:08:6C:3B:EE:59:AA:E9:E5:08:56:2B:CB:70:6D:84:89:9E:8E:C6:68:62:F0:76:16:22:A5:08:F0:82
    Fingerprint (SHA1):
        7B:99:73:A6:B4:D5:DF:45:E6:0C:04:49:FE:2D:99:A3:E4:C4:C0:AB
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1095: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170144 (0x25711da0)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 17:03:54 2016
            Not After : Mon Jun 28 17:03:54 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:80:9b:5b:a4:c0:de:8c:a5:07:6f:de:0c:46:c0:0a:
                    0d:30:18:bc:52:a4:9f:9a:12:90:36:1c:77:1c:3e:e9:
                    d5:69:f8:58:31:6f:6a:07:a8:4f:56:31:07:44:63:44:
                    ef:db:7f:4e:bc:e4:9c:27:97:23:18:3d:cc:43:c4:d3:
                    4c:b7:9c:d8:b4:97:6d:c1:c7:91:75:09:c1:d6:31:98:
                    bb:a1:6a:ce:31:18:81:19:83:85:22:42:04:a4:d9:9b:
                    32:44:75:d4:22:ce:6b:86:84:fb:44:5c:d2:01:29:5e:
                    b5:57:b5:c9:58:91:ab:be:7c:6e:02:a3:4e:c2:ee:dd:
                    96:12:c3:3d:92:f3:91:5e:4d:29:40:0d:00:5e:01:fa:
                    33:0a:81:ff:34:c8:e3:71:2d:6d:48:a6:fd:ac:a1:da:
                    23:f0:76:6b:1c:40:21:83:6a:50:bf:a4:34:10:31:b1:
                    46:03:c8:73:16:51:72:84:88:01:90:a0:31:a8:69:08:
                    ee:bc:e6:0e:0f:e2:67:7f:1d:67:b8:7c:5b:bf:16:7c:
                    94:4d:87:02:ee:f4:1a:f0:ae:8b:8b:5a:97:9a:a6:0f:
                    26:fa:28:ea:e9:a7:c0:6a:e4:80:b4:51:96:ef:1f:38:
                    8e:2b:9b:f4:6f:54:7d:33:8d:57:91:6a:8e:87:a9:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        81:ad:0e:51:9e:04:3e:96:ed:ae:8f:0c:56:bb:6d:fc:
        a8:cf:dd:91:ca:5e:4e:b4:3f:ea:eb:f2:dd:86:47:cd:
        30:b5:7d:03:86:fe:65:a8:55:07:99:79:ea:94:85:ae:
        a2:12:df:1d:93:d7:4a:53:ae:ce:3e:00:47:15:b3:32:
        4d:03:15:85:26:92:fd:dc:00:29:ee:52:cb:2f:17:ea:
        cf:75:a7:b9:5c:c0:45:cb:a3:07:42:87:80:0d:35:5f:
        20:7e:40:a6:c5:c6:ed:18:c5:3b:e3:3a:49:7b:1d:8a:
        ae:cf:5d:95:bd:7d:be:7e:b4:7d:27:b8:67:ab:b2:6a:
        21:36:46:ae:dd:cf:2a:ce:29:38:99:ab:0e:a4:4a:be:
        f5:f9:01:ad:f6:ca:cb:1f:c1:ef:e7:d7:22:78:61:81:
        2b:d0:c7:a1:2d:98:09:8d:22:70:7f:88:fa:8d:0a:af:
        2c:eb:c3:ac:89:94:76:65:d5:e8:01:81:cc:52:1b:93:
        e1:79:5b:94:fd:13:67:a0:f0:63:09:50:d9:91:b6:6c:
        9d:0b:15:f1:ad:41:d9:ad:55:c2:a0:80:f1:58:ea:bf:
        8a:6d:aa:1f:47:01:6f:cf:73:86:4f:2c:b6:76:58:87:
        37:9d:d4:ac:97:61:6d:04:cc:5b:44:8f:78:1e:94:80
    Fingerprint (SHA-256):
        14:96:C0:5F:CA:27:75:FE:BE:62:A0:25:FA:FC:61:7B:C7:31:41:BD:67:1D:55:F0:E2:68:3D:E6:97:15:F0:CC
    Fingerprint (SHA1):
        50:D8:79:B2:F3:5B:B3:E8:2A:57:DC:A1:7E:73:99:CA:26:C0:21:F8
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1096: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170145 (0x25711da1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:02 2016
            Not After : Mon Jun 28 17:04:02 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:4e:2b:16:d7:09:92:d6:af:d3:75:28:5f:1f:0a:c1:
                    7a:a6:df:21:6a:ca:dc:b9:2b:da:d7:95:e2:a7:e3:12:
                    79:9a:88:3c:e0:21:77:6b:3a:2d:32:c4:8a:b4:d1:92:
                    2e:70:7e:c6:18:a3:d3:03:77:38:e1:39:eb:0a:0c:01:
                    58:a6:1f:47:b7:82:af:85:67:1c:36:1f:48:7d:c2:bd:
                    32:6e:56:d8:80:09:28:61:07:ea:ec:0f:0e:8d:91:50:
                    ae:ee:d6:52:66:1a:0f:a1:4f:7c:f7:65:5e:0d:3d:3d:
                    2a:1a:92:0d:f9:3d:ea:2d:ae:1d:05:f1:dc:cb:72:46:
                    61:9a:88:36:e7:e1:d9:a8:8b:5b:36:53:d8:4f:dc:cc:
                    6b:6f:12:83:60:d0:f1:d5:76:d5:3b:4f:77:5f:4b:6f:
                    d9:a1:a6:48:14:0b:f9:98:2a:c9:8a:fb:b5:7c:13:ce:
                    59:a5:84:26:40:9b:dd:5d:bb:5c:32:9e:d5:ae:bb:14:
                    c9:ce:40:30:51:b5:6c:ad:ff:47:47:f1:df:2d:be:e8:
                    2a:31:63:18:54:54:0e:2b:74:86:ca:be:54:50:9b:cb:
                    6f:27:06:a9:d4:89:7c:97:f3:12:fb:07:59:d2:55:f7:
                    81:56:f5:00:85:a4:dd:a9:90:b8:47:cc:86:f4:a9:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b0:fa:6a:d8:88:0c:fb:b2:05:ec:6c:da:6f:d4:67:ac:
        e5:47:7b:b3:c7:92:d3:de:a0:09:d6:2c:68:c9:07:f9:
        24:e1:33:5d:f8:51:d2:2e:8e:21:9e:a2:37:d4:35:82:
        31:e1:3e:54:e3:8c:a9:a8:14:07:1f:9e:2e:2d:72:e5:
        62:96:3e:2d:b1:5b:39:db:39:05:e9:46:42:fb:50:89:
        e4:ab:30:f6:22:21:c1:df:22:12:18:4a:19:1d:b9:9f:
        34:89:b2:a7:98:d4:c0:f6:27:7f:6b:cc:d2:d1:ef:5f:
        4d:c8:a9:0f:a6:7d:03:73:58:bf:58:0a:2b:1b:3a:4d:
        c0:a9:b2:13:6f:07:52:ac:20:72:db:57:35:fd:db:3c:
        09:98:ef:93:3a:cf:e2:37:83:36:11:cf:6a:ed:61:6c:
        75:b2:05:6b:0d:3e:08:ed:ee:25:f6:9d:7d:82:d1:e8:
        00:56:3b:38:85:31:33:c2:3d:14:f6:a5:f7:fc:66:da:
        bc:4d:19:2e:f2:2e:d0:e9:0d:e0:f7:3f:30:4c:b4:0b:
        be:ad:17:b1:1f:d1:d0:18:ad:1d:7e:01:06:a8:19:82:
        64:f5:e4:19:af:3b:2c:47:d5:d7:58:51:21:42:4f:74:
        d0:65:28:ec:71:29:ec:ad:95:ec:89:5b:68:9b:9c:1b
    Fingerprint (SHA-256):
        B7:8F:77:00:3A:C0:F2:E3:DC:98:B8:C0:65:F9:05:BA:E4:14:EC:76:43:00:47:F8:6C:C8:BC:53:2F:D0:70:C0
    Fingerprint (SHA1):
        A2:A6:E5:89:CD:83:16:AF:7E:9B:BF:D2:7A:94:66:34:B4:96:06:B3
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1097: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170146 (0x25711da2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:07 2016
            Not After : Mon Jun 28 17:04:07 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ab:90:70:40:70:f7:cd:7a:87:6b:83:a7:43:8f:01:fa:
                    a8:05:d5:1e:83:88:13:66:ca:14:f6:0c:b1:25:c9:ab:
                    2b:39:89:d4:35:c7:05:59:68:85:04:1f:15:fc:c6:58:
                    13:41:0d:9a:b4:1f:36:30:3b:84:36:df:3c:ab:6b:b5:
                    6b:58:e8:0c:55:82:e0:7a:6b:8b:21:ae:3b:47:e6:34:
                    d6:d0:fc:49:d6:98:81:01:94:1c:8c:2e:1e:a0:b5:30:
                    2e:df:98:9b:48:f3:48:6d:c6:3c:47:87:10:11:08:15:
                    5c:c5:ab:c2:d6:8a:b4:81:57:94:cd:8b:e5:e0:ad:1b:
                    f4:22:d0:ba:b1:48:6e:73:59:0d:72:f6:0b:aa:2f:38:
                    fc:8b:e8:74:4f:0f:a3:95:3a:bc:78:96:02:03:a8:88:
                    04:34:a0:68:9e:b1:a0:79:e7:63:6d:12:13:db:8c:e6:
                    a8:16:9f:17:4c:d6:42:90:99:75:7c:56:c2:cd:bc:27:
                    4e:f9:2e:83:44:4f:ad:1d:68:23:3b:73:ef:18:f3:6f:
                    ab:f7:ed:a0:1c:7e:85:c4:3a:b2:c8:fb:0b:e9:3b:94:
                    79:52:d5:3c:e3:eb:fa:cb:dc:d5:fb:22:e1:b8:73:cc:
                    d0:2c:1c:e0:e1:38:ff:46:6d:f6:aa:e9:29:9c:3c:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a0:93:4d:33:27:c7:37:4c:9d:71:b2:60:a6:92:df:18:
        d6:71:32:2d:a2:b5:d9:48:11:e5:38:74:ff:13:88:0c:
        28:4d:10:0f:9d:4a:0e:71:34:31:68:a3:68:5f:80:2d:
        e5:7b:a0:be:d4:5f:8a:66:c2:98:28:66:02:68:92:27:
        66:50:e4:dd:72:9b:45:80:2c:e5:69:05:0b:d7:1f:b8:
        60:7f:69:ea:17:3b:ae:0a:62:e4:26:fe:fa:0b:d1:96:
        cd:46:ca:11:c2:14:66:fc:c8:9b:05:83:61:4b:75:a8:
        1b:b6:e7:f2:e0:40:4b:84:e0:fb:ab:68:0e:f0:45:54:
        8c:62:7c:63:43:dd:86:4e:b5:e6:78:b6:8f:28:6d:a2:
        cb:13:96:48:a4:6b:09:2d:7a:36:76:f0:1d:a8:53:f0:
        b3:db:1f:89:9f:ef:4c:a0:05:a2:64:21:58:25:d6:22:
        61:e0:7a:b9:bd:b8:b2:61:9b:a1:8b:6e:23:b0:3f:1e:
        6c:e3:65:a4:91:79:a5:0d:35:88:b3:eb:06:86:40:7c:
        9e:73:52:35:80:8c:3e:97:c6:b2:cf:fd:4c:bb:27:5e:
        a8:6c:41:f4:2f:26:5c:36:0f:c9:e7:68:3b:2c:3b:18:
        91:82:b9:a2:17:71:2a:02:9d:ef:f4:a6:ab:08:7d:ae
    Fingerprint (SHA-256):
        AF:C9:F4:DA:30:24:3B:C1:8B:C1:93:D8:01:59:3E:E8:BE:13:E0:AB:39:D7:7F:F2:4E:FD:94:5E:18:1E:39:E1
    Fingerprint (SHA1):
        44:27:6C:18:DE:8E:90:24:FE:87:5C:71:A2:A3:49:FF:3A:39:64:E3
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1098: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170147 (0x25711da3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:13 2016
            Not After : Mon Jun 28 17:04:13 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:3c:60:88:18:8f:21:92:31:2e:5d:fc:4a:4d:39:b3:
                    46:94:d5:40:49:e6:65:41:13:df:12:46:a0:1f:57:82:
                    d4:56:ac:49:80:e8:b9:08:e4:96:28:c3:72:b4:d7:a3:
                    c9:21:05:f6:d8:3e:a6:ca:5f:61:1e:0a:91:93:d6:2f:
                    e2:f5:b5:0f:e1:59:76:3f:96:a4:e9:0c:0e:76:82:9d:
                    0f:65:1c:9a:f4:0c:9c:2b:20:9f:05:bb:cf:c3:69:e7:
                    74:1b:fc:88:4f:85:6d:d0:b3:7e:fd:f8:4b:d5:bf:25:
                    f2:f2:f4:2c:fd:6e:06:fb:e4:a2:49:2c:4e:a9:6e:c4:
                    98:2c:c8:24:4b:90:10:a7:a0:21:78:c0:23:3e:bd:c0:
                    01:f4:a8:c2:0e:01:39:4f:9a:21:76:57:e4:d9:4b:55:
                    41:bb:9f:77:41:fe:d7:92:a7:6f:8c:dd:93:03:56:ef:
                    8f:7c:72:b7:23:41:b8:44:e1:99:11:92:6f:b5:55:c9:
                    4d:b1:2e:41:ed:d3:11:fd:ec:5d:40:b6:38:d4:6e:af:
                    ad:75:1c:91:16:c4:65:dd:63:57:0b:2c:24:cc:e4:dc:
                    1c:36:d7:cb:4c:f4:89:2b:1e:04:44:74:f9:47:7b:1f:
                    a0:ac:3e:6f:bf:3c:eb:d6:d6:82:29:6f:71:46:99:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5d:97:da:aa:a0:44:c6:53:eb:ef:cf:51:7b:1d:d8:ed:
        7b:3e:f4:24:38:93:b8:6d:78:14:f9:91:f7:4c:a3:86:
        57:80:10:bc:d0:0f:61:27:c1:93:24:98:2e:ca:28:c0:
        99:38:67:ad:73:da:a6:3d:1c:68:47:58:20:74:5a:06:
        b0:b7:3b:d4:7d:55:c7:23:82:ff:d8:bc:9e:08:e1:6e:
        38:7e:06:16:6a:ab:42:3e:3e:e1:8e:b5:02:90:e4:98:
        67:6f:c7:a5:d3:2a:da:39:99:b8:68:b0:4a:22:e3:01:
        d6:21:78:6d:fa:fa:a7:38:6d:32:19:4b:0a:d7:8b:87:
        16:ab:55:98:96:de:0c:06:10:f3:38:02:14:c4:bc:62:
        96:77:cb:7f:dc:3c:42:dd:34:6b:35:e5:6a:40:e3:a3:
        55:08:6c:9f:31:4c:c2:97:29:eb:7c:76:f2:ca:dd:57:
        0e:15:84:c9:3f:e6:92:ff:a0:4e:33:97:b6:43:fa:3e:
        6e:84:12:25:fe:bb:1c:62:1a:15:a4:a7:df:85:a5:5c:
        07:9d:de:f6:e1:ed:31:b0:25:0f:51:7a:98:33:8d:4c:
        62:cc:1e:05:9e:a6:e9:02:72:91:0b:6c:42:e3:82:48:
        c6:b1:27:36:c6:b0:4f:91:89:31:bb:1e:8d:2e:11:4b
    Fingerprint (SHA-256):
        3D:75:CE:AC:E7:F3:08:9D:CC:F6:54:04:56:8A:7F:F5:AD:42:CC:55:69:4E:64:76:EF:82:5F:71:9B:0F:4E:EE
    Fingerprint (SHA1):
        16:B7:F3:5F:FB:C7:55:62:A3:51:DF:9B:F5:F3:12:49:DF:E8:07:16
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1099: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170148 (0x25711da4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:20 2016
            Not After : Mon Jun 28 17:04:20 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    af:db:23:54:a2:65:ef:de:02:a5:18:da:2c:be:bd:71:
                    60:30:89:2d:9e:9d:bd:7c:23:fa:d0:7d:1b:fc:db:94:
                    9c:55:a3:73:8a:0d:ff:c5:75:da:87:d6:66:43:1b:bd:
                    26:e6:d1:38:eb:8e:33:fc:6a:f2:23:b7:fe:e2:98:fc:
                    80:86:aa:1c:2c:96:31:8b:c6:57:01:76:cd:87:4e:5f:
                    87:d0:bc:e5:67:19:61:e7:d8:52:3b:be:db:95:6b:b9:
                    28:b0:ee:5a:02:7f:8b:f6:e8:5e:2f:5c:25:0c:8b:0e:
                    36:16:05:b7:82:fd:d7:b6:f8:68:60:24:ec:44:20:8d:
                    c8:ff:52:f9:ce:5d:29:4c:cb:9a:03:09:f0:8a:d7:b0:
                    75:86:84:dc:f3:12:60:29:97:63:72:db:03:53:15:41:
                    05:20:6c:ee:92:b9:ea:1f:12:8f:05:82:10:81:40:8e:
                    a9:22:60:c8:8c:23:33:ec:9c:af:70:1b:37:22:be:54:
                    e9:a9:70:33:de:6a:b0:1c:b2:52:66:37:39:39:60:a8:
                    3c:52:95:7c:97:9f:13:e1:c8:4a:97:1b:c0:1b:40:25:
                    cc:9d:eb:9f:e7:4a:8e:4c:37:21:bf:81:ad:5e:6e:b0:
                    39:07:5f:9c:a8:47:1d:d4:8e:e6:23:c2:7b:b6:e7:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0b:cc:96:c5:10:0b:07:00:ec:ca:77:57:9a:64:de:0a:
        6f:6b:ba:72:12:00:cd:91:65:19:80:50:17:91:6c:1f:
        e4:ea:8c:95:48:d6:d4:78:41:59:e6:ef:85:2f:07:b3:
        e1:88:43:0b:bb:5a:55:84:71:13:6e:68:7a:2b:3a:8e:
        72:c9:92:7b:bd:6e:ee:49:57:3a:36:38:8d:a1:0f:f8:
        4a:df:e1:2d:01:10:11:93:fc:cc:ff:a4:61:57:c1:a8:
        cc:82:27:49:04:11:83:8a:cc:9f:d4:44:a3:aa:6e:65:
        ca:65:5c:f2:10:68:3a:cf:0e:dc:da:fb:97:5f:35:2c:
        03:9f:60:df:1f:dd:db:18:fa:3b:10:30:5c:a7:4d:02:
        0f:cd:0d:26:0b:81:93:10:cd:7f:22:ea:5b:e9:89:72:
        43:b7:02:5c:c4:42:f7:0f:53:4c:d7:2e:9a:30:3e:1b:
        5b:61:7d:55:c7:c5:f9:0b:0a:4a:e5:ec:5f:e5:f1:ae:
        24:2a:2a:bb:b8:74:37:de:39:c9:cc:63:4b:dc:27:10:
        21:f0:07:ba:d7:a0:b6:8c:62:d2:69:be:49:b3:67:44:
        d0:21:00:25:fe:be:d2:6b:92:22:e7:03:bd:85:c7:3e:
        18:ff:f8:3a:59:cf:40:6c:6a:ad:d8:95:e8:06:29:e3
    Fingerprint (SHA-256):
        D7:85:38:50:ED:99:0C:56:5A:18:E4:BF:F0:12:A7:58:8E:09:45:22:58:BA:4B:03:FD:DB:E2:6C:31:11:27:9C
    Fingerprint (SHA1):
        ED:BA:7A:7D:97:41:4A:DC:E1:85:17:E2:7D:EE:FF:95:69:09:B9:2D
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1100: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170149 (0x25711da5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:22 2016
            Not After : Mon Jun 28 17:04:22 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d9:c9:a5:c8:c6:5f:aa:1b:dc:b3:6e:31:d0:36:4a:df:
                    34:8e:a3:d8:bb:fe:50:af:18:cb:c7:b8:56:30:ba:14:
                    4e:f9:84:52:4d:ee:e0:1b:45:58:d2:79:95:30:0b:fc:
                    55:f4:fd:40:95:3a:cc:64:9e:53:bd:df:cd:8b:73:2b:
                    03:97:6e:32:4b:a5:cb:88:3c:a6:b8:8b:0d:85:39:65:
                    e2:e0:70:18:da:fa:c0:0f:3b:fb:71:a1:a2:4b:d0:7e:
                    87:2b:71:89:e3:d0:76:13:e0:66:9e:e2:36:d2:9d:7d:
                    ae:25:4c:e1:12:ad:14:e4:08:85:b4:e1:8b:e1:da:cc:
                    06:e8:4b:57:6d:a3:53:52:7c:43:c7:49:40:38:bf:de:
                    7b:b2:3f:c9:ac:fe:6a:4e:55:59:68:09:ff:40:49:49:
                    7b:2a:7a:4b:63:b5:cf:74:6a:10:24:b9:16:d1:25:e8:
                    e1:fa:12:61:e5:45:81:d3:a4:df:3d:2b:41:d0:c4:cf:
                    d4:1a:77:2e:88:41:c2:2d:41:7a:52:2a:e1:8d:59:85:
                    54:e0:7a:7d:52:d7:cb:b5:e5:91:dd:72:c3:a3:ab:36:
                    42:bc:60:6b:ec:32:fe:9e:90:76:18:96:18:8c:aa:5b:
                    c4:57:0b:19:e9:19:34:7a:13:4a:28:a8:c1:b3:48:c5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        86:b8:a8:25:70:56:8d:6b:e2:b2:35:fc:3d:d2:c6:0a:
        96:5b:6e:44:1b:79:af:61:fc:f9:05:5a:f1:75:58:14:
        2f:3e:67:0f:0a:eb:15:3a:01:6a:9f:2a:a7:14:2f:18:
        a8:93:91:b1:2b:e2:8a:b6:fe:e6:67:30:68:9b:b8:c2:
        aa:d6:c9:fe:1c:97:88:91:38:6f:04:38:ec:bc:dd:66:
        51:ce:19:e3:2d:27:00:59:bd:78:2a:3b:34:b6:dc:d5:
        3d:d4:2d:55:1e:3d:9d:aa:7b:8c:87:2d:28:83:d5:9b:
        66:6c:b9:90:ca:e7:24:b6:13:57:b1:1d:78:e1:ca:79:
        b2:ea:f2:88:bd:70:99:8d:5c:ad:a2:95:52:d3:77:0d:
        eb:76:77:94:3b:c6:4d:9a:53:da:11:32:dc:bd:84:b4:
        d7:31:d7:30:28:75:88:ba:5c:a6:e3:b6:e6:88:c2:ab:
        dd:2e:2f:e8:56:8d:ee:04:a9:5a:b0:a0:ed:e7:bc:6d:
        3e:0a:d3:ed:20:29:8b:19:f1:92:96:af:e0:79:63:5a:
        cd:92:11:c2:7f:65:5b:3e:f3:fa:fb:03:5a:c4:c2:2e:
        3a:29:7e:39:3b:21:51:5a:31:f8:51:8a:2e:df:79:25:
        30:cf:b9:d0:44:04:ee:8a:1b:37:16:23:e8:0d:ed:a2
    Fingerprint (SHA-256):
        44:E8:B6:0C:8B:84:6B:9E:F4:AA:02:8E:A2:2E:D2:8A:6B:3E:30:D6:C3:66:81:68:44:41:49:5C:55:19:2F:72
    Fingerprint (SHA1):
        1F:05:62:6F:AB:13:A5:22:D8:65:7C:09:F0:1F:33:88:6C:8D:DB:42
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1101: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170150 (0x25711da6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 17:04:31 2016
            Not After : Mon Jun 28 17:04:31 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:de:98:9b:f1:b7:d5:b3:ed:04:c7:91:c4:51:d5:e1:
                    a6:e1:f1:45:6e:3f:ae:02:bf:2d:51:0e:12:b1:41:e3:
                    4b:61:76:62:48:d0:0c:22:77:6e:7e:dd:56:e4:86:d8:
                    bf:9f:ff:e3:5b:9a:95:4a:96:99:3e:d0:97:f0:84:42:
                    0a:ef:80:cf:a7:25:ba:8e:a3:94:4b:78:96:0e:b3:ef:
                    3c:c1:1a:b2:4d:a4:8c:a9:3d:1a:63:5a:04:31:6b:df:
                    d8:1f:15:9f:cd:26:a2:ef:66:fe:c8:67:ab:cf:e3:b8:
                    6c:c3:b9:87:57:60:bf:22:f7:b0:d4:25:16:91:88:c1:
                    90:7d:c3:bc:74:b9:af:9d:ce:77:9c:ec:02:7f:48:ad:
                    88:0c:70:8e:3a:8a:5c:27:2d:d7:4f:63:90:3f:72:13:
                    6c:45:a4:eb:77:eb:6a:f9:d3:5e:a0:15:74:df:bc:1f:
                    6d:b1:9f:9a:08:63:00:4e:b9:b8:6d:27:24:ea:37:18:
                    76:e7:70:b0:71:28:29:f1:ce:10:cb:a0:46:25:21:39:
                    b0:3f:da:79:eb:17:62:0f:2d:ee:f4:67:b3:dd:b4:22:
                    70:68:53:6b:79:91:65:44:22:e3:be:28:85:df:7f:61:
                    9f:84:b6:dd:3f:92:38:41:cf:b9:31:c7:28:50:fa:87
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        73:41:51:95:05:5e:f9:6b:6e:5f:b5:a5:86:6d:1a:be:
        bc:d7:8d:e0:31:9e:51:c7:03:cc:fc:82:07:64:0d:54:
        9f:4c:b9:80:e7:21:68:5f:e4:da:81:1a:b1:2e:31:c1:
        b8:7d:80:47:b3:71:11:f0:2e:1b:2a:5b:71:32:90:be:
        22:75:24:66:98:b2:2b:7c:99:e2:a4:6f:64:34:d8:70:
        55:75:09:0f:ed:f5:bd:65:e8:cd:86:8c:e3:d1:e0:9d:
        b3:53:2f:a9:ef:2d:90:14:9a:88:86:28:7a:b2:48:ce:
        43:03:a2:b3:aa:f8:57:28:83:f6:0f:8a:9a:3e:b9:71:
        b1:10:59:6a:0f:e4:1a:86:80:6b:1d:d1:45:58:33:55:
        b9:c6:5d:83:97:a7:9a:39:7e:5b:dc:6d:18:47:bc:eb:
        a6:65:46:a2:0b:cb:7f:67:1c:a8:97:79:c8:57:0f:81:
        20:28:eb:2a:e9:1b:3e:9a:2d:ac:5c:a3:07:d7:ac:ba:
        dc:fd:e2:28:8e:72:c1:d1:da:8c:22:74:d2:f1:e2:03:
        11:c5:7a:72:39:6b:eb:c6:19:ae:fa:43:e0:bf:ee:d2:
        a6:4e:47:69:1e:af:1c:90:a7:23:c6:c2:e9:1f:e5:9f:
        f7:ec:dd:4e:56:7c:98:e0:f9:57:3e:eb:90:72:d7:e2
    Fingerprint (SHA-256):
        77:2D:AA:E4:F0:61:DC:18:CF:EC:29:9F:0F:60:A2:93:82:4B:80:87:B8:41:C9:0D:D6:7C:B0:00:C1:CD:26:29
    Fingerprint (SHA1):
        DC:7A:D0:4F:7A:86:70:D6:8A:14:AF:D4:0C:CB:5F:E7:2E:DC:F2:3A
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1102: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1103: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170165 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1104: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1105: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1106: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1107: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170166   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1108: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1109: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1110: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1111: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170167   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1112: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1113: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1114: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1115: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170168   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1116: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1117: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1118: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170165 (0x25711db5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:01 2016
            Not After : Mon Jun 28 17:05:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:a6:e6:89:9c:84:7f:a9:95:87:44:d0:be:85:71:60:
                    c5:af:e0:c3:b2:7b:ff:80:d1:9e:98:71:26:fd:d3:a9:
                    f9:41:29:83:24:c4:bf:0f:cb:25:52:32:0e:6b:0f:f5:
                    d6:f8:16:ee:3f:f6:d9:c4:a5:39:c8:e2:ec:2a:45:79:
                    45:36:ce:df:d2:a5:b4:f5:a8:a8:03:31:38:98:a7:eb:
                    10:53:1e:45:1c:34:a3:4b:6b:e9:96:0d:ef:fb:66:43:
                    e2:b9:68:e3:19:c8:91:3e:5c:e7:14:82:a2:e0:38:a5:
                    c3:83:3f:17:2d:33:81:db:e6:78:a2:ca:6c:38:5a:71:
                    d4:9a:20:74:a1:aa:55:ae:cc:a6:23:91:31:70:2d:ce:
                    45:d3:72:2d:48:f0:1f:0d:68:27:b8:ec:3e:90:82:b9:
                    ee:73:74:66:36:e8:99:8e:be:09:5a:77:4f:4e:0c:a5:
                    b5:69:59:ef:a6:e0:f9:ec:ff:42:6a:be:af:f1:09:71:
                    e3:e5:80:de:6c:82:23:72:a2:58:5d:25:d7:a1:2d:37:
                    de:3d:6c:93:f2:2e:3a:12:2a:e0:ca:ec:5b:64:d4:ed:
                    d5:82:fc:14:ee:bc:68:3c:34:53:2e:a8:7f:09:3c:33:
                    0d:c5:60:12:f6:85:9b:76:03:be:ce:d5:61:1e:12:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0d:c0:e8:70:f6:c3:7d:98:e1:5e:13:d1:3f:bd:17:22:
        be:e2:f1:2e:44:71:4c:10:aa:15:5d:15:c7:04:57:27:
        40:98:7c:82:58:51:e7:75:c0:c4:7a:33:8a:af:82:1a:
        0e:39:42:d4:62:ce:ac:57:a5:ca:96:d0:b8:a6:05:b7:
        27:d2:3b:89:3c:36:30:90:89:26:d8:ae:12:68:ba:d1:
        b9:b6:cc:71:b7:fc:ed:bc:55:d5:49:ec:f0:b1:1b:95:
        62:c3:c8:07:33:63:41:60:4c:db:09:89:28:9d:ff:d2:
        69:8e:ca:19:80:3d:e7:f7:27:d7:e6:b6:4b:60:f1:59:
        2a:11:31:99:bf:9a:dc:87:06:91:f3:85:d2:73:5c:1f:
        65:7f:67:e9:e1:55:e4:f4:ea:d1:07:9c:08:52:16:51:
        b6:22:d0:5b:ff:92:db:da:20:5e:aa:e7:a7:ef:06:0e:
        e7:11:a2:68:d9:ff:e8:d4:18:b8:da:2a:93:de:5d:9d:
        49:be:d1:7c:4f:84:30:dc:f4:ef:cb:28:99:3d:e0:c1:
        8d:ce:39:b7:b8:20:62:79:36:d5:d5:4a:04:9a:30:ec:
        6b:4b:69:ca:8c:9d:e1:ed:71:3e:f3:94:e7:6c:cf:f9:
        bd:ad:96:c6:56:64:51:a9:4b:c9:ad:9b:e2:88:a3:0f
    Fingerprint (SHA-256):
        78:64:1A:7B:2A:09:96:A6:FA:20:F3:0B:FB:41:D1:FB:BB:17:73:87:70:51:85:74:76:CC:C2:EE:67:7B:78:BE
    Fingerprint (SHA1):
        EB:09:95:52:27:67:3E:35:7E:98:11:6A:66:7B:C8:25:20:ED:C5:FB
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1119: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1120: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170166 (0x25711db6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:03 2016
            Not After : Mon Jun 28 17:05:03 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f0:8d:9d:eb:9e:a5:cf:42:a1:36:95:84:79:c3:a6:5a:
                    e4:f9:be:19:9c:d9:c9:7e:70:e2:a9:b8:47:66:68:85:
                    8f:a4:5c:67:31:f2:05:91:ea:86:75:fa:e8:eb:a0:5f:
                    2d:a1:1a:bb:13:92:03:2d:00:2b:85:db:37:bc:91:77:
                    14:67:c6:c4:26:c2:65:d5:e0:b6:c6:d2:67:2e:ae:2f:
                    e1:3e:75:0d:d1:1a:0b:2e:79:01:d4:c0:d0:b9:4d:5f:
                    05:ae:05:bd:09:3d:77:39:8d:1b:56:9f:a7:f0:c0:1e:
                    a0:91:be:e1:da:8b:ff:90:2a:62:9b:d3:5b:39:f0:cb:
                    92:c6:3a:c1:ad:d0:36:7f:9c:83:5c:43:65:ff:3c:41:
                    c7:4e:78:7c:f3:2b:e3:02:e8:d0:b1:f4:8e:26:4e:da:
                    27:60:d8:57:70:5f:51:be:c8:0f:e5:3c:8a:7c:61:44:
                    b1:63:59:dd:10:66:16:65:f0:3c:c3:a2:34:c5:82:13:
                    36:37:db:53:bf:82:33:f7:a0:50:99:c5:30:31:9a:64:
                    e8:fa:6e:25:d6:8d:69:bf:72:a5:2d:c3:02:aa:ca:87:
                    aa:9b:7a:bc:b7:51:b6:e3:7a:ed:66:51:d0:fd:ab:bb:
                    16:e5:b9:dd:76:9f:71:e2:6b:d7:90:43:4f:16:3f:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        36:3c:e6:78:75:eb:3f:be:0a:a3:b2:5f:9b:26:08:ca:
        cc:89:fd:18:ff:94:38:21:76:e0:6f:cb:7a:1c:7c:42:
        71:a1:55:5e:b9:4d:23:a7:63:4e:e8:fb:95:37:44:61:
        5a:41:f3:5b:85:f5:d0:51:89:d9:37:e5:4d:38:98:fa:
        71:5a:9a:17:45:fc:26:97:85:72:d2:6b:37:25:c2:29:
        d5:a0:9f:f6:6e:37:21:12:01:48:d6:50:03:aa:55:64:
        b0:dc:7a:64:e7:b5:5b:7d:53:f8:87:b0:a0:4a:70:64:
        09:9d:5a:d0:07:ae:9e:99:21:69:fe:2a:84:ae:22:0b:
        20:ed:16:90:a0:da:6d:14:3e:af:a0:f9:f5:91:ba:4d:
        b9:94:0b:03:b0:30:0b:2a:6e:d3:f6:18:04:f5:ca:9f:
        4d:ad:82:ae:04:fa:e4:df:d9:d0:6e:f7:3e:92:44:c3:
        a9:eb:41:32:ef:e6:2a:0a:7c:5c:05:ec:38:7e:3a:26:
        67:1d:29:8f:67:e3:5e:5f:89:93:52:05:f9:fc:dd:69:
        ef:45:80:a5:e7:a6:02:92:97:66:f1:f3:72:35:05:74:
        38:16:ef:c1:51:7f:c5:76:67:7a:d3:23:68:58:9a:7c:
        be:66:4e:5a:7c:dc:c8:d0:c6:04:ac:75:b9:d4:06:27
    Fingerprint (SHA-256):
        14:FD:E6:93:0D:10:F8:F3:CD:83:80:DC:A9:D3:BE:6F:93:AB:11:26:68:A4:93:89:19:FD:B2:94:FE:29:BA:25
    Fingerprint (SHA1):
        C2:32:3E:08:AB:E8:5B:0D:0C:D9:3D:58:D0:AE:46:3B:6B:D7:F6:88
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1121: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1122: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170167 (0x25711db7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:14 2016
            Not After : Mon Jun 28 17:05:14 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    da:44:26:cd:99:b7:cf:82:a5:4d:c5:df:93:02:a8:43:
                    e1:89:1e:c3:25:ff:0c:1d:4e:33:9c:b3:9c:97:65:9d:
                    af:f8:b8:8c:69:df:23:11:75:15:80:6d:20:df:38:29:
                    fb:00:13:c6:0f:3c:0e:e3:f0:83:f1:3f:5e:6b:85:8e:
                    6b:c8:46:76:97:ad:31:07:9b:e3:df:ec:31:72:7d:fd:
                    5b:77:14:75:4e:4b:32:27:55:d9:63:a8:98:27:2f:a6:
                    3e:0a:62:f1:f6:29:18:04:63:e7:40:d3:fb:83:84:44:
                    eb:56:79:66:6c:9e:5a:d2:4c:93:81:33:d4:f8:d7:a8:
                    a0:95:56:6f:a4:98:7d:30:3a:98:87:85:0a:41:e3:70:
                    65:41:e9:79:c3:7a:33:1e:13:71:f4:2a:5c:af:69:1c:
                    a5:74:47:02:d5:ed:25:7e:d3:59:2d:52:d7:a9:ed:8f:
                    11:b1:6d:3c:56:cd:4f:e9:a1:c7:f7:20:a8:40:80:81:
                    07:1f:94:6f:90:88:33:69:37:80:01:c0:f9:cb:29:69:
                    7d:8e:67:f5:78:ad:98:50:cf:a7:5b:0e:03:cd:6a:d2:
                    b9:43:fb:4e:86:ae:1a:b6:53:91:41:d1:56:b3:22:3b:
                    b7:a5:6c:bf:06:39:e7:d9:c6:85:7f:cd:2a:eb:09:97
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        de:ba:40:62:96:e9:af:89:df:8d:1b:09:8b:bb:a0:41:
        f2:41:8f:b0:1a:d3:27:91:d6:de:c4:ba:23:5b:fa:8d:
        04:69:14:85:81:1b:50:61:5c:67:bb:46:2d:c8:34:31:
        f4:e3:16:9b:9a:aa:d2:7a:29:d2:39:9e:7b:7d:1c:ea:
        28:4a:d2:fa:ef:c3:7d:ad:2f:09:2a:07:57:14:f1:20:
        e1:cf:e0:4a:83:6f:ef:f2:37:3f:63:ab:56:40:fa:a3:
        15:14:4b:38:34:bf:47:41:9b:4b:44:70:9f:47:19:bb:
        1c:f5:ce:e0:d1:c6:b1:f8:79:4e:39:cf:0b:05:1a:10:
        d4:de:93:2f:f5:05:5f:d4:cd:ff:69:16:89:b0:b5:dd:
        50:6f:31:c4:26:c0:54:b4:f8:eb:55:af:76:43:18:b4:
        49:60:b0:25:06:78:f2:97:9a:d3:83:df:96:6b:f3:18:
        90:ee:56:90:a2:75:dc:da:d5:23:d4:81:6e:80:41:2d:
        ea:84:fc:2f:21:dd:f3:37:13:1c:64:79:d1:70:98:7d:
        1b:79:d6:fa:34:2a:7a:4c:57:7b:00:a1:2d:38:b3:2a:
        f2:1a:37:59:e5:26:e3:72:55:c8:ca:21:16:d6:b1:fc:
        3e:8f:f8:95:79:f1:40:29:ee:d6:d4:df:ad:52:e8:8e
    Fingerprint (SHA-256):
        FF:86:9C:09:F7:C0:B4:D7:D8:C0:E3:94:BC:6C:1F:C3:D6:2C:84:B9:AB:A6:3E:9D:D0:0D:A0:5E:A3:6B:0A:C9
    Fingerprint (SHA1):
        95:AB:73:A1:34:75:41:A4:65:19:49:C8:67:1C:D3:FF:73:80:17:9D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #1123: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1124: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1125: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1126: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1127: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170165 (0x25711db5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:01 2016
            Not After : Mon Jun 28 17:05:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:a6:e6:89:9c:84:7f:a9:95:87:44:d0:be:85:71:60:
                    c5:af:e0:c3:b2:7b:ff:80:d1:9e:98:71:26:fd:d3:a9:
                    f9:41:29:83:24:c4:bf:0f:cb:25:52:32:0e:6b:0f:f5:
                    d6:f8:16:ee:3f:f6:d9:c4:a5:39:c8:e2:ec:2a:45:79:
                    45:36:ce:df:d2:a5:b4:f5:a8:a8:03:31:38:98:a7:eb:
                    10:53:1e:45:1c:34:a3:4b:6b:e9:96:0d:ef:fb:66:43:
                    e2:b9:68:e3:19:c8:91:3e:5c:e7:14:82:a2:e0:38:a5:
                    c3:83:3f:17:2d:33:81:db:e6:78:a2:ca:6c:38:5a:71:
                    d4:9a:20:74:a1:aa:55:ae:cc:a6:23:91:31:70:2d:ce:
                    45:d3:72:2d:48:f0:1f:0d:68:27:b8:ec:3e:90:82:b9:
                    ee:73:74:66:36:e8:99:8e:be:09:5a:77:4f:4e:0c:a5:
                    b5:69:59:ef:a6:e0:f9:ec:ff:42:6a:be:af:f1:09:71:
                    e3:e5:80:de:6c:82:23:72:a2:58:5d:25:d7:a1:2d:37:
                    de:3d:6c:93:f2:2e:3a:12:2a:e0:ca:ec:5b:64:d4:ed:
                    d5:82:fc:14:ee:bc:68:3c:34:53:2e:a8:7f:09:3c:33:
                    0d:c5:60:12:f6:85:9b:76:03:be:ce:d5:61:1e:12:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0d:c0:e8:70:f6:c3:7d:98:e1:5e:13:d1:3f:bd:17:22:
        be:e2:f1:2e:44:71:4c:10:aa:15:5d:15:c7:04:57:27:
        40:98:7c:82:58:51:e7:75:c0:c4:7a:33:8a:af:82:1a:
        0e:39:42:d4:62:ce:ac:57:a5:ca:96:d0:b8:a6:05:b7:
        27:d2:3b:89:3c:36:30:90:89:26:d8:ae:12:68:ba:d1:
        b9:b6:cc:71:b7:fc:ed:bc:55:d5:49:ec:f0:b1:1b:95:
        62:c3:c8:07:33:63:41:60:4c:db:09:89:28:9d:ff:d2:
        69:8e:ca:19:80:3d:e7:f7:27:d7:e6:b6:4b:60:f1:59:
        2a:11:31:99:bf:9a:dc:87:06:91:f3:85:d2:73:5c:1f:
        65:7f:67:e9:e1:55:e4:f4:ea:d1:07:9c:08:52:16:51:
        b6:22:d0:5b:ff:92:db:da:20:5e:aa:e7:a7:ef:06:0e:
        e7:11:a2:68:d9:ff:e8:d4:18:b8:da:2a:93:de:5d:9d:
        49:be:d1:7c:4f:84:30:dc:f4:ef:cb:28:99:3d:e0:c1:
        8d:ce:39:b7:b8:20:62:79:36:d5:d5:4a:04:9a:30:ec:
        6b:4b:69:ca:8c:9d:e1:ed:71:3e:f3:94:e7:6c:cf:f9:
        bd:ad:96:c6:56:64:51:a9:4b:c9:ad:9b:e2:88:a3:0f
    Fingerprint (SHA-256):
        78:64:1A:7B:2A:09:96:A6:FA:20:F3:0B:FB:41:D1:FB:BB:17:73:87:70:51:85:74:76:CC:C2:EE:67:7B:78:BE
    Fingerprint (SHA1):
        EB:09:95:52:27:67:3E:35:7E:98:11:6A:66:7B:C8:25:20:ED:C5:FB
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1128: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1129: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170166 (0x25711db6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:03 2016
            Not After : Mon Jun 28 17:05:03 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f0:8d:9d:eb:9e:a5:cf:42:a1:36:95:84:79:c3:a6:5a:
                    e4:f9:be:19:9c:d9:c9:7e:70:e2:a9:b8:47:66:68:85:
                    8f:a4:5c:67:31:f2:05:91:ea:86:75:fa:e8:eb:a0:5f:
                    2d:a1:1a:bb:13:92:03:2d:00:2b:85:db:37:bc:91:77:
                    14:67:c6:c4:26:c2:65:d5:e0:b6:c6:d2:67:2e:ae:2f:
                    e1:3e:75:0d:d1:1a:0b:2e:79:01:d4:c0:d0:b9:4d:5f:
                    05:ae:05:bd:09:3d:77:39:8d:1b:56:9f:a7:f0:c0:1e:
                    a0:91:be:e1:da:8b:ff:90:2a:62:9b:d3:5b:39:f0:cb:
                    92:c6:3a:c1:ad:d0:36:7f:9c:83:5c:43:65:ff:3c:41:
                    c7:4e:78:7c:f3:2b:e3:02:e8:d0:b1:f4:8e:26:4e:da:
                    27:60:d8:57:70:5f:51:be:c8:0f:e5:3c:8a:7c:61:44:
                    b1:63:59:dd:10:66:16:65:f0:3c:c3:a2:34:c5:82:13:
                    36:37:db:53:bf:82:33:f7:a0:50:99:c5:30:31:9a:64:
                    e8:fa:6e:25:d6:8d:69:bf:72:a5:2d:c3:02:aa:ca:87:
                    aa:9b:7a:bc:b7:51:b6:e3:7a:ed:66:51:d0:fd:ab:bb:
                    16:e5:b9:dd:76:9f:71:e2:6b:d7:90:43:4f:16:3f:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        36:3c:e6:78:75:eb:3f:be:0a:a3:b2:5f:9b:26:08:ca:
        cc:89:fd:18:ff:94:38:21:76:e0:6f:cb:7a:1c:7c:42:
        71:a1:55:5e:b9:4d:23:a7:63:4e:e8:fb:95:37:44:61:
        5a:41:f3:5b:85:f5:d0:51:89:d9:37:e5:4d:38:98:fa:
        71:5a:9a:17:45:fc:26:97:85:72:d2:6b:37:25:c2:29:
        d5:a0:9f:f6:6e:37:21:12:01:48:d6:50:03:aa:55:64:
        b0:dc:7a:64:e7:b5:5b:7d:53:f8:87:b0:a0:4a:70:64:
        09:9d:5a:d0:07:ae:9e:99:21:69:fe:2a:84:ae:22:0b:
        20:ed:16:90:a0:da:6d:14:3e:af:a0:f9:f5:91:ba:4d:
        b9:94:0b:03:b0:30:0b:2a:6e:d3:f6:18:04:f5:ca:9f:
        4d:ad:82:ae:04:fa:e4:df:d9:d0:6e:f7:3e:92:44:c3:
        a9:eb:41:32:ef:e6:2a:0a:7c:5c:05:ec:38:7e:3a:26:
        67:1d:29:8f:67:e3:5e:5f:89:93:52:05:f9:fc:dd:69:
        ef:45:80:a5:e7:a6:02:92:97:66:f1:f3:72:35:05:74:
        38:16:ef:c1:51:7f:c5:76:67:7a:d3:23:68:58:9a:7c:
        be:66:4e:5a:7c:dc:c8:d0:c6:04:ac:75:b9:d4:06:27
    Fingerprint (SHA-256):
        14:FD:E6:93:0D:10:F8:F3:CD:83:80:DC:A9:D3:BE:6F:93:AB:11:26:68:A4:93:89:19:FD:B2:94:FE:29:BA:25
    Fingerprint (SHA1):
        C2:32:3E:08:AB:E8:5B:0D:0C:D9:3D:58:D0:AE:46:3B:6B:D7:F6:88
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1130: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1131: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170167 (0x25711db7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:14 2016
            Not After : Mon Jun 28 17:05:14 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    da:44:26:cd:99:b7:cf:82:a5:4d:c5:df:93:02:a8:43:
                    e1:89:1e:c3:25:ff:0c:1d:4e:33:9c:b3:9c:97:65:9d:
                    af:f8:b8:8c:69:df:23:11:75:15:80:6d:20:df:38:29:
                    fb:00:13:c6:0f:3c:0e:e3:f0:83:f1:3f:5e:6b:85:8e:
                    6b:c8:46:76:97:ad:31:07:9b:e3:df:ec:31:72:7d:fd:
                    5b:77:14:75:4e:4b:32:27:55:d9:63:a8:98:27:2f:a6:
                    3e:0a:62:f1:f6:29:18:04:63:e7:40:d3:fb:83:84:44:
                    eb:56:79:66:6c:9e:5a:d2:4c:93:81:33:d4:f8:d7:a8:
                    a0:95:56:6f:a4:98:7d:30:3a:98:87:85:0a:41:e3:70:
                    65:41:e9:79:c3:7a:33:1e:13:71:f4:2a:5c:af:69:1c:
                    a5:74:47:02:d5:ed:25:7e:d3:59:2d:52:d7:a9:ed:8f:
                    11:b1:6d:3c:56:cd:4f:e9:a1:c7:f7:20:a8:40:80:81:
                    07:1f:94:6f:90:88:33:69:37:80:01:c0:f9:cb:29:69:
                    7d:8e:67:f5:78:ad:98:50:cf:a7:5b:0e:03:cd:6a:d2:
                    b9:43:fb:4e:86:ae:1a:b6:53:91:41:d1:56:b3:22:3b:
                    b7:a5:6c:bf:06:39:e7:d9:c6:85:7f:cd:2a:eb:09:97
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        de:ba:40:62:96:e9:af:89:df:8d:1b:09:8b:bb:a0:41:
        f2:41:8f:b0:1a:d3:27:91:d6:de:c4:ba:23:5b:fa:8d:
        04:69:14:85:81:1b:50:61:5c:67:bb:46:2d:c8:34:31:
        f4:e3:16:9b:9a:aa:d2:7a:29:d2:39:9e:7b:7d:1c:ea:
        28:4a:d2:fa:ef:c3:7d:ad:2f:09:2a:07:57:14:f1:20:
        e1:cf:e0:4a:83:6f:ef:f2:37:3f:63:ab:56:40:fa:a3:
        15:14:4b:38:34:bf:47:41:9b:4b:44:70:9f:47:19:bb:
        1c:f5:ce:e0:d1:c6:b1:f8:79:4e:39:cf:0b:05:1a:10:
        d4:de:93:2f:f5:05:5f:d4:cd:ff:69:16:89:b0:b5:dd:
        50:6f:31:c4:26:c0:54:b4:f8:eb:55:af:76:43:18:b4:
        49:60:b0:25:06:78:f2:97:9a:d3:83:df:96:6b:f3:18:
        90:ee:56:90:a2:75:dc:da:d5:23:d4:81:6e:80:41:2d:
        ea:84:fc:2f:21:dd:f3:37:13:1c:64:79:d1:70:98:7d:
        1b:79:d6:fa:34:2a:7a:4c:57:7b:00:a1:2d:38:b3:2a:
        f2:1a:37:59:e5:26:e3:72:55:c8:ca:21:16:d6:b1:fc:
        3e:8f:f8:95:79:f1:40:29:ee:d6:d4:df:ad:52:e8:8e
    Fingerprint (SHA-256):
        FF:86:9C:09:F7:C0:B4:D7:D8:C0:E3:94:BC:6C:1F:C3:D6:2C:84:B9:AB:A6:3E:9D:D0:0D:A0:5E:A3:6B:0A:C9
    Fingerprint (SHA1):
        95:AB:73:A1:34:75:41:A4:65:19:49:C8:67:1C:D3:FF:73:80:17:9D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #1132: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1133: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1134: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170169 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1135: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1136: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1137: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1138: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170170   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1139: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1140: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1141: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1142: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170171   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1143: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1144: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #1145: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1146: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628170172   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1147: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1148: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #1149: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1150: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628170173   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1151: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1152: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1153: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170169 (0x25711db9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:24 2016
            Not After : Mon Jun 28 17:05:24 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:5d:57:88:96:bc:25:dd:df:49:0f:b2:65:1a:2b:80:
                    01:d3:79:7f:63:60:b3:6c:60:10:f1:f5:bd:94:64:4a:
                    11:ab:65:39:54:a8:52:49:9e:32:7d:92:76:2f:88:11:
                    c6:91:7e:40:4b:1e:11:f2:73:22:c8:5a:3e:3d:76:ea:
                    e0:d6:f1:29:e1:81:7c:3f:ef:5e:06:df:73:7e:91:83:
                    24:34:35:f7:5c:de:3d:57:27:ed:de:64:95:f8:97:f4:
                    0e:48:05:c6:d4:16:32:2e:99:ad:fc:e0:98:75:14:3c:
                    fe:2f:75:f6:41:35:e7:45:53:79:55:b9:9a:5b:3a:ff:
                    65:49:98:ad:94:de:84:4b:4c:14:77:05:c3:b4:08:f5:
                    ee:7a:8d:e3:1e:de:51:a3:86:b6:28:7e:91:c2:33:ca:
                    9d:e3:99:ef:0e:35:23:9b:2d:34:89:07:a4:f7:7c:7c:
                    66:22:a7:64:1b:d5:01:da:88:e5:6a:1c:21:06:f1:3b:
                    e8:ab:60:6e:54:15:ca:fe:28:b0:85:df:8b:fc:e5:aa:
                    3e:a7:e0:aa:b7:2c:cf:e7:21:1d:8c:ec:24:56:67:1d:
                    1e:3f:99:25:7d:ec:7d:6b:75:fd:fe:0f:6e:2d:d0:35:
                    1d:c3:6e:a3:21:a0:fc:24:5e:26:90:2e:68:8c:aa:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        18:3a:4c:4f:07:13:41:4c:e2:bd:ee:da:60:2a:51:3d:
        df:f6:5e:3e:f5:7b:b6:b9:c7:c2:04:b8:e7:91:c2:b2:
        48:c2:19:bf:5e:87:fd:b7:73:2d:f6:1c:a7:4a:d6:97:
        87:37:3a:f6:5b:45:a2:29:29:c7:4e:91:20:0e:38:f7:
        4a:a0:7a:d2:7c:9d:ae:7a:0c:82:d5:98:62:65:bf:14:
        d0:ae:e4:11:45:c9:48:ab:8c:e2:54:05:fd:cc:4e:39:
        1c:bc:9e:b0:f1:7d:57:a9:6e:21:05:bf:fb:1f:00:38:
        55:29:42:f1:17:eb:e2:21:4f:d7:f1:42:ff:24:dc:2b:
        6e:65:fd:dd:78:7e:0e:71:0b:46:13:29:a9:73:c6:ed:
        64:e7:2c:9b:d9:33:6b:c4:1e:97:2f:04:27:82:a5:61:
        12:d3:7c:75:e7:2c:7a:de:15:95:5c:08:d4:5b:a3:23:
        da:7e:5c:28:84:6b:be:61:aa:e1:c8:54:28:9e:e8:93:
        e8:e2:77:ad:51:ca:34:18:3c:e5:14:6a:cf:b7:d4:d6:
        5c:45:29:7e:a6:85:ad:3c:a0:09:5e:94:36:33:53:da:
        ba:39:1d:46:74:bd:1b:71:44:48:7a:3b:0d:96:17:95:
        00:65:17:49:36:15:6a:eb:a5:f4:53:3c:60:2d:87:54
    Fingerprint (SHA-256):
        86:E8:AE:0E:1C:23:E3:3A:9B:5A:AE:50:D0:7C:44:70:D2:E7:1F:D4:11:C1:50:8F:6E:C4:F4:DC:04:E7:A0:3C
    Fingerprint (SHA1):
        8F:60:9E:48:95:76:43:19:31:03:43:10:E5:DA:1B:47:1A:25:C4:49
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1154: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1155: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170170 (0x25711dba)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:28 2016
            Not After : Mon Jun 28 17:05:28 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a2:be:78:ef:f3:f9:34:10:98:7d:06:8a:b9:27:20:b4:
                    a9:6e:bf:68:e3:ad:df:4c:b6:00:2a:ed:45:b8:fc:cd:
                    3b:76:17:12:0c:c1:f0:03:52:22:2a:35:cc:9f:76:14:
                    14:69:56:1f:b2:02:e7:7b:f4:4e:7a:dd:38:ea:3c:6c:
                    97:13:c8:e7:47:9e:13:4f:c3:c1:d7:86:a9:ed:19:74:
                    af:0f:72:1c:4a:80:b5:53:ee:e5:4d:43:87:b5:20:9e:
                    28:59:42:47:de:2e:c2:ba:9a:0c:28:33:4d:aa:17:d8:
                    7e:bd:0f:18:7c:8e:7e:57:11:a9:4b:6e:ad:74:ff:29:
                    4c:63:e1:02:dc:19:e0:d8:50:ea:c9:66:8e:21:dd:e2:
                    79:96:a8:62:6f:40:2f:39:b3:cb:fc:82:6f:73:60:8b:
                    45:e7:1f:1d:db:e9:2a:82:b1:c4:eb:92:6f:a8:3c:df:
                    6a:4d:71:d7:51:1c:43:83:b8:6f:6e:81:62:84:d0:07:
                    5d:31:d9:bf:76:90:c7:4e:2d:80:8b:58:ab:18:a5:00:
                    b7:2b:a2:ef:a0:22:8c:75:84:ea:c6:2b:d9:f1:b4:dd:
                    a0:9d:71:94:a7:8c:a2:73:a4:ad:cb:a1:9a:76:8c:64:
                    d1:77:d8:88:4f:3c:d8:f6:b7:66:26:7f:4c:5b:65:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        77:d6:14:60:bb:de:c8:85:b1:6f:10:77:87:34:36:c5:
        c1:b9:6a:fd:5f:d6:53:5f:d8:38:9e:85:d6:b4:fe:5f:
        9d:51:48:b2:70:d6:6c:a5:fb:d5:e6:ce:71:bd:cc:d7:
        44:4a:90:7f:95:d6:87:61:04:c2:be:66:54:cc:2a:ff:
        d9:98:79:56:71:74:81:2e:98:50:58:f5:8c:e1:62:ba:
        65:61:c5:e6:52:c9:71:52:76:4c:23:cd:88:5c:48:f5:
        45:6f:8a:e0:e5:01:62:52:c6:9a:34:ad:d7:cd:60:7f:
        af:e8:6d:88:dc:b9:60:e4:08:85:a8:59:45:95:b5:d7:
        fa:00:88:1f:ae:e2:0a:b1:48:51:c6:1c:74:8a:7d:63:
        46:24:23:e1:55:d7:d8:fb:de:5b:31:6d:23:1b:bf:e6:
        0e:90:ce:22:dc:a2:5f:ca:15:92:51:90:ac:a0:bd:72:
        e8:5e:ca:70:86:d6:70:98:44:32:12:04:9e:3b:cb:e6:
        81:c8:d6:be:ad:55:97:b3:04:ff:58:3c:15:c5:4b:07:
        17:d6:03:bf:42:c1:5b:a3:1c:07:aa:14:0f:ee:09:e7:
        da:8a:ed:4b:a4:3e:8d:da:4b:16:7d:20:55:e3:4f:fb:
        0c:77:f1:bc:53:51:81:b7:8a:87:d2:5f:a2:da:04:46
    Fingerprint (SHA-256):
        A2:74:11:17:1C:AA:61:F7:EB:4D:DA:50:05:DD:D5:00:2C:3A:40:30:05:A7:5B:8C:0E:DE:0C:58:E3:87:91:22
    Fingerprint (SHA1):
        4F:11:21:78:7D:1E:56:AB:45:D7:B6:8A:4B:79:02:4C:1A:A7:6A:18
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1156: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1157: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170171 (0x25711dbb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:35 2016
            Not After : Mon Jun 28 17:05:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:0a:fa:28:66:f7:3e:ca:34:32:c3:50:15:d0:30:a3:
                    17:1f:57:bd:06:6a:d1:c0:be:d4:ff:01:b4:b4:3c:51:
                    9e:80:3d:5d:10:86:29:37:48:95:52:f6:da:f1:a6:3e:
                    93:ff:85:e9:ea:06:d7:da:a0:96:04:76:6f:4e:46:4d:
                    fb:31:5a:60:5a:f9:e7:4a:c6:c8:fa:90:d5:3e:66:a2:
                    5d:ea:31:fe:72:22:05:0f:25:0a:35:7b:59:65:07:cd:
                    3d:41:a6:39:0d:e9:14:f3:a9:26:36:07:51:6c:c8:3d:
                    04:9e:a9:64:34:64:c7:75:2c:d4:7d:f2:ae:42:c6:00:
                    4b:a8:80:c5:a2:4d:3a:92:11:0e:88:fe:4b:f5:1f:1f:
                    e0:6b:96:b6:24:93:43:78:0e:54:99:7a:0a:90:5c:64:
                    78:58:6e:31:a0:87:e8:c2:31:ab:56:d9:2d:ec:ea:30:
                    74:26:32:0b:90:25:2a:dd:50:78:bd:85:81:b4:19:50:
                    9f:b5:19:d9:36:f4:5e:e9:27:9e:4f:fd:8e:bd:a5:6c:
                    1e:fd:20:16:2e:90:4b:1c:52:ae:fc:f6:8a:44:63:de:
                    a3:ba:35:c7:17:23:f0:9a:9a:d2:0d:71:d9:7f:e9:c7:
                    e4:a4:27:df:e7:06:c2:42:dc:91:ce:91:9d:9d:5a:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9a:a1:fa:48:75:3b:8f:f8:43:95:d5:37:ce:10:4f:ab:
        12:24:39:27:d8:89:e8:06:21:f9:4d:56:74:92:4b:c5:
        12:03:45:f8:be:11:88:a0:4c:6d:6c:38:9a:6d:50:69:
        e2:a6:4d:7a:48:c5:b8:a9:1b:8e:2e:2d:80:70:24:2f:
        9a:ed:c8:41:d5:e7:b3:aa:1f:5d:0c:47:0e:cd:85:a6:
        df:6d:d2:81:c7:d8:11:3e:6a:35:59:22:26:3b:9c:0e:
        d8:45:f9:7c:53:e7:dd:29:c0:4c:d6:c5:67:6e:be:45:
        f1:7c:33:f6:83:82:fc:da:46:57:18:24:de:af:09:07:
        b5:bc:1f:a8:79:28:7c:28:71:90:c9:16:9f:bc:08:c4:
        7d:62:07:e8:3e:38:aa:8d:99:d3:c4:9f:bd:44:83:a9:
        51:da:f2:a8:b1:1b:c8:45:a9:25:24:ba:30:6e:27:0c:
        3f:e8:a3:ab:0a:8e:8b:ad:12:17:b9:4c:72:f7:a8:1f:
        bd:00:d1:9a:5e:06:9e:f1:cd:2f:62:fb:e9:32:ab:47:
        74:99:ff:6a:f2:71:6e:31:08:a6:50:fb:75:07:c9:19:
        ce:32:5b:19:6b:50:70:0e:93:39:32:bb:1b:4b:57:54:
        09:22:25:32:50:8d:59:2f:e8:64:5c:76:a1:d5:51:24
    Fingerprint (SHA-256):
        C3:92:81:86:AC:B2:36:C7:FA:8C:87:74:B5:B5:9D:A0:96:6D:3B:47:EB:06:5E:71:14:37:9B:7F:FB:B0:8B:3A
    Fingerprint (SHA1):
        17:4C:89:70:BF:55:DF:D0:DD:17:50:A2:C0:6B:DD:A8:ED:E3:01:17
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1158: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1159: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1160: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1161: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1162: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170169 (0x25711db9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:24 2016
            Not After : Mon Jun 28 17:05:24 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:5d:57:88:96:bc:25:dd:df:49:0f:b2:65:1a:2b:80:
                    01:d3:79:7f:63:60:b3:6c:60:10:f1:f5:bd:94:64:4a:
                    11:ab:65:39:54:a8:52:49:9e:32:7d:92:76:2f:88:11:
                    c6:91:7e:40:4b:1e:11:f2:73:22:c8:5a:3e:3d:76:ea:
                    e0:d6:f1:29:e1:81:7c:3f:ef:5e:06:df:73:7e:91:83:
                    24:34:35:f7:5c:de:3d:57:27:ed:de:64:95:f8:97:f4:
                    0e:48:05:c6:d4:16:32:2e:99:ad:fc:e0:98:75:14:3c:
                    fe:2f:75:f6:41:35:e7:45:53:79:55:b9:9a:5b:3a:ff:
                    65:49:98:ad:94:de:84:4b:4c:14:77:05:c3:b4:08:f5:
                    ee:7a:8d:e3:1e:de:51:a3:86:b6:28:7e:91:c2:33:ca:
                    9d:e3:99:ef:0e:35:23:9b:2d:34:89:07:a4:f7:7c:7c:
                    66:22:a7:64:1b:d5:01:da:88:e5:6a:1c:21:06:f1:3b:
                    e8:ab:60:6e:54:15:ca:fe:28:b0:85:df:8b:fc:e5:aa:
                    3e:a7:e0:aa:b7:2c:cf:e7:21:1d:8c:ec:24:56:67:1d:
                    1e:3f:99:25:7d:ec:7d:6b:75:fd:fe:0f:6e:2d:d0:35:
                    1d:c3:6e:a3:21:a0:fc:24:5e:26:90:2e:68:8c:aa:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        18:3a:4c:4f:07:13:41:4c:e2:bd:ee:da:60:2a:51:3d:
        df:f6:5e:3e:f5:7b:b6:b9:c7:c2:04:b8:e7:91:c2:b2:
        48:c2:19:bf:5e:87:fd:b7:73:2d:f6:1c:a7:4a:d6:97:
        87:37:3a:f6:5b:45:a2:29:29:c7:4e:91:20:0e:38:f7:
        4a:a0:7a:d2:7c:9d:ae:7a:0c:82:d5:98:62:65:bf:14:
        d0:ae:e4:11:45:c9:48:ab:8c:e2:54:05:fd:cc:4e:39:
        1c:bc:9e:b0:f1:7d:57:a9:6e:21:05:bf:fb:1f:00:38:
        55:29:42:f1:17:eb:e2:21:4f:d7:f1:42:ff:24:dc:2b:
        6e:65:fd:dd:78:7e:0e:71:0b:46:13:29:a9:73:c6:ed:
        64:e7:2c:9b:d9:33:6b:c4:1e:97:2f:04:27:82:a5:61:
        12:d3:7c:75:e7:2c:7a:de:15:95:5c:08:d4:5b:a3:23:
        da:7e:5c:28:84:6b:be:61:aa:e1:c8:54:28:9e:e8:93:
        e8:e2:77:ad:51:ca:34:18:3c:e5:14:6a:cf:b7:d4:d6:
        5c:45:29:7e:a6:85:ad:3c:a0:09:5e:94:36:33:53:da:
        ba:39:1d:46:74:bd:1b:71:44:48:7a:3b:0d:96:17:95:
        00:65:17:49:36:15:6a:eb:a5:f4:53:3c:60:2d:87:54
    Fingerprint (SHA-256):
        86:E8:AE:0E:1C:23:E3:3A:9B:5A:AE:50:D0:7C:44:70:D2:E7:1F:D4:11:C1:50:8F:6E:C4:F4:DC:04:E7:A0:3C
    Fingerprint (SHA1):
        8F:60:9E:48:95:76:43:19:31:03:43:10:E5:DA:1B:47:1A:25:C4:49
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1163: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1164: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170170 (0x25711dba)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:28 2016
            Not After : Mon Jun 28 17:05:28 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a2:be:78:ef:f3:f9:34:10:98:7d:06:8a:b9:27:20:b4:
                    a9:6e:bf:68:e3:ad:df:4c:b6:00:2a:ed:45:b8:fc:cd:
                    3b:76:17:12:0c:c1:f0:03:52:22:2a:35:cc:9f:76:14:
                    14:69:56:1f:b2:02:e7:7b:f4:4e:7a:dd:38:ea:3c:6c:
                    97:13:c8:e7:47:9e:13:4f:c3:c1:d7:86:a9:ed:19:74:
                    af:0f:72:1c:4a:80:b5:53:ee:e5:4d:43:87:b5:20:9e:
                    28:59:42:47:de:2e:c2:ba:9a:0c:28:33:4d:aa:17:d8:
                    7e:bd:0f:18:7c:8e:7e:57:11:a9:4b:6e:ad:74:ff:29:
                    4c:63:e1:02:dc:19:e0:d8:50:ea:c9:66:8e:21:dd:e2:
                    79:96:a8:62:6f:40:2f:39:b3:cb:fc:82:6f:73:60:8b:
                    45:e7:1f:1d:db:e9:2a:82:b1:c4:eb:92:6f:a8:3c:df:
                    6a:4d:71:d7:51:1c:43:83:b8:6f:6e:81:62:84:d0:07:
                    5d:31:d9:bf:76:90:c7:4e:2d:80:8b:58:ab:18:a5:00:
                    b7:2b:a2:ef:a0:22:8c:75:84:ea:c6:2b:d9:f1:b4:dd:
                    a0:9d:71:94:a7:8c:a2:73:a4:ad:cb:a1:9a:76:8c:64:
                    d1:77:d8:88:4f:3c:d8:f6:b7:66:26:7f:4c:5b:65:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        77:d6:14:60:bb:de:c8:85:b1:6f:10:77:87:34:36:c5:
        c1:b9:6a:fd:5f:d6:53:5f:d8:38:9e:85:d6:b4:fe:5f:
        9d:51:48:b2:70:d6:6c:a5:fb:d5:e6:ce:71:bd:cc:d7:
        44:4a:90:7f:95:d6:87:61:04:c2:be:66:54:cc:2a:ff:
        d9:98:79:56:71:74:81:2e:98:50:58:f5:8c:e1:62:ba:
        65:61:c5:e6:52:c9:71:52:76:4c:23:cd:88:5c:48:f5:
        45:6f:8a:e0:e5:01:62:52:c6:9a:34:ad:d7:cd:60:7f:
        af:e8:6d:88:dc:b9:60:e4:08:85:a8:59:45:95:b5:d7:
        fa:00:88:1f:ae:e2:0a:b1:48:51:c6:1c:74:8a:7d:63:
        46:24:23:e1:55:d7:d8:fb:de:5b:31:6d:23:1b:bf:e6:
        0e:90:ce:22:dc:a2:5f:ca:15:92:51:90:ac:a0:bd:72:
        e8:5e:ca:70:86:d6:70:98:44:32:12:04:9e:3b:cb:e6:
        81:c8:d6:be:ad:55:97:b3:04:ff:58:3c:15:c5:4b:07:
        17:d6:03:bf:42:c1:5b:a3:1c:07:aa:14:0f:ee:09:e7:
        da:8a:ed:4b:a4:3e:8d:da:4b:16:7d:20:55:e3:4f:fb:
        0c:77:f1:bc:53:51:81:b7:8a:87:d2:5f:a2:da:04:46
    Fingerprint (SHA-256):
        A2:74:11:17:1C:AA:61:F7:EB:4D:DA:50:05:DD:D5:00:2C:3A:40:30:05:A7:5B:8C:0E:DE:0C:58:E3:87:91:22
    Fingerprint (SHA1):
        4F:11:21:78:7D:1E:56:AB:45:D7:B6:8A:4B:79:02:4C:1A:A7:6A:18
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1165: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1166: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170171 (0x25711dbb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:35 2016
            Not After : Mon Jun 28 17:05:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:0a:fa:28:66:f7:3e:ca:34:32:c3:50:15:d0:30:a3:
                    17:1f:57:bd:06:6a:d1:c0:be:d4:ff:01:b4:b4:3c:51:
                    9e:80:3d:5d:10:86:29:37:48:95:52:f6:da:f1:a6:3e:
                    93:ff:85:e9:ea:06:d7:da:a0:96:04:76:6f:4e:46:4d:
                    fb:31:5a:60:5a:f9:e7:4a:c6:c8:fa:90:d5:3e:66:a2:
                    5d:ea:31:fe:72:22:05:0f:25:0a:35:7b:59:65:07:cd:
                    3d:41:a6:39:0d:e9:14:f3:a9:26:36:07:51:6c:c8:3d:
                    04:9e:a9:64:34:64:c7:75:2c:d4:7d:f2:ae:42:c6:00:
                    4b:a8:80:c5:a2:4d:3a:92:11:0e:88:fe:4b:f5:1f:1f:
                    e0:6b:96:b6:24:93:43:78:0e:54:99:7a:0a:90:5c:64:
                    78:58:6e:31:a0:87:e8:c2:31:ab:56:d9:2d:ec:ea:30:
                    74:26:32:0b:90:25:2a:dd:50:78:bd:85:81:b4:19:50:
                    9f:b5:19:d9:36:f4:5e:e9:27:9e:4f:fd:8e:bd:a5:6c:
                    1e:fd:20:16:2e:90:4b:1c:52:ae:fc:f6:8a:44:63:de:
                    a3:ba:35:c7:17:23:f0:9a:9a:d2:0d:71:d9:7f:e9:c7:
                    e4:a4:27:df:e7:06:c2:42:dc:91:ce:91:9d:9d:5a:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9a:a1:fa:48:75:3b:8f:f8:43:95:d5:37:ce:10:4f:ab:
        12:24:39:27:d8:89:e8:06:21:f9:4d:56:74:92:4b:c5:
        12:03:45:f8:be:11:88:a0:4c:6d:6c:38:9a:6d:50:69:
        e2:a6:4d:7a:48:c5:b8:a9:1b:8e:2e:2d:80:70:24:2f:
        9a:ed:c8:41:d5:e7:b3:aa:1f:5d:0c:47:0e:cd:85:a6:
        df:6d:d2:81:c7:d8:11:3e:6a:35:59:22:26:3b:9c:0e:
        d8:45:f9:7c:53:e7:dd:29:c0:4c:d6:c5:67:6e:be:45:
        f1:7c:33:f6:83:82:fc:da:46:57:18:24:de:af:09:07:
        b5:bc:1f:a8:79:28:7c:28:71:90:c9:16:9f:bc:08:c4:
        7d:62:07:e8:3e:38:aa:8d:99:d3:c4:9f:bd:44:83:a9:
        51:da:f2:a8:b1:1b:c8:45:a9:25:24:ba:30:6e:27:0c:
        3f:e8:a3:ab:0a:8e:8b:ad:12:17:b9:4c:72:f7:a8:1f:
        bd:00:d1:9a:5e:06:9e:f1:cd:2f:62:fb:e9:32:ab:47:
        74:99:ff:6a:f2:71:6e:31:08:a6:50:fb:75:07:c9:19:
        ce:32:5b:19:6b:50:70:0e:93:39:32:bb:1b:4b:57:54:
        09:22:25:32:50:8d:59:2f:e8:64:5c:76:a1:d5:51:24
    Fingerprint (SHA-256):
        C3:92:81:86:AC:B2:36:C7:FA:8C:87:74:B5:B5:9D:A0:96:6D:3B:47:EB:06:5E:71:14:37:9B:7F:FB:B0:8B:3A
    Fingerprint (SHA1):
        17:4C:89:70:BF:55:DF:D0:DD:17:50:A2:C0:6B:DD:A8:ED:E3:01:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1167: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1168: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170169 (0x25711db9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:24 2016
            Not After : Mon Jun 28 17:05:24 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:5d:57:88:96:bc:25:dd:df:49:0f:b2:65:1a:2b:80:
                    01:d3:79:7f:63:60:b3:6c:60:10:f1:f5:bd:94:64:4a:
                    11:ab:65:39:54:a8:52:49:9e:32:7d:92:76:2f:88:11:
                    c6:91:7e:40:4b:1e:11:f2:73:22:c8:5a:3e:3d:76:ea:
                    e0:d6:f1:29:e1:81:7c:3f:ef:5e:06:df:73:7e:91:83:
                    24:34:35:f7:5c:de:3d:57:27:ed:de:64:95:f8:97:f4:
                    0e:48:05:c6:d4:16:32:2e:99:ad:fc:e0:98:75:14:3c:
                    fe:2f:75:f6:41:35:e7:45:53:79:55:b9:9a:5b:3a:ff:
                    65:49:98:ad:94:de:84:4b:4c:14:77:05:c3:b4:08:f5:
                    ee:7a:8d:e3:1e:de:51:a3:86:b6:28:7e:91:c2:33:ca:
                    9d:e3:99:ef:0e:35:23:9b:2d:34:89:07:a4:f7:7c:7c:
                    66:22:a7:64:1b:d5:01:da:88:e5:6a:1c:21:06:f1:3b:
                    e8:ab:60:6e:54:15:ca:fe:28:b0:85:df:8b:fc:e5:aa:
                    3e:a7:e0:aa:b7:2c:cf:e7:21:1d:8c:ec:24:56:67:1d:
                    1e:3f:99:25:7d:ec:7d:6b:75:fd:fe:0f:6e:2d:d0:35:
                    1d:c3:6e:a3:21:a0:fc:24:5e:26:90:2e:68:8c:aa:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        18:3a:4c:4f:07:13:41:4c:e2:bd:ee:da:60:2a:51:3d:
        df:f6:5e:3e:f5:7b:b6:b9:c7:c2:04:b8:e7:91:c2:b2:
        48:c2:19:bf:5e:87:fd:b7:73:2d:f6:1c:a7:4a:d6:97:
        87:37:3a:f6:5b:45:a2:29:29:c7:4e:91:20:0e:38:f7:
        4a:a0:7a:d2:7c:9d:ae:7a:0c:82:d5:98:62:65:bf:14:
        d0:ae:e4:11:45:c9:48:ab:8c:e2:54:05:fd:cc:4e:39:
        1c:bc:9e:b0:f1:7d:57:a9:6e:21:05:bf:fb:1f:00:38:
        55:29:42:f1:17:eb:e2:21:4f:d7:f1:42:ff:24:dc:2b:
        6e:65:fd:dd:78:7e:0e:71:0b:46:13:29:a9:73:c6:ed:
        64:e7:2c:9b:d9:33:6b:c4:1e:97:2f:04:27:82:a5:61:
        12:d3:7c:75:e7:2c:7a:de:15:95:5c:08:d4:5b:a3:23:
        da:7e:5c:28:84:6b:be:61:aa:e1:c8:54:28:9e:e8:93:
        e8:e2:77:ad:51:ca:34:18:3c:e5:14:6a:cf:b7:d4:d6:
        5c:45:29:7e:a6:85:ad:3c:a0:09:5e:94:36:33:53:da:
        ba:39:1d:46:74:bd:1b:71:44:48:7a:3b:0d:96:17:95:
        00:65:17:49:36:15:6a:eb:a5:f4:53:3c:60:2d:87:54
    Fingerprint (SHA-256):
        86:E8:AE:0E:1C:23:E3:3A:9B:5A:AE:50:D0:7C:44:70:D2:E7:1F:D4:11:C1:50:8F:6E:C4:F4:DC:04:E7:A0:3C
    Fingerprint (SHA1):
        8F:60:9E:48:95:76:43:19:31:03:43:10:E5:DA:1B:47:1A:25:C4:49
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1169: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170169 (0x25711db9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:24 2016
            Not After : Mon Jun 28 17:05:24 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:5d:57:88:96:bc:25:dd:df:49:0f:b2:65:1a:2b:80:
                    01:d3:79:7f:63:60:b3:6c:60:10:f1:f5:bd:94:64:4a:
                    11:ab:65:39:54:a8:52:49:9e:32:7d:92:76:2f:88:11:
                    c6:91:7e:40:4b:1e:11:f2:73:22:c8:5a:3e:3d:76:ea:
                    e0:d6:f1:29:e1:81:7c:3f:ef:5e:06:df:73:7e:91:83:
                    24:34:35:f7:5c:de:3d:57:27:ed:de:64:95:f8:97:f4:
                    0e:48:05:c6:d4:16:32:2e:99:ad:fc:e0:98:75:14:3c:
                    fe:2f:75:f6:41:35:e7:45:53:79:55:b9:9a:5b:3a:ff:
                    65:49:98:ad:94:de:84:4b:4c:14:77:05:c3:b4:08:f5:
                    ee:7a:8d:e3:1e:de:51:a3:86:b6:28:7e:91:c2:33:ca:
                    9d:e3:99:ef:0e:35:23:9b:2d:34:89:07:a4:f7:7c:7c:
                    66:22:a7:64:1b:d5:01:da:88:e5:6a:1c:21:06:f1:3b:
                    e8:ab:60:6e:54:15:ca:fe:28:b0:85:df:8b:fc:e5:aa:
                    3e:a7:e0:aa:b7:2c:cf:e7:21:1d:8c:ec:24:56:67:1d:
                    1e:3f:99:25:7d:ec:7d:6b:75:fd:fe:0f:6e:2d:d0:35:
                    1d:c3:6e:a3:21:a0:fc:24:5e:26:90:2e:68:8c:aa:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        18:3a:4c:4f:07:13:41:4c:e2:bd:ee:da:60:2a:51:3d:
        df:f6:5e:3e:f5:7b:b6:b9:c7:c2:04:b8:e7:91:c2:b2:
        48:c2:19:bf:5e:87:fd:b7:73:2d:f6:1c:a7:4a:d6:97:
        87:37:3a:f6:5b:45:a2:29:29:c7:4e:91:20:0e:38:f7:
        4a:a0:7a:d2:7c:9d:ae:7a:0c:82:d5:98:62:65:bf:14:
        d0:ae:e4:11:45:c9:48:ab:8c:e2:54:05:fd:cc:4e:39:
        1c:bc:9e:b0:f1:7d:57:a9:6e:21:05:bf:fb:1f:00:38:
        55:29:42:f1:17:eb:e2:21:4f:d7:f1:42:ff:24:dc:2b:
        6e:65:fd:dd:78:7e:0e:71:0b:46:13:29:a9:73:c6:ed:
        64:e7:2c:9b:d9:33:6b:c4:1e:97:2f:04:27:82:a5:61:
        12:d3:7c:75:e7:2c:7a:de:15:95:5c:08:d4:5b:a3:23:
        da:7e:5c:28:84:6b:be:61:aa:e1:c8:54:28:9e:e8:93:
        e8:e2:77:ad:51:ca:34:18:3c:e5:14:6a:cf:b7:d4:d6:
        5c:45:29:7e:a6:85:ad:3c:a0:09:5e:94:36:33:53:da:
        ba:39:1d:46:74:bd:1b:71:44:48:7a:3b:0d:96:17:95:
        00:65:17:49:36:15:6a:eb:a5:f4:53:3c:60:2d:87:54
    Fingerprint (SHA-256):
        86:E8:AE:0E:1C:23:E3:3A:9B:5A:AE:50:D0:7C:44:70:D2:E7:1F:D4:11:C1:50:8F:6E:C4:F4:DC:04:E7:A0:3C
    Fingerprint (SHA1):
        8F:60:9E:48:95:76:43:19:31:03:43:10:E5:DA:1B:47:1A:25:C4:49
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1170: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170170 (0x25711dba)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:28 2016
            Not After : Mon Jun 28 17:05:28 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a2:be:78:ef:f3:f9:34:10:98:7d:06:8a:b9:27:20:b4:
                    a9:6e:bf:68:e3:ad:df:4c:b6:00:2a:ed:45:b8:fc:cd:
                    3b:76:17:12:0c:c1:f0:03:52:22:2a:35:cc:9f:76:14:
                    14:69:56:1f:b2:02:e7:7b:f4:4e:7a:dd:38:ea:3c:6c:
                    97:13:c8:e7:47:9e:13:4f:c3:c1:d7:86:a9:ed:19:74:
                    af:0f:72:1c:4a:80:b5:53:ee:e5:4d:43:87:b5:20:9e:
                    28:59:42:47:de:2e:c2:ba:9a:0c:28:33:4d:aa:17:d8:
                    7e:bd:0f:18:7c:8e:7e:57:11:a9:4b:6e:ad:74:ff:29:
                    4c:63:e1:02:dc:19:e0:d8:50:ea:c9:66:8e:21:dd:e2:
                    79:96:a8:62:6f:40:2f:39:b3:cb:fc:82:6f:73:60:8b:
                    45:e7:1f:1d:db:e9:2a:82:b1:c4:eb:92:6f:a8:3c:df:
                    6a:4d:71:d7:51:1c:43:83:b8:6f:6e:81:62:84:d0:07:
                    5d:31:d9:bf:76:90:c7:4e:2d:80:8b:58:ab:18:a5:00:
                    b7:2b:a2:ef:a0:22:8c:75:84:ea:c6:2b:d9:f1:b4:dd:
                    a0:9d:71:94:a7:8c:a2:73:a4:ad:cb:a1:9a:76:8c:64:
                    d1:77:d8:88:4f:3c:d8:f6:b7:66:26:7f:4c:5b:65:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        77:d6:14:60:bb:de:c8:85:b1:6f:10:77:87:34:36:c5:
        c1:b9:6a:fd:5f:d6:53:5f:d8:38:9e:85:d6:b4:fe:5f:
        9d:51:48:b2:70:d6:6c:a5:fb:d5:e6:ce:71:bd:cc:d7:
        44:4a:90:7f:95:d6:87:61:04:c2:be:66:54:cc:2a:ff:
        d9:98:79:56:71:74:81:2e:98:50:58:f5:8c:e1:62:ba:
        65:61:c5:e6:52:c9:71:52:76:4c:23:cd:88:5c:48:f5:
        45:6f:8a:e0:e5:01:62:52:c6:9a:34:ad:d7:cd:60:7f:
        af:e8:6d:88:dc:b9:60:e4:08:85:a8:59:45:95:b5:d7:
        fa:00:88:1f:ae:e2:0a:b1:48:51:c6:1c:74:8a:7d:63:
        46:24:23:e1:55:d7:d8:fb:de:5b:31:6d:23:1b:bf:e6:
        0e:90:ce:22:dc:a2:5f:ca:15:92:51:90:ac:a0:bd:72:
        e8:5e:ca:70:86:d6:70:98:44:32:12:04:9e:3b:cb:e6:
        81:c8:d6:be:ad:55:97:b3:04:ff:58:3c:15:c5:4b:07:
        17:d6:03:bf:42:c1:5b:a3:1c:07:aa:14:0f:ee:09:e7:
        da:8a:ed:4b:a4:3e:8d:da:4b:16:7d:20:55:e3:4f:fb:
        0c:77:f1:bc:53:51:81:b7:8a:87:d2:5f:a2:da:04:46
    Fingerprint (SHA-256):
        A2:74:11:17:1C:AA:61:F7:EB:4D:DA:50:05:DD:D5:00:2C:3A:40:30:05:A7:5B:8C:0E:DE:0C:58:E3:87:91:22
    Fingerprint (SHA1):
        4F:11:21:78:7D:1E:56:AB:45:D7:B6:8A:4B:79:02:4C:1A:A7:6A:18
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1171: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170170 (0x25711dba)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:28 2016
            Not After : Mon Jun 28 17:05:28 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a2:be:78:ef:f3:f9:34:10:98:7d:06:8a:b9:27:20:b4:
                    a9:6e:bf:68:e3:ad:df:4c:b6:00:2a:ed:45:b8:fc:cd:
                    3b:76:17:12:0c:c1:f0:03:52:22:2a:35:cc:9f:76:14:
                    14:69:56:1f:b2:02:e7:7b:f4:4e:7a:dd:38:ea:3c:6c:
                    97:13:c8:e7:47:9e:13:4f:c3:c1:d7:86:a9:ed:19:74:
                    af:0f:72:1c:4a:80:b5:53:ee:e5:4d:43:87:b5:20:9e:
                    28:59:42:47:de:2e:c2:ba:9a:0c:28:33:4d:aa:17:d8:
                    7e:bd:0f:18:7c:8e:7e:57:11:a9:4b:6e:ad:74:ff:29:
                    4c:63:e1:02:dc:19:e0:d8:50:ea:c9:66:8e:21:dd:e2:
                    79:96:a8:62:6f:40:2f:39:b3:cb:fc:82:6f:73:60:8b:
                    45:e7:1f:1d:db:e9:2a:82:b1:c4:eb:92:6f:a8:3c:df:
                    6a:4d:71:d7:51:1c:43:83:b8:6f:6e:81:62:84:d0:07:
                    5d:31:d9:bf:76:90:c7:4e:2d:80:8b:58:ab:18:a5:00:
                    b7:2b:a2:ef:a0:22:8c:75:84:ea:c6:2b:d9:f1:b4:dd:
                    a0:9d:71:94:a7:8c:a2:73:a4:ad:cb:a1:9a:76:8c:64:
                    d1:77:d8:88:4f:3c:d8:f6:b7:66:26:7f:4c:5b:65:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        77:d6:14:60:bb:de:c8:85:b1:6f:10:77:87:34:36:c5:
        c1:b9:6a:fd:5f:d6:53:5f:d8:38:9e:85:d6:b4:fe:5f:
        9d:51:48:b2:70:d6:6c:a5:fb:d5:e6:ce:71:bd:cc:d7:
        44:4a:90:7f:95:d6:87:61:04:c2:be:66:54:cc:2a:ff:
        d9:98:79:56:71:74:81:2e:98:50:58:f5:8c:e1:62:ba:
        65:61:c5:e6:52:c9:71:52:76:4c:23:cd:88:5c:48:f5:
        45:6f:8a:e0:e5:01:62:52:c6:9a:34:ad:d7:cd:60:7f:
        af:e8:6d:88:dc:b9:60:e4:08:85:a8:59:45:95:b5:d7:
        fa:00:88:1f:ae:e2:0a:b1:48:51:c6:1c:74:8a:7d:63:
        46:24:23:e1:55:d7:d8:fb:de:5b:31:6d:23:1b:bf:e6:
        0e:90:ce:22:dc:a2:5f:ca:15:92:51:90:ac:a0:bd:72:
        e8:5e:ca:70:86:d6:70:98:44:32:12:04:9e:3b:cb:e6:
        81:c8:d6:be:ad:55:97:b3:04:ff:58:3c:15:c5:4b:07:
        17:d6:03:bf:42:c1:5b:a3:1c:07:aa:14:0f:ee:09:e7:
        da:8a:ed:4b:a4:3e:8d:da:4b:16:7d:20:55:e3:4f:fb:
        0c:77:f1:bc:53:51:81:b7:8a:87:d2:5f:a2:da:04:46
    Fingerprint (SHA-256):
        A2:74:11:17:1C:AA:61:F7:EB:4D:DA:50:05:DD:D5:00:2C:3A:40:30:05:A7:5B:8C:0E:DE:0C:58:E3:87:91:22
    Fingerprint (SHA1):
        4F:11:21:78:7D:1E:56:AB:45:D7:B6:8A:4B:79:02:4C:1A:A7:6A:18
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1172: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170171 (0x25711dbb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:35 2016
            Not After : Mon Jun 28 17:05:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:0a:fa:28:66:f7:3e:ca:34:32:c3:50:15:d0:30:a3:
                    17:1f:57:bd:06:6a:d1:c0:be:d4:ff:01:b4:b4:3c:51:
                    9e:80:3d:5d:10:86:29:37:48:95:52:f6:da:f1:a6:3e:
                    93:ff:85:e9:ea:06:d7:da:a0:96:04:76:6f:4e:46:4d:
                    fb:31:5a:60:5a:f9:e7:4a:c6:c8:fa:90:d5:3e:66:a2:
                    5d:ea:31:fe:72:22:05:0f:25:0a:35:7b:59:65:07:cd:
                    3d:41:a6:39:0d:e9:14:f3:a9:26:36:07:51:6c:c8:3d:
                    04:9e:a9:64:34:64:c7:75:2c:d4:7d:f2:ae:42:c6:00:
                    4b:a8:80:c5:a2:4d:3a:92:11:0e:88:fe:4b:f5:1f:1f:
                    e0:6b:96:b6:24:93:43:78:0e:54:99:7a:0a:90:5c:64:
                    78:58:6e:31:a0:87:e8:c2:31:ab:56:d9:2d:ec:ea:30:
                    74:26:32:0b:90:25:2a:dd:50:78:bd:85:81:b4:19:50:
                    9f:b5:19:d9:36:f4:5e:e9:27:9e:4f:fd:8e:bd:a5:6c:
                    1e:fd:20:16:2e:90:4b:1c:52:ae:fc:f6:8a:44:63:de:
                    a3:ba:35:c7:17:23:f0:9a:9a:d2:0d:71:d9:7f:e9:c7:
                    e4:a4:27:df:e7:06:c2:42:dc:91:ce:91:9d:9d:5a:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9a:a1:fa:48:75:3b:8f:f8:43:95:d5:37:ce:10:4f:ab:
        12:24:39:27:d8:89:e8:06:21:f9:4d:56:74:92:4b:c5:
        12:03:45:f8:be:11:88:a0:4c:6d:6c:38:9a:6d:50:69:
        e2:a6:4d:7a:48:c5:b8:a9:1b:8e:2e:2d:80:70:24:2f:
        9a:ed:c8:41:d5:e7:b3:aa:1f:5d:0c:47:0e:cd:85:a6:
        df:6d:d2:81:c7:d8:11:3e:6a:35:59:22:26:3b:9c:0e:
        d8:45:f9:7c:53:e7:dd:29:c0:4c:d6:c5:67:6e:be:45:
        f1:7c:33:f6:83:82:fc:da:46:57:18:24:de:af:09:07:
        b5:bc:1f:a8:79:28:7c:28:71:90:c9:16:9f:bc:08:c4:
        7d:62:07:e8:3e:38:aa:8d:99:d3:c4:9f:bd:44:83:a9:
        51:da:f2:a8:b1:1b:c8:45:a9:25:24:ba:30:6e:27:0c:
        3f:e8:a3:ab:0a:8e:8b:ad:12:17:b9:4c:72:f7:a8:1f:
        bd:00:d1:9a:5e:06:9e:f1:cd:2f:62:fb:e9:32:ab:47:
        74:99:ff:6a:f2:71:6e:31:08:a6:50:fb:75:07:c9:19:
        ce:32:5b:19:6b:50:70:0e:93:39:32:bb:1b:4b:57:54:
        09:22:25:32:50:8d:59:2f:e8:64:5c:76:a1:d5:51:24
    Fingerprint (SHA-256):
        C3:92:81:86:AC:B2:36:C7:FA:8C:87:74:B5:B5:9D:A0:96:6D:3B:47:EB:06:5E:71:14:37:9B:7F:FB:B0:8B:3A
    Fingerprint (SHA1):
        17:4C:89:70:BF:55:DF:D0:DD:17:50:A2:C0:6B:DD:A8:ED:E3:01:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1173: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170171 (0x25711dbb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:35 2016
            Not After : Mon Jun 28 17:05:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:0a:fa:28:66:f7:3e:ca:34:32:c3:50:15:d0:30:a3:
                    17:1f:57:bd:06:6a:d1:c0:be:d4:ff:01:b4:b4:3c:51:
                    9e:80:3d:5d:10:86:29:37:48:95:52:f6:da:f1:a6:3e:
                    93:ff:85:e9:ea:06:d7:da:a0:96:04:76:6f:4e:46:4d:
                    fb:31:5a:60:5a:f9:e7:4a:c6:c8:fa:90:d5:3e:66:a2:
                    5d:ea:31:fe:72:22:05:0f:25:0a:35:7b:59:65:07:cd:
                    3d:41:a6:39:0d:e9:14:f3:a9:26:36:07:51:6c:c8:3d:
                    04:9e:a9:64:34:64:c7:75:2c:d4:7d:f2:ae:42:c6:00:
                    4b:a8:80:c5:a2:4d:3a:92:11:0e:88:fe:4b:f5:1f:1f:
                    e0:6b:96:b6:24:93:43:78:0e:54:99:7a:0a:90:5c:64:
                    78:58:6e:31:a0:87:e8:c2:31:ab:56:d9:2d:ec:ea:30:
                    74:26:32:0b:90:25:2a:dd:50:78:bd:85:81:b4:19:50:
                    9f:b5:19:d9:36:f4:5e:e9:27:9e:4f:fd:8e:bd:a5:6c:
                    1e:fd:20:16:2e:90:4b:1c:52:ae:fc:f6:8a:44:63:de:
                    a3:ba:35:c7:17:23:f0:9a:9a:d2:0d:71:d9:7f:e9:c7:
                    e4:a4:27:df:e7:06:c2:42:dc:91:ce:91:9d:9d:5a:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9a:a1:fa:48:75:3b:8f:f8:43:95:d5:37:ce:10:4f:ab:
        12:24:39:27:d8:89:e8:06:21:f9:4d:56:74:92:4b:c5:
        12:03:45:f8:be:11:88:a0:4c:6d:6c:38:9a:6d:50:69:
        e2:a6:4d:7a:48:c5:b8:a9:1b:8e:2e:2d:80:70:24:2f:
        9a:ed:c8:41:d5:e7:b3:aa:1f:5d:0c:47:0e:cd:85:a6:
        df:6d:d2:81:c7:d8:11:3e:6a:35:59:22:26:3b:9c:0e:
        d8:45:f9:7c:53:e7:dd:29:c0:4c:d6:c5:67:6e:be:45:
        f1:7c:33:f6:83:82:fc:da:46:57:18:24:de:af:09:07:
        b5:bc:1f:a8:79:28:7c:28:71:90:c9:16:9f:bc:08:c4:
        7d:62:07:e8:3e:38:aa:8d:99:d3:c4:9f:bd:44:83:a9:
        51:da:f2:a8:b1:1b:c8:45:a9:25:24:ba:30:6e:27:0c:
        3f:e8:a3:ab:0a:8e:8b:ad:12:17:b9:4c:72:f7:a8:1f:
        bd:00:d1:9a:5e:06:9e:f1:cd:2f:62:fb:e9:32:ab:47:
        74:99:ff:6a:f2:71:6e:31:08:a6:50:fb:75:07:c9:19:
        ce:32:5b:19:6b:50:70:0e:93:39:32:bb:1b:4b:57:54:
        09:22:25:32:50:8d:59:2f:e8:64:5c:76:a1:d5:51:24
    Fingerprint (SHA-256):
        C3:92:81:86:AC:B2:36:C7:FA:8C:87:74:B5:B5:9D:A0:96:6D:3B:47:EB:06:5E:71:14:37:9B:7F:FB:B0:8B:3A
    Fingerprint (SHA1):
        17:4C:89:70:BF:55:DF:D0:DD:17:50:A2:C0:6B:DD:A8:ED:E3:01:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1174: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #1175: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170174 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1176: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #1177: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1178: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1179: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170175   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1180: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1181: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1182: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1183: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170176   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #1184: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1185: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #1186: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1187: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628170177   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1188: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1189: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #1190: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1191: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628170178   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1192: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1193: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #1194: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1195: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628170179   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1196: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1197: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #1198: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1199: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628170180   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1200: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1201: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1202: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #1203: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #1204: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1205: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #1206: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170174 (0x25711dbe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:54 2016
            Not After : Mon Jun 28 17:05:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a7:41:93:ee:4d:88:64:67:5a:63:05:68:bc:6c:62:2a:
                    b6:85:f5:c8:f7:ef:53:f4:54:62:15:8a:da:eb:a6:79:
                    ca:05:22:e6:ac:14:f8:7b:c5:61:4f:81:6a:d2:f6:8b:
                    94:ca:1d:78:1f:3c:b2:6d:04:ee:ff:f1:06:41:90:1b:
                    0f:a5:1e:b3:09:76:6c:ba:c8:39:01:7f:96:d3:19:54:
                    1c:96:74:cc:87:d0:7d:c3:65:19:8a:43:3f:fd:d0:bc:
                    e6:97:e1:7a:f8:29:10:ec:51:0f:29:1d:64:74:75:9b:
                    51:28:1e:56:ae:72:39:e2:ba:23:e3:45:ab:6f:77:1b:
                    33:ac:20:72:ea:ee:e4:a0:79:28:79:a1:a2:03:9c:6d:
                    0a:b4:95:5b:a1:50:aa:86:8b:3f:84:18:df:b2:30:98:
                    ee:ab:37:75:6c:b7:f7:e0:91:11:f0:cd:de:5f:12:69:
                    98:98:02:40:cb:ea:e7:9c:39:f7:49:15:93:bb:b2:71:
                    2b:4b:c5:e4:55:0a:ef:1a:ac:9f:93:6c:27:4e:0e:93:
                    04:50:45:b2:19:6d:a9:2a:e0:3e:59:77:1d:3c:b7:97:
                    d6:c0:fc:7d:3a:cd:e8:af:d3:29:b8:aa:e9:18:91:83:
                    ae:16:e4:d9:5a:79:ed:05:72:24:a1:dd:53:b7:69:f7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:38:88:71:76:53:37:e4:b3:7a:fd:7d:99:83:80:6b:
        f8:c5:61:46:be:bd:ec:2a:a1:52:fc:d5:27:93:a1:41:
        9b:3f:5d:65:04:71:a2:0a:43:e3:12:f0:e7:6c:c9:ec:
        df:97:b4:fc:a4:73:d5:d6:8d:cf:29:fe:9c:1b:42:3b:
        d2:41:68:2f:f2:95:f4:aa:97:63:84:ff:97:0a:32:4b:
        6f:66:6e:3a:08:73:f7:36:15:d5:71:eb:13:1b:26:d1:
        38:ac:1f:e6:ba:ed:97:bd:5b:28:d8:44:08:07:bb:fc:
        3b:12:27:10:57:dd:a7:ac:d1:a1:b9:9c:3f:37:25:3a:
        5b:92:cd:2c:7f:95:a0:10:56:cc:a0:a3:73:e7:cf:9a:
        5c:cd:35:0d:b1:fa:00:33:3e:cf:b5:ec:c3:16:27:d4:
        91:84:c6:10:58:e1:0b:c0:7e:05:95:bc:86:83:e0:27:
        8b:7f:8a:0b:41:97:2e:6e:8d:38:2d:ac:8b:4c:10:81:
        23:89:74:86:b0:d6:e1:4d:97:eb:c3:25:c8:0a:53:25:
        2e:eb:bf:e6:f2:7b:2b:ea:e4:67:d3:97:de:bf:e8:25:
        cf:aa:c1:13:2d:4b:31:e0:74:ff:89:e9:b0:26:f3:ed:
        29:7e:e9:4c:e9:c3:42:10:52:cc:6b:39:56:ff:9b:65
    Fingerprint (SHA-256):
        45:42:66:60:69:E3:3A:64:54:AE:71:B1:55:56:F2:4A:DD:C7:D6:84:78:09:6C:45:5C:00:14:7E:DA:72:8F:8C
    Fingerprint (SHA1):
        2A:A4:0F:F0:0C:1B:95:A5:17:94:F1:0F:EC:7C:D2:E6:A4:96:85:96
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1207: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1208: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1209: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1210: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170174 (0x25711dbe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:05:54 2016
            Not After : Mon Jun 28 17:05:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a7:41:93:ee:4d:88:64:67:5a:63:05:68:bc:6c:62:2a:
                    b6:85:f5:c8:f7:ef:53:f4:54:62:15:8a:da:eb:a6:79:
                    ca:05:22:e6:ac:14:f8:7b:c5:61:4f:81:6a:d2:f6:8b:
                    94:ca:1d:78:1f:3c:b2:6d:04:ee:ff:f1:06:41:90:1b:
                    0f:a5:1e:b3:09:76:6c:ba:c8:39:01:7f:96:d3:19:54:
                    1c:96:74:cc:87:d0:7d:c3:65:19:8a:43:3f:fd:d0:bc:
                    e6:97:e1:7a:f8:29:10:ec:51:0f:29:1d:64:74:75:9b:
                    51:28:1e:56:ae:72:39:e2:ba:23:e3:45:ab:6f:77:1b:
                    33:ac:20:72:ea:ee:e4:a0:79:28:79:a1:a2:03:9c:6d:
                    0a:b4:95:5b:a1:50:aa:86:8b:3f:84:18:df:b2:30:98:
                    ee:ab:37:75:6c:b7:f7:e0:91:11:f0:cd:de:5f:12:69:
                    98:98:02:40:cb:ea:e7:9c:39:f7:49:15:93:bb:b2:71:
                    2b:4b:c5:e4:55:0a:ef:1a:ac:9f:93:6c:27:4e:0e:93:
                    04:50:45:b2:19:6d:a9:2a:e0:3e:59:77:1d:3c:b7:97:
                    d6:c0:fc:7d:3a:cd:e8:af:d3:29:b8:aa:e9:18:91:83:
                    ae:16:e4:d9:5a:79:ed:05:72:24:a1:dd:53:b7:69:f7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:38:88:71:76:53:37:e4:b3:7a:fd:7d:99:83:80:6b:
        f8:c5:61:46:be:bd:ec:2a:a1:52:fc:d5:27:93:a1:41:
        9b:3f:5d:65:04:71:a2:0a:43:e3:12:f0:e7:6c:c9:ec:
        df:97:b4:fc:a4:73:d5:d6:8d:cf:29:fe:9c:1b:42:3b:
        d2:41:68:2f:f2:95:f4:aa:97:63:84:ff:97:0a:32:4b:
        6f:66:6e:3a:08:73:f7:36:15:d5:71:eb:13:1b:26:d1:
        38:ac:1f:e6:ba:ed:97:bd:5b:28:d8:44:08:07:bb:fc:
        3b:12:27:10:57:dd:a7:ac:d1:a1:b9:9c:3f:37:25:3a:
        5b:92:cd:2c:7f:95:a0:10:56:cc:a0:a3:73:e7:cf:9a:
        5c:cd:35:0d:b1:fa:00:33:3e:cf:b5:ec:c3:16:27:d4:
        91:84:c6:10:58:e1:0b:c0:7e:05:95:bc:86:83:e0:27:
        8b:7f:8a:0b:41:97:2e:6e:8d:38:2d:ac:8b:4c:10:81:
        23:89:74:86:b0:d6:e1:4d:97:eb:c3:25:c8:0a:53:25:
        2e:eb:bf:e6:f2:7b:2b:ea:e4:67:d3:97:de:bf:e8:25:
        cf:aa:c1:13:2d:4b:31:e0:74:ff:89:e9:b0:26:f3:ed:
        29:7e:e9:4c:e9:c3:42:10:52:cc:6b:39:56:ff:9b:65
    Fingerprint (SHA-256):
        45:42:66:60:69:E3:3A:64:54:AE:71:B1:55:56:F2:4A:DD:C7:D6:84:78:09:6C:45:5C:00:14:7E:DA:72:8F:8C
    Fingerprint (SHA1):
        2A:A4:0F:F0:0C:1B:95:A5:17:94:F1:0F:EC:7C:D2:E6:A4:96:85:96
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1211: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1212: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #1213: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170181 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1214: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #1215: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1216: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1217: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170182   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #1218: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1219: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #1220: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1221: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628170183   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1222: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1223: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #1224: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1225: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628170184   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1226: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1227: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1228: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1229: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628170185   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1230: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1231: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #1232: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1233: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628170186   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1234: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1235: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #1236: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1237: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628170187   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1238: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1239: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1240: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1241: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628170188   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1242: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1243: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #1244: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1245: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628170189   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #1246: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1247: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #1248: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1249: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628170190   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1250: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1251: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #1252: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1253: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628170191   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1254: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1255: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #1256: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1257: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628170192   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1258: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1259: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #1260: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1261: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628170193   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1262: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1263: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #1264: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1265: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628170194   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1266: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1267: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #1268: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1269: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628170195   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1270: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1271: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #1272: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1273: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628170196   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1274: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1275: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #1276: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1277: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628170197   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1278: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1279: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #1280: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1281: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628170198   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #1282: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1283: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #1284: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1285: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628170199   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1286: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1287: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #1288: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1289: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628170200   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1290: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1291: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #1292: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1293: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628170201   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1294: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1295: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #1296: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1297: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628170202   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1298: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1299: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #1300: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1301: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628170203   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1302: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1303: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #1304: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1305: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628170204   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1306: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1307: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #1308: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1309: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628170205   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1310: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1311: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #1312: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1313: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628170206   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1314: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1315: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #1316: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1317: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628170207   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1318: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1319: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #1320: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1321: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628170208   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1322: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1323: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #1324: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1325: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628170209   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1326: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1327: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #1328: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1329: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628170210   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1330: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1331: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1332: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1333: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1334: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1335: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1336: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1337: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1338: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1339: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1340: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1341: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1342: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1343: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1344: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1345: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1346: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1347: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1348: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1349: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1350: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #1351: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #1352: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #1353: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #1354: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170181 (0x25711dc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:06:51 2016
            Not After : Mon Jun 28 17:06:51 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:5b:46:7f:14:be:2c:37:19:ce:67:96:46:8e:90:8f:
                    cb:bd:10:6d:08:19:43:9a:47:fd:79:6a:83:83:b8:58:
                    68:53:60:93:f0:b9:78:60:b8:0c:0a:b0:12:43:62:81:
                    79:78:aa:65:c6:1d:b1:e0:c4:e3:5b:9b:d0:fc:58:d7:
                    46:57:60:5c:58:52:fb:62:d1:b1:f4:95:5f:a8:af:89:
                    57:8b:47:d3:73:36:6f:58:03:62:a6:eb:0c:a0:62:9f:
                    bb:b1:02:62:d4:22:32:93:d5:2e:b2:fc:17:0c:c8:2b:
                    76:16:a8:a0:c7:3f:c8:05:7b:b1:a7:05:af:5f:9f:3c:
                    f4:06:50:6a:80:3c:1b:47:4a:47:dd:d5:f2:3f:98:2a:
                    95:94:07:c3:e5:b5:08:a4:94:c6:af:f5:64:7a:74:b4:
                    c9:fb:50:d6:34:24:1a:f7:b4:21:e6:a7:fc:4d:2f:24:
                    35:58:99:cd:52:aa:88:ac:ee:b8:f4:f7:0b:a7:07:a8:
                    19:3f:f4:bd:9b:31:65:bc:8c:8c:2a:9a:cb:1a:d3:5d:
                    4e:1a:ba:6b:c5:99:ab:76:1a:c8:f5:f6:d6:dd:44:b6:
                    c3:f7:1c:3c:d6:05:82:7e:1d:4c:0f:a4:7a:12:1c:2a:
                    8a:a1:b3:de:46:90:e9:ad:b1:87:16:a5:42:8c:c6:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:0d:9c:2c:20:73:fa:45:9c:af:a8:f0:0a:b3:48:e7:
        93:c0:5c:fb:81:a5:d7:43:b6:7a:de:d9:f2:37:4e:6b:
        6d:3d:02:14:fa:75:59:d0:97:fc:32:f9:96:22:4d:2c:
        0b:62:11:63:61:f9:72:16:7f:00:3f:98:be:bd:52:c0:
        c9:05:18:bd:9f:c7:84:c8:57:a0:66:10:b2:36:c2:ea:
        c1:03:8e:11:54:94:74:44:5e:54:d3:7e:7a:9d:ce:6f:
        89:16:7a:12:9e:3c:46:53:bb:6e:17:e8:3a:ad:e1:f0:
        21:77:68:32:87:9c:64:04:cf:79:5f:a9:b6:81:ac:1b:
        78:df:90:1a:21:af:88:f4:5c:b4:20:62:53:a4:8c:86:
        2d:ae:4f:14:07:98:f8:da:dd:ad:b3:57:a7:70:fe:15:
        db:31:1a:91:4c:93:38:1f:d6:f9:e7:a6:93:44:95:47:
        81:ef:ab:a7:8d:54:e3:61:09:54:0d:d2:04:78:eb:3e:
        20:e7:74:ae:b0:dc:dc:3c:c4:5b:19:6d:3e:c1:84:63:
        22:1e:96:db:f8:ea:df:cb:18:e1:5d:02:c4:e5:a8:2f:
        27:1d:d1:b7:fe:7d:0f:07:76:ef:20:e8:57:31:6d:b0:
        91:7e:32:af:39:0b:99:b3:e1:a5:6c:21:88:58:fc:7d
    Fingerprint (SHA-256):
        F4:E3:1C:D9:CB:DD:A3:56:A7:24:9A:5A:E4:B9:30:BA:88:CB:29:E5:00:F0:35:FD:8C:D7:C3:2F:2D:B2:5F:EB
    Fingerprint (SHA1):
        BA:5D:CA:63:EF:30:54:EA:1E:35:E3:D8:B1:0E:80:E5:5F:AF:E5:41
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #1355: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1356: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1357: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170211 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1358: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1359: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #1360: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1361: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628170212   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1362: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1363: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #1364: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1365: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628170213   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1366: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1367: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #1368: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1369: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628170214   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1370: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1371: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #1372: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1373: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628170215   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1374: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1375: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #1376: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1377: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628170216   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1378: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1379: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #1380: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1381: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628170217   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1382: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1383: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1384: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170211 (0x25711de3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:10:01 2016
            Not After : Mon Jun 28 17:10:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:d9:f8:26:99:c3:83:4f:05:57:e6:b9:ca:f2:4b:ed:
                    75:cc:14:a6:18:88:01:12:e9:18:d6:eb:dc:bb:aa:60:
                    ab:02:6c:c5:f0:6e:96:22:77:2a:a4:51:ac:16:b1:93:
                    f1:4c:c4:d2:49:4e:89:98:2f:d6:aa:a3:1b:a5:3d:19:
                    e4:3a:b2:a4:37:67:ff:84:93:9e:71:0b:88:2a:56:63:
                    b2:1b:ac:97:83:70:03:72:49:54:cf:a3:63:80:f3:76:
                    1f:22:1d:66:83:d1:ad:4a:5f:3a:8b:ed:8a:84:c3:98:
                    ac:f4:e1:3f:5c:17:d5:5c:7b:1d:01:da:a1:3d:90:e5:
                    02:ca:87:fb:59:30:c1:c6:0d:00:2c:6f:69:f4:89:45:
                    42:78:d2:23:87:e6:54:ce:b0:f7:62:0a:31:8b:5c:4a:
                    1e:79:51:89:56:b2:3c:31:fb:45:8a:72:70:1c:d4:94:
                    f3:eb:35:52:c7:4f:06:b5:19:14:c6:69:3b:1a:9d:e3:
                    04:c3:5c:de:45:1c:c0:d8:b0:bd:cd:80:53:4a:a6:40:
                    6d:63:6d:e2:b6:17:a3:13:c5:20:51:84:b1:61:fd:00:
                    21:87:4b:1f:ca:59:29:05:a0:7a:65:2a:1a:39:89:eb:
                    90:b9:0e:1b:48:fd:2f:eb:9d:dc:92:7f:2e:26:66:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        64:80:a4:bf:06:39:3a:9b:a3:71:77:82:f4:1f:1d:71:
        3f:be:41:d8:93:e6:2b:fe:e6:3b:28:72:ac:36:81:9d:
        bb:14:81:87:98:c5:81:c0:03:e4:9a:69:d6:e6:44:79:
        80:8c:36:3a:3a:ca:c1:57:0e:53:df:45:f7:af:c8:90:
        31:a8:37:d3:7c:2e:b7:7c:77:84:c3:5d:ae:43:ac:8e:
        db:9c:cb:7d:55:ca:71:e1:76:ff:50:5b:f7:3b:0b:94:
        1f:ff:ac:e5:14:57:34:84:c2:69:5c:3c:05:fd:dd:e6:
        b0:1a:66:50:cf:e3:9a:c8:2f:c7:71:89:3a:72:71:1c:
        20:3b:0c:a5:c0:4d:58:36:f0:4e:68:42:91:c2:64:7b:
        3c:72:fe:5f:9d:31:3e:46:34:16:50:25:e0:43:da:d8:
        65:15:f3:30:72:cb:67:08:4d:a6:d2:65:3a:1a:ef:b4:
        c2:d5:41:56:a3:f5:46:56:e7:1c:b5:b0:8c:46:5f:b0:
        af:5a:20:3e:34:ed:bc:98:07:ce:f0:28:f9:c1:4b:f3:
        2a:be:ac:66:73:7b:38:c9:ba:0f:41:24:ee:67:fa:6f:
        dc:e4:df:f3:6f:ce:27:8d:44:99:e2:95:b9:53:a2:b3:
        90:cb:59:1e:3c:39:66:a8:05:60:b0:5d:21:d5:83:f0
    Fingerprint (SHA-256):
        0E:24:57:DA:BD:96:92:52:FD:7F:F5:A4:EE:BF:4F:0E:11:BA:CF:1C:E7:C2:7B:F1:58:14:9E:31:CD:13:F4:69
    Fingerprint (SHA1):
        23:96:FD:CD:63:A8:62:26:73:98:0B:79:4D:0A:1A:0E:A9:18:F3:41
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #1385: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1386: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1387: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1388: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170211 (0x25711de3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:10:01 2016
            Not After : Mon Jun 28 17:10:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:d9:f8:26:99:c3:83:4f:05:57:e6:b9:ca:f2:4b:ed:
                    75:cc:14:a6:18:88:01:12:e9:18:d6:eb:dc:bb:aa:60:
                    ab:02:6c:c5:f0:6e:96:22:77:2a:a4:51:ac:16:b1:93:
                    f1:4c:c4:d2:49:4e:89:98:2f:d6:aa:a3:1b:a5:3d:19:
                    e4:3a:b2:a4:37:67:ff:84:93:9e:71:0b:88:2a:56:63:
                    b2:1b:ac:97:83:70:03:72:49:54:cf:a3:63:80:f3:76:
                    1f:22:1d:66:83:d1:ad:4a:5f:3a:8b:ed:8a:84:c3:98:
                    ac:f4:e1:3f:5c:17:d5:5c:7b:1d:01:da:a1:3d:90:e5:
                    02:ca:87:fb:59:30:c1:c6:0d:00:2c:6f:69:f4:89:45:
                    42:78:d2:23:87:e6:54:ce:b0:f7:62:0a:31:8b:5c:4a:
                    1e:79:51:89:56:b2:3c:31:fb:45:8a:72:70:1c:d4:94:
                    f3:eb:35:52:c7:4f:06:b5:19:14:c6:69:3b:1a:9d:e3:
                    04:c3:5c:de:45:1c:c0:d8:b0:bd:cd:80:53:4a:a6:40:
                    6d:63:6d:e2:b6:17:a3:13:c5:20:51:84:b1:61:fd:00:
                    21:87:4b:1f:ca:59:29:05:a0:7a:65:2a:1a:39:89:eb:
                    90:b9:0e:1b:48:fd:2f:eb:9d:dc:92:7f:2e:26:66:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        64:80:a4:bf:06:39:3a:9b:a3:71:77:82:f4:1f:1d:71:
        3f:be:41:d8:93:e6:2b:fe:e6:3b:28:72:ac:36:81:9d:
        bb:14:81:87:98:c5:81:c0:03:e4:9a:69:d6:e6:44:79:
        80:8c:36:3a:3a:ca:c1:57:0e:53:df:45:f7:af:c8:90:
        31:a8:37:d3:7c:2e:b7:7c:77:84:c3:5d:ae:43:ac:8e:
        db:9c:cb:7d:55:ca:71:e1:76:ff:50:5b:f7:3b:0b:94:
        1f:ff:ac:e5:14:57:34:84:c2:69:5c:3c:05:fd:dd:e6:
        b0:1a:66:50:cf:e3:9a:c8:2f:c7:71:89:3a:72:71:1c:
        20:3b:0c:a5:c0:4d:58:36:f0:4e:68:42:91:c2:64:7b:
        3c:72:fe:5f:9d:31:3e:46:34:16:50:25:e0:43:da:d8:
        65:15:f3:30:72:cb:67:08:4d:a6:d2:65:3a:1a:ef:b4:
        c2:d5:41:56:a3:f5:46:56:e7:1c:b5:b0:8c:46:5f:b0:
        af:5a:20:3e:34:ed:bc:98:07:ce:f0:28:f9:c1:4b:f3:
        2a:be:ac:66:73:7b:38:c9:ba:0f:41:24:ee:67:fa:6f:
        dc:e4:df:f3:6f:ce:27:8d:44:99:e2:95:b9:53:a2:b3:
        90:cb:59:1e:3c:39:66:a8:05:60:b0:5d:21:d5:83:f0
    Fingerprint (SHA-256):
        0E:24:57:DA:BD:96:92:52:FD:7F:F5:A4:EE:BF:4F:0E:11:BA:CF:1C:E7:C2:7B:F1:58:14:9E:31:CD:13:F4:69
    Fingerprint (SHA1):
        23:96:FD:CD:63:A8:62:26:73:98:0B:79:4D:0A:1A:0E:A9:18:F3:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #1389: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1390: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1391: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1392: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170218 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1393: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1394: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1395: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1396: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170219   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #1397: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1398: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1399: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1400: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170220   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1401: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1402: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1403: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1404: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170221   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1405: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1406: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1407: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1408: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1409: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1410: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170218 (0x25711dea)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:05 2016
            Not After : Mon Jun 28 17:11:05 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:41:19:4f:c5:c1:60:21:d0:3f:72:e0:84:9f:a6:20:
                    63:03:fd:c7:21:92:a3:cd:94:57:0d:f6:dd:93:9a:f1:
                    43:44:d4:77:69:69:eb:6f:53:d4:0f:f8:df:08:ec:51:
                    3c:fd:c6:9a:12:99:50:27:48:0d:6a:16:7f:81:ec:f3:
                    c9:be:20:e4:76:6b:b7:a9:78:65:e1:79:0b:f8:ca:69:
                    80:eb:01:33:9a:60:c0:b1:19:cb:d8:84:cf:7d:a9:ab:
                    48:bd:c3:0e:38:cc:a8:a6:a1:bd:28:ab:2b:e8:a0:81:
                    10:8e:1e:0f:6f:b7:7d:a2:03:29:68:cf:6e:d5:a6:0c:
                    59:53:b5:b9:c9:f4:ec:7e:21:ce:c3:a1:b7:cd:3d:9a:
                    6c:a7:44:9b:4c:ae:98:52:a2:82:9a:3d:4e:5b:44:23:
                    75:05:69:5e:35:41:28:79:c2:06:7c:0a:c4:d3:61:33:
                    94:d7:49:75:3a:0c:2d:cf:aa:d1:98:bf:7a:aa:d1:90:
                    c9:d9:7b:8d:1e:3f:0a:42:90:74:2f:34:6c:ed:1e:ae:
                    75:b2:3c:b7:5b:3e:4d:19:75:6f:97:b7:c4:cf:72:91:
                    28:c5:0a:ca:07:90:ba:bd:56:79:2f:ea:ed:ae:11:00:
                    72:f0:bc:ef:2c:39:8e:0f:f0:fc:29:07:dc:cb:98:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        82:f9:51:a4:57:b6:86:e0:26:6f:9c:b4:e3:5e:60:e3:
        e0:69:6e:0b:e4:7d:10:10:82:25:dc:04:dd:de:6c:1d:
        40:36:a3:f7:f5:20:76:73:4e:e4:e4:05:89:81:10:8a:
        37:16:87:ed:21:62:d8:39:58:1d:37:43:2e:dc:3f:13:
        16:ff:88:3e:cc:e2:02:85:31:51:d5:6a:e1:bd:67:2a:
        26:cc:28:4e:06:cf:f2:29:d9:37:df:ec:68:a1:f0:83:
        02:3e:41:51:2b:e4:8e:40:18:3a:51:2e:c6:ff:3a:8c:
        d5:4f:30:70:a2:2d:44:18:6c:49:83:89:24:b3:9e:5a:
        d8:f3:61:f7:bf:b2:67:23:d5:f0:bf:40:f1:c3:65:0a:
        aa:d8:4c:de:f7:06:f4:20:ea:db:43:c2:4f:ff:37:21:
        2c:17:2f:da:0e:eb:a9:0d:ee:bd:85:0a:6a:56:e6:db:
        97:ee:4b:c9:d3:99:c4:fa:a0:b2:50:fd:60:6e:d2:ee:
        e4:3d:ad:09:13:8b:37:ec:eb:a0:a0:aa:fc:cf:ff:9e:
        a3:28:16:08:a6:e6:64:22:6e:2d:bd:ed:1a:69:c0:7c:
        15:5c:6f:52:8f:29:f8:24:89:b3:1c:38:62:cd:57:7f:
        ee:c2:d0:6f:45:99:d1:5b:bd:72:90:13:5c:3a:77:5d
    Fingerprint (SHA-256):
        84:6A:AA:5E:C3:1C:49:D3:15:AF:93:28:5B:F3:19:D2:04:8D:19:14:B0:3D:75:02:59:09:FF:FE:77:1A:45:B1
    Fingerprint (SHA1):
        96:A7:52:F4:CC:A2:C9:34:76:E2:8E:FA:77:B2:21:6E:3D:5A:B5:C3
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1411: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1412: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1413: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170219 (0x25711deb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:11 2016
            Not After : Mon Jun 28 17:11:11 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    eb:f3:e2:e8:65:2a:c2:9b:2a:15:b2:d7:95:56:86:7c:
                    ea:aa:e9:0c:de:ee:2a:b8:ef:fd:6d:34:ba:31:90:d2:
                    95:70:23:dc:27:56:cc:33:2b:42:a2:72:ff:ae:7e:3a:
                    7c:6e:e6:23:d2:96:60:b3:54:74:8d:35:2f:d2:78:c8:
                    e7:c5:7e:7b:82:0d:d7:c6:d2:b7:28:f6:61:3a:bb:af:
                    20:8d:74:a6:56:5b:d3:24:26:1e:3f:7e:58:01:38:b3:
                    5c:14:f6:cc:8f:2a:fc:42:fa:62:b0:55:61:d6:b4:f6:
                    f7:a2:90:62:99:2a:e6:d4:b8:63:32:fa:96:ab:d3:c4:
                    d6:cc:fe:d2:e7:33:0a:fb:07:e7:30:ec:f2:e5:0f:9b:
                    ee:2b:21:1c:06:fe:fc:7d:5f:f5:a2:6c:bb:27:72:86:
                    40:78:88:d3:30:a7:e3:db:75:9b:04:bd:97:a5:2a:28:
                    54:3d:08:f5:2f:6d:ce:55:ca:1d:4c:4c:69:8f:86:2e:
                    ad:5c:b8:95:56:fe:c3:87:64:34:2f:28:5b:fe:8c:ce:
                    db:97:bb:e3:34:41:0c:76:e1:16:49:7a:96:48:6d:51:
                    e8:82:f3:e6:c8:52:72:d1:bf:e9:ef:bc:7f:7f:c0:54:
                    81:76:04:9b:47:8d:87:bd:e3:eb:43:5c:e5:03:69:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        64:69:8d:9b:23:80:de:76:52:01:b8:b4:51:f5:e1:b4:
        0d:55:eb:40:60:e5:77:e1:da:75:e2:f8:b2:55:6f:e6:
        d6:f6:0d:78:58:19:ed:c4:f9:94:64:28:87:02:ce:63:
        ab:c0:3b:3d:3d:b1:1b:75:3a:18:8a:eb:66:74:38:91:
        63:25:1b:26:59:e4:f5:77:03:0a:24:ef:d5:c8:ad:bd:
        d0:ed:c7:7e:fd:82:69:83:25:03:91:bb:5e:05:56:6a:
        9b:33:7d:a4:c1:f8:ba:a0:90:17:c7:cd:db:4a:3f:91:
        bd:9f:2c:93:df:d9:cf:2c:72:c5:c7:03:f7:c9:96:df:
        08:c9:e4:a9:4b:a8:62:aa:bc:36:8c:2a:0d:e3:6a:13:
        ac:3d:e1:fb:cf:d2:15:26:cb:18:6b:59:13:e9:d9:8f:
        8c:2f:59:78:60:4d:bf:bf:84:c2:f8:c4:93:1b:a8:54:
        58:7e:6b:94:9b:88:22:8f:31:00:8f:2d:8a:d2:24:95:
        e4:0f:37:a1:f4:93:13:c3:7d:f3:6d:e3:16:f1:48:be:
        b3:38:d2:15:c0:f4:5b:a3:e7:79:2a:9e:7e:cb:66:f2:
        d1:0a:d0:5d:f6:a7:c4:77:5c:81:16:ed:37:0a:80:68:
        c3:e8:ff:bd:cc:5f:ba:21:5e:b7:19:bc:d7:04:ce:95
    Fingerprint (SHA-256):
        E5:84:DD:DF:F0:10:E4:FD:85:75:1E:FE:F0:0B:D2:8F:76:54:12:17:BB:04:E3:53:3D:26:51:DB:F4:09:15:4D
    Fingerprint (SHA1):
        1E:73:17:9D:26:EE:7A:1B:06:73:C3:B0:53:B9:44:E0:46:8B:C1:BB
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1414: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1415: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170220 (0x25711dec)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:14 2016
            Not After : Mon Jun 28 17:11:14 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:4e:68:f2:11:f6:d6:ca:00:e7:a5:23:52:8b:e1:5e:
                    b3:a2:f6:f7:cc:9b:5b:52:32:45:01:d0:7b:36:3c:a6:
                    e8:60:d9:a2:df:ff:7d:bf:c7:2a:0d:6f:14:be:32:6e:
                    10:af:d2:11:66:67:a1:8a:4e:40:c2:f2:fc:fe:a1:0c:
                    cc:e5:16:f3:25:51:b1:6a:10:64:e7:6e:78:87:28:6e:
                    0e:c4:19:8b:63:c6:db:2f:cb:06:c0:d4:a3:fd:d9:14:
                    dc:d7:31:02:59:5a:66:35:9a:b4:31:15:71:ea:cd:f3:
                    d6:fa:e7:93:94:e5:7a:97:50:ed:7a:d7:45:bf:a9:87:
                    9a:c5:38:d6:80:f0:38:ec:c6:09:2b:31:dc:23:cd:b2:
                    01:59:43:55:36:5f:eb:39:1a:bc:b0:8c:5c:c1:03:30:
                    8b:32:68:80:e6:54:fc:24:47:25:d2:d0:09:6d:29:85:
                    09:3e:b7:6f:88:75:bf:e7:10:a1:c4:40:af:30:ea:94:
                    80:d0:2e:80:fc:07:60:be:95:81:bb:f5:f4:d0:a0:8d:
                    1f:f2:c4:3b:0a:12:d9:b5:02:89:d1:7a:cc:dd:53:ca:
                    97:2f:32:1e:31:d3:4d:0c:3d:b5:4e:18:14:2d:1f:22:
                    ad:16:89:f3:42:52:b4:88:f5:9c:3f:5f:da:76:ec:25
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        21:bc:40:90:1c:14:ab:f4:bc:e9:53:00:43:29:78:98:
        b5:3a:bf:56:23:73:22:a0:67:74:4f:ad:1a:ae:de:60:
        0e:0b:61:1d:15:8e:a6:78:12:bf:92:de:78:2f:10:1a:
        e7:57:50:28:b4:49:60:f4:5b:ca:90:2d:2e:a7:7e:ac:
        61:c7:d5:6e:21:6f:40:71:6a:a6:7a:2d:71:52:d8:42:
        1f:f1:2b:35:5b:04:6c:cb:c3:b3:45:4e:70:17:8f:dc:
        a5:2a:3e:43:8e:41:2d:36:09:90:75:98:f5:9f:48:73:
        91:26:1f:8e:49:10:fb:d0:d0:1e:29:17:74:68:31:80:
        1a:90:73:ad:f0:83:dd:c9:de:ec:10:78:ea:a5:45:9f:
        0d:2c:24:93:43:91:33:2f:1a:b0:bf:2f:48:36:fd:69:
        5b:56:e1:9c:c6:97:9d:16:3a:27:bd:96:09:05:e3:ba:
        85:a8:33:c9:d9:2c:27:f4:62:01:a1:32:fe:db:c7:df:
        d5:11:32:cb:94:dd:77:b9:ea:27:36:b6:6a:39:a5:0f:
        ee:0d:11:7d:64:12:8c:c4:dd:8d:09:2a:ef:18:99:09:
        c3:e7:a4:a2:87:f6:5d:4a:a9:51:26:59:33:dd:12:4e:
        9e:e6:6a:4f:b0:6f:31:9d:27:1f:43:74:5a:1a:19:f4
    Fingerprint (SHA-256):
        CC:36:11:B6:20:D1:12:E5:C5:40:3C:79:B0:F0:39:E3:A5:E6:BF:4A:1A:4A:AC:78:95:8A:B0:1B:97:CF:F8:CD
    Fingerprint (SHA1):
        66:3E:48:12:0E:3F:5A:5F:9A:51:2C:E0:8D:7A:47:8C:5E:22:B3:A0
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #1416: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1417: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170222 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1418: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1419: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1420: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1421: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170223   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1422: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1423: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1424: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1425: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170224   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #1426: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1427: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #1428: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1429: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628170225   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1430: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1431: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1432: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1433: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628170226   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1434: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1435: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1436: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1437: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1438: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1439: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #1440: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170222 (0x25711dee)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:25 2016
            Not After : Mon Jun 28 17:11:25 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:5e:f2:55:6e:48:16:14:99:ba:48:45:1d:7a:63:3c:
                    48:90:f5:09:b3:ff:79:ae:57:69:e7:e5:68:ab:ae:17:
                    ec:02:f8:23:b4:f6:95:9f:fe:2d:0b:8c:97:9d:8b:fb:
                    4e:4b:29:4c:fc:35:ae:53:5e:1f:74:04:cb:d6:f0:14:
                    23:b3:b6:03:49:e3:91:3d:61:a7:34:5d:36:6a:60:1f:
                    90:27:df:2c:45:8b:61:6a:73:c8:06:7f:95:55:5f:7b:
                    d4:fc:df:b9:13:df:16:f4:57:54:d3:81:52:bd:cb:4c:
                    6e:12:a3:8b:b9:96:ff:a7:73:ab:cf:a6:fe:c0:70:d8:
                    b1:ca:94:63:37:30:98:0c:8d:d6:9b:9f:d9:c5:3c:e6:
                    e0:a7:f1:f9:8d:db:4b:15:c7:20:b7:de:a4:4f:00:6a:
                    28:e0:80:83:9d:6f:09:ae:c0:d1:d9:e3:db:93:58:cc:
                    86:e4:86:03:59:bf:e1:60:92:31:74:ba:85:e6:f7:f1:
                    c5:bb:3c:e9:f3:17:bb:f3:45:2b:3b:6e:ef:c9:8a:c1:
                    f8:17:6c:2e:45:05:3b:71:d2:b9:fc:c8:84:53:fe:b6:
                    01:bc:1c:c5:5d:1b:9e:92:ed:99:d3:7a:5b:bf:ca:74:
                    22:b4:a5:58:cd:4d:89:4e:63:b9:db:a7:dc:f4:96:45
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:88:73:e6:84:56:d6:60:78:b2:21:e1:72:47:99:28:
        ec:c8:75:f4:2b:28:1d:3e:8c:9e:09:77:78:42:4b:6d:
        4e:e0:53:b4:a3:9d:d6:48:80:66:25:76:8b:53:82:76:
        a5:66:cb:98:ec:bc:1f:85:27:67:71:3e:fe:3c:08:e5:
        e6:3d:90:8b:d8:2b:00:f4:31:a7:8d:af:60:d2:7f:0c:
        3c:5e:89:63:5c:cb:5a:31:1f:c8:1e:3c:63:95:c8:72:
        fb:19:de:de:df:cc:12:2f:65:15:00:87:ff:c4:62:0e:
        ba:b7:4d:87:09:cd:a3:ff:e1:6c:36:3f:8e:64:a2:72:
        a1:58:7a:cb:82:bc:26:cf:e3:93:45:18:b4:39:38:89:
        28:50:6f:15:22:fa:bc:a3:66:4b:eb:6d:ed:77:42:24:
        12:87:aa:f8:4c:aa:d5:e4:2b:fd:11:f1:8a:0c:65:48:
        c1:ac:1a:35:4a:36:f3:cc:b5:80:53:2b:bf:b1:a5:91:
        c6:ac:63:43:2a:0b:e5:ae:6c:05:10:13:1e:00:84:f1:
        a3:94:09:88:dc:5f:46:c8:2c:09:99:58:d9:3b:52:51:
        0a:3c:2c:9e:f5:ed:67:5d:68:2d:57:84:5a:3b:85:d2:
        42:49:16:d8:8a:f7:e1:ed:f7:f4:81:63:c0:84:ac:9e
    Fingerprint (SHA-256):
        3B:A3:8A:A9:3B:64:2B:90:B6:E7:45:F3:53:4C:05:B4:AD:8E:59:A9:33:5B:D2:9B:2D:BB:2D:0E:C1:73:47:3D
    Fingerprint (SHA1):
        BE:4A:D1:D0:13:23:1A:06:15:49:3C:8F:D2:8B:FC:49:8F:5D:FB:1D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1441: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1442: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170223 (0x25711def)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:29 2016
            Not After : Mon Jun 28 17:11:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:cf:27:c2:04:e5:b7:8a:c7:44:67:1c:a7:3e:c1:d3:
                    62:9e:1d:40:9d:a2:9f:9f:ab:b0:a1:c5:0d:76:a8:f4:
                    05:24:1a:a3:2a:e1:d9:03:8a:f9:6d:c2:78:f9:fe:3d:
                    74:bc:87:4a:ef:4c:03:ca:b3:c0:98:41:65:39:34:dd:
                    3c:ee:ae:28:62:30:02:15:cd:6d:18:76:b2:14:c3:f5:
                    da:28:dc:4b:98:ff:ed:c3:cc:dc:c0:a0:42:24:ee:a1:
                    f5:19:f4:3b:a8:cb:55:85:a2:61:6c:eb:6c:b4:ca:68:
                    d3:da:67:0b:e1:a5:96:d6:d5:b2:80:cd:86:29:51:e3:
                    11:8a:5d:ea:89:84:e3:14:b2:a3:03:dd:90:e7:6e:80:
                    40:78:dd:d5:7f:c8:2e:c4:70:a5:70:0f:9e:5d:f7:3e:
                    86:81:f6:6d:ca:2d:8f:88:b7:f8:ec:b7:2e:e1:2b:7d:
                    7a:3e:93:5a:11:63:37:34:c6:79:2e:eb:4e:47:fa:8f:
                    e5:64:b5:6a:9d:5c:dc:fe:3d:67:31:64:eb:b7:b4:72:
                    f2:82:ab:d7:27:d1:1c:19:7a:f0:68:aa:ab:cd:d3:92:
                    1d:54:cb:61:14:10:5e:37:42:d3:10:9e:6d:97:c0:18:
                    e1:12:3c:ad:e0:20:88:a3:29:9e:96:58:fb:9f:01:6b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:64:cb:a8:ce:ad:c3:93:33:c3:92:9c:f7:2e:f0:83:
        13:14:77:bd:79:7f:6f:ba:da:11:88:95:30:1e:31:f4:
        77:1d:e6:5b:98:da:35:4d:63:81:d8:70:cf:c8:4f:a6:
        c0:ca:6f:a9:36:c7:76:d5:f8:bd:83:57:b2:ed:f3:2b:
        8b:5a:bd:8c:31:22:51:15:a2:b5:39:e2:44:c1:80:1b:
        aa:63:86:1f:d3:67:2a:6a:b9:63:c8:6e:aa:eb:74:d8:
        b3:8c:94:86:5b:d7:da:6c:2f:aa:4a:6b:17:28:ed:e5:
        94:da:97:1b:b9:bb:4a:15:49:c0:cf:40:d2:1b:9b:97:
        34:ad:b3:5b:72:0c:ba:a9:bd:52:57:4b:ef:9c:7e:09:
        bf:60:27:95:44:b3:56:b7:0f:45:b5:5c:6f:1e:fe:2a:
        1a:c5:6c:c6:4c:ca:03:c0:16:0d:e6:f7:bf:4f:bf:2e:
        7e:ee:0b:25:8f:81:4d:2a:1d:57:97:cb:04:e7:fc:bd:
        61:60:e5:d0:e7:ba:f6:21:c5:0a:3c:f9:ca:b1:d1:c7:
        ff:0a:65:44:fb:e4:c5:f0:91:61:1e:26:c4:3d:d4:17:
        18:d2:60:0f:84:f4:59:a5:01:d8:39:32:9b:b0:0a:d5:
        d9:84:ce:c4:ba:47:64:68:55:3a:eb:5f:98:f1:f4:d9
    Fingerprint (SHA-256):
        E3:42:5E:FB:DD:BE:77:06:95:38:CC:6A:BE:53:8C:C3:D7:BA:E0:9C:B7:2D:40:6E:53:69:FC:6F:F1:FB:2E:07
    Fingerprint (SHA1):
        BE:9E:BC:63:C0:7C:D9:2D:15:43:A9:1A:5C:4C:4D:12:6F:D1:90:87
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1443: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1444: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1445: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170224 (0x25711df0)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:11:42 2016
            Not After : Mon Jun 28 17:11:42 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b7:b2:35:ea:64:f2:9e:37:ba:5b:e5:37:7b:4d:2b:1a:
                    f4:75:8a:7e:da:92:a6:27:2d:1e:ef:e3:69:5d:28:c8:
                    c5:9b:7e:03:b6:42:48:8c:b3:66:b9:33:a7:66:c9:5c:
                    f1:9e:a0:f9:38:99:bb:6f:84:bb:b9:28:c8:89:83:83:
                    6c:d7:fd:e7:c0:d9:5a:cd:78:b3:f4:bb:76:93:9c:cd:
                    d9:7e:a3:a2:49:3d:14:b2:b3:6b:ee:4a:16:c6:73:67:
                    2e:b1:5b:3a:ef:42:7d:58:07:fe:87:35:0b:8c:ca:06:
                    4b:41:50:a9:35:b8:88:43:f8:81:db:1a:d3:db:de:95:
                    0e:c6:ba:8b:09:a5:41:fd:61:17:8c:df:be:29:e2:56:
                    49:8f:15:15:12:a4:39:97:a9:e1:af:fe:2c:b7:3c:e3:
                    02:66:2c:70:d4:21:af:39:68:6a:b5:29:d1:ba:fd:a9:
                    8a:09:c7:19:2d:ce:6a:53:18:f2:a6:22:c6:de:0b:81:
                    3a:8b:0f:7c:da:2e:41:46:da:98:4c:bc:e8:25:d1:89:
                    30:65:25:55:8b:bf:3a:57:93:3d:63:7b:a1:57:0b:95:
                    4d:40:e9:87:5a:b6:0a:ea:4d:f9:6b:41:e1:dd:f6:bc:
                    3a:3e:4a:f5:83:e0:34:c9:b6:eb:c6:b3:7a:0b:08:59
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        93:6d:3a:06:3b:f2:5f:94:48:54:e1:e0:b1:08:51:f9:
        95:98:19:ed:46:e0:50:11:37:ed:fe:75:f3:57:e9:6d:
        94:bf:9a:ad:82:10:b3:ad:fd:eb:c3:92:a9:d2:e7:99:
        ce:b2:54:c3:67:1f:e6:30:b8:20:09:e5:2e:d8:69:44:
        3c:66:1a:2c:ef:16:9b:2d:2a:16:c9:af:60:cc:99:b3:
        30:08:49:76:7b:62:bd:9f:a0:64:11:05:aa:bf:9c:3b:
        3f:f0:c8:42:e4:92:4a:87:f9:d4:08:c7:02:6d:0c:02:
        ce:83:3e:9e:a9:e4:79:2d:73:39:ac:d6:9c:65:d3:45:
        7a:6e:68:0d:29:73:02:7d:f2:7a:ba:36:f1:96:ba:47:
        4c:62:95:e6:0f:71:ac:08:f6:b1:d9:b8:29:d7:1e:13:
        fa:6f:e6:c2:0e:2d:92:ff:07:d0:57:f1:54:89:9c:bb:
        a3:2c:58:33:bb:06:9e:4f:cd:84:52:3d:aa:15:be:24:
        ed:bd:ff:76:b2:e8:84:0b:a7:d0:d4:2e:85:8b:4c:95:
        2f:f4:5c:69:96:d6:f8:26:c3:e6:8e:17:58:18:3f:7d:
        e3:3d:e7:68:34:99:33:be:ad:04:29:15:4f:a1:2e:57:
        fe:d7:b5:ae:9f:ea:2d:04:c1:5e:cd:41:3b:55:e6:c5
    Fingerprint (SHA-256):
        BC:EE:E7:EB:90:84:B3:73:C8:32:A3:A6:7B:6F:E6:33:16:5E:97:79:7D:EF:92:FF:90:7D:7E:34:AB:63:CB:AC
    Fingerprint (SHA1):
        B8:18:FE:CD:F0:9F:81:4A:77:A3:F7:0C:4D:DF:29:8B:C5:D4:BF:AC
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #1446: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1447: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170227 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1448: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1449: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1450: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1451: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170228   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1452: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1453: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1454: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1455: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170229   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628170136.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1456: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1457: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1458: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1459: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170230   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1460: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1461: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #1462: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170227 (0x25711df3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:12:08 2016
            Not After : Mon Jun 28 17:12:08 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:be:93:9b:05:c0:26:3f:6e:3f:1a:97:50:67:2b:77:
                    7f:42:08:07:f1:4b:8a:af:5a:14:7c:aa:f0:73:49:7c:
                    b3:c8:b5:7c:04:24:4e:c2:66:69:3a:ad:d9:fd:b9:2c:
                    97:21:2b:81:4e:46:b6:83:e9:11:52:a5:aa:d6:f1:33:
                    9d:5d:0e:ad:47:ca:39:73:26:aa:77:0f:11:5f:c0:6a:
                    3a:0a:03:31:93:6c:fd:9e:e4:a7:56:50:b7:29:9d:86:
                    ce:86:ba:95:a3:ec:a0:3e:0b:33:69:af:0e:2c:c6:63:
                    f3:ca:49:7c:1a:ef:5b:24:35:58:22:72:78:f6:fe:66:
                    b3:2b:27:97:4a:de:ca:27:ef:cf:88:bc:b4:5a:d7:99:
                    96:c2:47:b3:c0:5a:cd:4d:08:f0:8f:49:bc:cc:82:56:
                    f9:35:c2:21:ba:b1:b3:97:a5:29:ca:3a:72:d4:41:e8:
                    61:f7:94:2b:dd:26:52:28:ca:5e:6e:3a:2e:8f:e0:d9:
                    b1:59:31:d8:d0:ce:88:ad:d0:cc:fe:b7:7b:2b:0c:32:
                    02:73:1a:b0:1f:ed:dd:ea:bb:f7:10:53:b1:23:9e:63:
                    a3:21:0e:96:8e:b3:b3:9d:af:23:5a:87:96:9d:a7:cf:
                    9c:93:69:d0:88:ac:8b:c3:8f:8b:c8:6f:d5:ef:71:8d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        46:ae:c6:33:c8:a3:28:41:4c:16:0a:8d:27:53:84:d2:
        45:6f:6c:b8:96:47:ac:e3:65:c6:f0:e8:80:b3:51:a5:
        bb:49:f9:1a:4d:3e:f5:a0:4e:3c:44:62:c8:3e:ed:93:
        2b:14:9b:74:1c:d0:1a:c3:f6:31:ba:1f:12:93:c7:fa:
        0e:3a:f3:23:d7:fd:0c:af:9d:97:63:39:43:ff:74:44:
        11:36:cf:ef:e8:aa:5e:f3:7c:44:f7:d4:50:1d:63:27:
        e6:4f:9e:ae:11:1f:0d:72:b0:ff:19:ab:5e:4d:04:4e:
        c2:51:6e:aa:e8:d5:e2:e7:77:1e:32:d5:e6:24:cf:87:
        e5:06:a2:31:fe:58:c9:74:20:87:9a:ce:76:77:2b:67:
        d6:2f:c7:90:56:95:e5:39:73:a6:37:06:53:a7:56:59:
        0a:0c:26:c2:53:f7:8b:9d:ef:76:c5:24:d5:06:78:55:
        96:65:12:e0:21:ac:77:ab:9e:1f:b4:cd:af:42:17:ae:
        79:6d:7c:ac:3e:3a:47:b7:a4:13:bf:7f:a4:c4:73:b8:
        18:91:c0:df:f2:e4:e2:63:1a:82:7b:2d:18:46:d7:56:
        cb:34:30:2d:1f:92:a1:41:e7:d8:d2:28:3b:d3:58:10:
        03:27:eb:f9:a4:45:79:02:27:a8:88:69:82:e8:f8:8d
    Fingerprint (SHA-256):
        F6:A3:C4:3F:CA:50:BB:EC:F6:46:B5:6F:4A:AA:20:C0:90:1B:D8:EC:86:4C:AD:93:2D:31:3E:1E:1E:0F:8F:A4
    Fingerprint (SHA1):
        23:59:D2:05:38:F0:BA:8E:1B:E4:44:48:D1:B8:F5:06:EF:BA:98:F7
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1463: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #1464: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170231 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1465: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #1466: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #1467: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170232 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1468: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #1469: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #1470: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1471: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170233 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1472: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1473: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170234 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1474: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1475: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #1476: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1477: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1478: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170235   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628170137.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1479: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1480: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1481: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1482: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170236   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1483: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1484: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1485: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1486: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170232 (0x25711df8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:12:39 2016
            Not After : Mon Jun 28 17:12:39 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:c9:31:55:58:a8:91:eb:9a:a1:d9:06:e8:54:c3:63:
                    41:9e:fe:00:6f:5a:dd:14:5a:51:fe:0d:ba:92:63:30:
                    fd:58:19:6a:b1:8e:5e:42:f7:82:74:05:e4:1b:40:ae:
                    4c:15:5c:77:6e:6c:a9:60:c3:ff:a3:cb:df:5f:26:24:
                    4d:76:22:12:c8:4e:01:6e:13:6e:16:b7:6a:26:80:f9:
                    03:5b:64:e8:72:56:9d:17:01:46:84:43:93:93:7d:b9:
                    17:92:fe:87:8c:97:47:63:94:92:83:ac:cb:fe:16:7d:
                    e3:72:6c:df:17:40:49:30:a1:2b:09:9e:e5:74:26:c8:
                    62:bd:ed:9c:09:d0:03:57:bf:b9:11:95:43:b9:3d:09:
                    fa:8c:f0:4d:64:fc:76:12:15:88:fc:21:c7:5e:b1:6c:
                    87:3c:ab:62:5c:75:65:6b:a2:84:92:71:64:be:01:bd:
                    17:73:45:0f:7a:b0:b2:fb:30:5f:03:49:6f:73:63:f7:
                    93:b1:9c:a3:b0:12:46:c4:9e:fe:9e:da:26:d2:95:29:
                    ed:6f:2c:14:40:71:e5:ff:32:e7:ca:3e:90:b8:4e:0b:
                    35:24:a2:d2:20:aa:04:e9:92:1d:58:0f:84:b2:c7:3b:
                    1e:be:88:f6:a9:f7:20:ab:61:79:55:7d:55:f5:35:fb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        49:38:40:60:cf:58:55:fd:98:85:e6:8c:b1:d8:b4:aa:
        4b:fd:61:78:61:df:5f:dd:17:0d:43:c8:06:d3:41:1f:
        9c:86:bd:f3:3c:20:c3:5f:9b:d9:b0:1e:32:42:f7:d6:
        04:f6:27:03:04:7d:f0:c8:5b:71:2e:4c:f1:6e:03:fc:
        83:60:c8:f1:4c:04:cf:29:8c:79:8e:a7:5d:67:05:cd:
        f9:4b:6a:e7:c1:7d:99:f4:f3:49:32:3a:80:be:d8:7e:
        33:26:30:38:c4:d7:62:17:5c:9c:67:b2:f9:ad:90:a0:
        0e:4c:54:9e:05:24:8e:6b:4a:e9:9a:e8:96:49:ef:81:
        64:00:64:49:08:27:52:3a:d8:b1:76:5d:41:0b:2e:8b:
        ca:bb:bf:70:c6:7f:20:ae:21:88:4f:3f:a5:81:23:6c:
        91:60:9d:3c:49:da:f3:59:b7:fe:7b:01:f1:fb:75:b3:
        46:e3:50:ba:65:12:97:b0:56:03:ab:ce:eb:ed:85:e2:
        1c:2d:78:11:cf:63:c8:59:37:7e:f8:9e:f4:5a:4a:f8:
        7b:69:2b:c5:c7:fc:81:07:c4:a8:19:e3:10:52:ed:ec:
        a4:a1:59:9f:d2:d0:43:d0:61:71:97:1c:2c:d8:7b:87:
        0c:89:f7:5e:4f:8a:6b:52:97:87:6b:c4:cd:9c:a8:ef
    Fingerprint (SHA-256):
        2E:F3:E1:A2:6D:56:45:3B:B8:13:81:62:0B:BF:61:97:9C:FA:05:81:CA:86:84:96:76:C5:76:B9:A3:B1:82:EC
    Fingerprint (SHA1):
        4C:A9:18:8C:E1:16:B8:3C:B0:91:3A:7E:AC:A6:C8:B7:90:F5:47:B9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1487: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170232 (0x25711df8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:12:39 2016
            Not After : Mon Jun 28 17:12:39 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:c9:31:55:58:a8:91:eb:9a:a1:d9:06:e8:54:c3:63:
                    41:9e:fe:00:6f:5a:dd:14:5a:51:fe:0d:ba:92:63:30:
                    fd:58:19:6a:b1:8e:5e:42:f7:82:74:05:e4:1b:40:ae:
                    4c:15:5c:77:6e:6c:a9:60:c3:ff:a3:cb:df:5f:26:24:
                    4d:76:22:12:c8:4e:01:6e:13:6e:16:b7:6a:26:80:f9:
                    03:5b:64:e8:72:56:9d:17:01:46:84:43:93:93:7d:b9:
                    17:92:fe:87:8c:97:47:63:94:92:83:ac:cb:fe:16:7d:
                    e3:72:6c:df:17:40:49:30:a1:2b:09:9e:e5:74:26:c8:
                    62:bd:ed:9c:09:d0:03:57:bf:b9:11:95:43:b9:3d:09:
                    fa:8c:f0:4d:64:fc:76:12:15:88:fc:21:c7:5e:b1:6c:
                    87:3c:ab:62:5c:75:65:6b:a2:84:92:71:64:be:01:bd:
                    17:73:45:0f:7a:b0:b2:fb:30:5f:03:49:6f:73:63:f7:
                    93:b1:9c:a3:b0:12:46:c4:9e:fe:9e:da:26:d2:95:29:
                    ed:6f:2c:14:40:71:e5:ff:32:e7:ca:3e:90:b8:4e:0b:
                    35:24:a2:d2:20:aa:04:e9:92:1d:58:0f:84:b2:c7:3b:
                    1e:be:88:f6:a9:f7:20:ab:61:79:55:7d:55:f5:35:fb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        49:38:40:60:cf:58:55:fd:98:85:e6:8c:b1:d8:b4:aa:
        4b:fd:61:78:61:df:5f:dd:17:0d:43:c8:06:d3:41:1f:
        9c:86:bd:f3:3c:20:c3:5f:9b:d9:b0:1e:32:42:f7:d6:
        04:f6:27:03:04:7d:f0:c8:5b:71:2e:4c:f1:6e:03:fc:
        83:60:c8:f1:4c:04:cf:29:8c:79:8e:a7:5d:67:05:cd:
        f9:4b:6a:e7:c1:7d:99:f4:f3:49:32:3a:80:be:d8:7e:
        33:26:30:38:c4:d7:62:17:5c:9c:67:b2:f9:ad:90:a0:
        0e:4c:54:9e:05:24:8e:6b:4a:e9:9a:e8:96:49:ef:81:
        64:00:64:49:08:27:52:3a:d8:b1:76:5d:41:0b:2e:8b:
        ca:bb:bf:70:c6:7f:20:ae:21:88:4f:3f:a5:81:23:6c:
        91:60:9d:3c:49:da:f3:59:b7:fe:7b:01:f1:fb:75:b3:
        46:e3:50:ba:65:12:97:b0:56:03:ab:ce:eb:ed:85:e2:
        1c:2d:78:11:cf:63:c8:59:37:7e:f8:9e:f4:5a:4a:f8:
        7b:69:2b:c5:c7:fc:81:07:c4:a8:19:e3:10:52:ed:ec:
        a4:a1:59:9f:d2:d0:43:d0:61:71:97:1c:2c:d8:7b:87:
        0c:89:f7:5e:4f:8a:6b:52:97:87:6b:c4:cd:9c:a8:ef
    Fingerprint (SHA-256):
        2E:F3:E1:A2:6D:56:45:3B:B8:13:81:62:0B:BF:61:97:9C:FA:05:81:CA:86:84:96:76:C5:76:B9:A3:B1:82:EC
    Fingerprint (SHA1):
        4C:A9:18:8C:E1:16:B8:3C:B0:91:3A:7E:AC:A6:C8:B7:90:F5:47:B9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1488: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #1489: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170237 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1490: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #1491: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #1492: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170238 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1493: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #1494: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #1495: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1496: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170239 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1497: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1498: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170240 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1499: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1500: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #1501: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1502: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1503: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170241   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628170138.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1504: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1505: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1506: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1507: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170242   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1508: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1509: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1510: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1511: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628170243   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628170139.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1512: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1513: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1514: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1515: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170244   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1516: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1517: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1518: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1519: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170238 (0x25711dfe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:17 2016
            Not After : Mon Jun 28 17:13:17 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:9d:02:c4:d6:cf:5b:c3:45:aa:b2:e1:52:8b:4b:ad:
                    3f:4e:f0:74:7c:53:d7:28:a2:e4:07:4f:d6:d7:d8:ab:
                    0d:ce:1c:c2:62:49:3f:fa:26:26:02:80:20:65:fa:65:
                    fb:61:6e:d7:fb:9a:d9:52:0c:5c:19:66:67:67:69:15:
                    7d:6a:1b:a7:30:2b:e9:e5:86:20:31:b9:93:f0:b3:0c:
                    f9:40:6a:79:67:93:70:2a:7a:88:d4:f0:86:48:c8:b2:
                    60:24:02:a8:c7:d5:14:e2:4b:6f:3c:9c:2e:e0:da:ce:
                    de:dc:c8:0c:a3:30:18:29:c9:39:7c:0f:dd:32:e2:b9:
                    76:a6:9e:87:69:90:15:97:c1:bd:76:0f:42:61:d0:4a:
                    bc:11:27:89:b4:cd:2a:9b:8d:ae:98:73:96:72:cf:4d:
                    77:88:46:96:83:65:25:25:63:ec:ca:cd:82:ee:59:8b:
                    83:c7:84:ba:98:4c:b0:ad:10:d5:9d:97:9f:3d:40:2a:
                    33:7b:8d:1c:ee:11:4b:e1:37:52:01:84:fb:b8:13:6c:
                    6b:61:10:fa:ef:a1:de:59:49:f0:7b:2f:03:8b:01:fa:
                    0d:65:c3:60:06:2c:4f:08:46:57:03:69:c7:d5:c1:23:
                    8a:be:24:f5:7e:f0:ea:ca:b2:9f:41:6b:7e:d1:f3:67
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:0e:98:33:37:b2:49:ff:29:7e:2c:fc:04:d4:30:a2:
        62:ab:2a:aa:83:06:a0:f8:88:96:49:aa:d3:16:32:6b:
        ed:d3:ad:e7:a4:98:30:2a:cf:ad:84:73:d9:3d:34:0c:
        22:06:b6:e8:c4:7a:6d:a4:ea:67:2a:c2:87:24:a3:89:
        da:59:b7:0d:cb:39:ae:b8:c4:bb:5e:47:03:24:ae:c3:
        55:8c:07:96:fb:01:7b:7e:e7:56:21:fa:59:10:88:45:
        a7:f0:03:e6:2b:09:17:d8:70:bd:4a:d1:8e:0e:9f:14:
        23:bb:eb:11:12:fd:d7:5e:48:94:58:f6:b5:c2:b3:ff:
        85:0e:d0:4b:a1:6b:d8:ed:7b:d9:ec:80:fb:da:a5:17:
        b4:02:aa:f1:5f:5e:9d:f3:00:13:32:0f:54:c7:96:af:
        2e:29:38:dc:ad:80:d5:c2:9b:08:a2:c2:34:c9:e4:5c:
        8a:1e:7f:77:b9:e6:a4:b3:95:81:30:36:3d:85:48:2c:
        c4:98:59:44:a4:ef:5f:ab:90:5a:a5:90:15:fb:2e:aa:
        4e:94:cc:ce:a0:23:9e:6a:b6:f7:91:e2:45:c3:b6:7d:
        c2:b5:72:4c:1f:76:29:df:42:65:06:22:45:bd:77:41:
        ef:35:8e:67:8a:1c:8a:b9:62:49:74:38:b5:8a:43:9b
    Fingerprint (SHA-256):
        3F:02:29:EE:E8:E9:C4:69:93:56:05:18:FF:16:B9:DB:FE:0D:30:24:A1:22:DF:6E:1F:15:C9:CB:EA:79:EE:F4
    Fingerprint (SHA1):
        57:F2:9C:94:FA:F7:67:AF:FB:2D:E4:0C:B6:10:04:42:43:A4:52:CD
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1520: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170238 (0x25711dfe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:17 2016
            Not After : Mon Jun 28 17:13:17 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:9d:02:c4:d6:cf:5b:c3:45:aa:b2:e1:52:8b:4b:ad:
                    3f:4e:f0:74:7c:53:d7:28:a2:e4:07:4f:d6:d7:d8:ab:
                    0d:ce:1c:c2:62:49:3f:fa:26:26:02:80:20:65:fa:65:
                    fb:61:6e:d7:fb:9a:d9:52:0c:5c:19:66:67:67:69:15:
                    7d:6a:1b:a7:30:2b:e9:e5:86:20:31:b9:93:f0:b3:0c:
                    f9:40:6a:79:67:93:70:2a:7a:88:d4:f0:86:48:c8:b2:
                    60:24:02:a8:c7:d5:14:e2:4b:6f:3c:9c:2e:e0:da:ce:
                    de:dc:c8:0c:a3:30:18:29:c9:39:7c:0f:dd:32:e2:b9:
                    76:a6:9e:87:69:90:15:97:c1:bd:76:0f:42:61:d0:4a:
                    bc:11:27:89:b4:cd:2a:9b:8d:ae:98:73:96:72:cf:4d:
                    77:88:46:96:83:65:25:25:63:ec:ca:cd:82:ee:59:8b:
                    83:c7:84:ba:98:4c:b0:ad:10:d5:9d:97:9f:3d:40:2a:
                    33:7b:8d:1c:ee:11:4b:e1:37:52:01:84:fb:b8:13:6c:
                    6b:61:10:fa:ef:a1:de:59:49:f0:7b:2f:03:8b:01:fa:
                    0d:65:c3:60:06:2c:4f:08:46:57:03:69:c7:d5:c1:23:
                    8a:be:24:f5:7e:f0:ea:ca:b2:9f:41:6b:7e:d1:f3:67
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:0e:98:33:37:b2:49:ff:29:7e:2c:fc:04:d4:30:a2:
        62:ab:2a:aa:83:06:a0:f8:88:96:49:aa:d3:16:32:6b:
        ed:d3:ad:e7:a4:98:30:2a:cf:ad:84:73:d9:3d:34:0c:
        22:06:b6:e8:c4:7a:6d:a4:ea:67:2a:c2:87:24:a3:89:
        da:59:b7:0d:cb:39:ae:b8:c4:bb:5e:47:03:24:ae:c3:
        55:8c:07:96:fb:01:7b:7e:e7:56:21:fa:59:10:88:45:
        a7:f0:03:e6:2b:09:17:d8:70:bd:4a:d1:8e:0e:9f:14:
        23:bb:eb:11:12:fd:d7:5e:48:94:58:f6:b5:c2:b3:ff:
        85:0e:d0:4b:a1:6b:d8:ed:7b:d9:ec:80:fb:da:a5:17:
        b4:02:aa:f1:5f:5e:9d:f3:00:13:32:0f:54:c7:96:af:
        2e:29:38:dc:ad:80:d5:c2:9b:08:a2:c2:34:c9:e4:5c:
        8a:1e:7f:77:b9:e6:a4:b3:95:81:30:36:3d:85:48:2c:
        c4:98:59:44:a4:ef:5f:ab:90:5a:a5:90:15:fb:2e:aa:
        4e:94:cc:ce:a0:23:9e:6a:b6:f7:91:e2:45:c3:b6:7d:
        c2:b5:72:4c:1f:76:29:df:42:65:06:22:45:bd:77:41:
        ef:35:8e:67:8a:1c:8a:b9:62:49:74:38:b5:8a:43:9b
    Fingerprint (SHA-256):
        3F:02:29:EE:E8:E9:C4:69:93:56:05:18:FF:16:B9:DB:FE:0D:30:24:A1:22:DF:6E:1F:15:C9:CB:EA:79:EE:F4
    Fingerprint (SHA1):
        57:F2:9C:94:FA:F7:67:AF:FB:2D:E4:0C:B6:10:04:42:43:A4:52:CD
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1521: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #1522: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170237 (0x25711dfd)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:15 2016
            Not After : Mon Jun 28 17:13:15 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:89:2b:5a:72:66:e7:e1:15:db:bb:c5:3f:90:8d:18:
                    9f:21:7a:62:ed:c6:96:90:c6:79:4e:a5:c4:9a:87:b5:
                    a3:28:c1:ff:2c:f8:9d:0d:75:59:20:57:46:e4:ac:2c:
                    cc:64:d2:01:e8:d7:34:b9:34:80:78:50:32:37:45:9b:
                    61:09:ab:4c:30:90:2f:38:08:98:f7:22:42:3f:dc:38:
                    1c:e0:3b:15:78:3b:27:2e:53:3d:db:30:e8:31:61:03:
                    55:f5:d3:4a:fd:7a:7b:8b:b6:b5:f7:45:5c:e4:40:86:
                    db:3f:e2:36:6c:e3:6f:67:4d:7e:95:1a:2c:d5:e6:d4:
                    26:66:ae:b9:b2:b1:e6:01:44:97:0e:c1:77:be:5f:1d:
                    3c:b2:c0:f5:35:75:0f:b6:6c:5e:37:a9:c5:e4:a4:eb:
                    f5:f0:cd:cb:85:5a:d0:96:ec:c4:5b:4e:9f:cc:22:4c:
                    58:ca:ba:9d:fd:97:c3:ef:ca:07:9a:ae:a8:68:35:cc:
                    bb:61:06:fa:89:0d:88:7f:ff:56:11:cd:45:5b:3e:e2:
                    8a:35:91:5a:e1:9e:a2:d7:12:41:d8:2e:a8:30:c7:fb:
                    08:a1:c7:ba:24:f8:c3:f2:f5:29:95:77:fa:7e:7e:fd:
                    77:32:34:85:68:ae:63:8f:a2:0e:14:8e:b9:af:8c:fb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:8f:dd:8c:b9:83:ca:a9:89:85:ba:0e:27:c0:c2:04:
        6d:4c:53:d2:d8:9f:7f:6c:b5:ef:c0:90:51:9f:c1:ed:
        32:a0:40:e3:87:09:bf:c9:a7:78:ed:19:e2:77:53:20:
        76:cf:b4:4f:69:6b:dc:08:ea:d6:69:20:73:0f:d7:42:
        a3:c5:03:2b:dc:84:3b:19:c2:63:62:69:cb:20:49:a8:
        98:0f:f0:4c:85:56:b3:9e:27:e7:e5:0f:bd:05:44:f8:
        c3:4b:ae:1e:01:53:31:5e:30:58:a5:35:4c:0b:81:c1:
        ac:c6:02:7b:52:a5:9d:84:70:11:4e:33:f4:8d:01:1f:
        2c:e9:a9:d1:25:35:b9:a2:be:b9:28:58:0c:7b:c6:3a:
        b8:fa:b1:24:25:c6:69:12:8b:35:09:2f:5c:51:ed:6c:
        af:9f:2a:b9:47:91:97:0e:1a:31:ea:f5:47:0e:17:d7:
        cf:3d:46:6b:32:b0:a4:7d:91:ef:88:36:35:aa:a8:79:
        ae:70:8d:f8:43:d1:a9:e7:ab:3a:61:fe:e3:fa:03:b8:
        a8:47:30:df:97:16:a0:61:a0:88:07:25:46:07:10:f7:
        cf:df:20:bc:c0:11:72:30:76:10:50:8c:7d:8b:e0:6b:
        06:b6:4d:e4:06:99:4a:83:26:05:17:bc:e9:e8:f0:d1
    Fingerprint (SHA-256):
        44:B8:07:2B:CE:FB:3D:BE:2C:90:73:D3:81:C6:9C:21:01:5D:16:32:38:59:0B:97:9B:F9:4B:E2:C3:8F:31:47
    Fingerprint (SHA1):
        A3:35:A7:F2:53:52:07:8B:A6:6C:DF:07:2D:ED:80:E7:30:92:08:36
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1523: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170238 (0x25711dfe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:17 2016
            Not After : Mon Jun 28 17:13:17 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:9d:02:c4:d6:cf:5b:c3:45:aa:b2:e1:52:8b:4b:ad:
                    3f:4e:f0:74:7c:53:d7:28:a2:e4:07:4f:d6:d7:d8:ab:
                    0d:ce:1c:c2:62:49:3f:fa:26:26:02:80:20:65:fa:65:
                    fb:61:6e:d7:fb:9a:d9:52:0c:5c:19:66:67:67:69:15:
                    7d:6a:1b:a7:30:2b:e9:e5:86:20:31:b9:93:f0:b3:0c:
                    f9:40:6a:79:67:93:70:2a:7a:88:d4:f0:86:48:c8:b2:
                    60:24:02:a8:c7:d5:14:e2:4b:6f:3c:9c:2e:e0:da:ce:
                    de:dc:c8:0c:a3:30:18:29:c9:39:7c:0f:dd:32:e2:b9:
                    76:a6:9e:87:69:90:15:97:c1:bd:76:0f:42:61:d0:4a:
                    bc:11:27:89:b4:cd:2a:9b:8d:ae:98:73:96:72:cf:4d:
                    77:88:46:96:83:65:25:25:63:ec:ca:cd:82:ee:59:8b:
                    83:c7:84:ba:98:4c:b0:ad:10:d5:9d:97:9f:3d:40:2a:
                    33:7b:8d:1c:ee:11:4b:e1:37:52:01:84:fb:b8:13:6c:
                    6b:61:10:fa:ef:a1:de:59:49:f0:7b:2f:03:8b:01:fa:
                    0d:65:c3:60:06:2c:4f:08:46:57:03:69:c7:d5:c1:23:
                    8a:be:24:f5:7e:f0:ea:ca:b2:9f:41:6b:7e:d1:f3:67
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:0e:98:33:37:b2:49:ff:29:7e:2c:fc:04:d4:30:a2:
        62:ab:2a:aa:83:06:a0:f8:88:96:49:aa:d3:16:32:6b:
        ed:d3:ad:e7:a4:98:30:2a:cf:ad:84:73:d9:3d:34:0c:
        22:06:b6:e8:c4:7a:6d:a4:ea:67:2a:c2:87:24:a3:89:
        da:59:b7:0d:cb:39:ae:b8:c4:bb:5e:47:03:24:ae:c3:
        55:8c:07:96:fb:01:7b:7e:e7:56:21:fa:59:10:88:45:
        a7:f0:03:e6:2b:09:17:d8:70:bd:4a:d1:8e:0e:9f:14:
        23:bb:eb:11:12:fd:d7:5e:48:94:58:f6:b5:c2:b3:ff:
        85:0e:d0:4b:a1:6b:d8:ed:7b:d9:ec:80:fb:da:a5:17:
        b4:02:aa:f1:5f:5e:9d:f3:00:13:32:0f:54:c7:96:af:
        2e:29:38:dc:ad:80:d5:c2:9b:08:a2:c2:34:c9:e4:5c:
        8a:1e:7f:77:b9:e6:a4:b3:95:81:30:36:3d:85:48:2c:
        c4:98:59:44:a4:ef:5f:ab:90:5a:a5:90:15:fb:2e:aa:
        4e:94:cc:ce:a0:23:9e:6a:b6:f7:91:e2:45:c3:b6:7d:
        c2:b5:72:4c:1f:76:29:df:42:65:06:22:45:bd:77:41:
        ef:35:8e:67:8a:1c:8a:b9:62:49:74:38:b5:8a:43:9b
    Fingerprint (SHA-256):
        3F:02:29:EE:E8:E9:C4:69:93:56:05:18:FF:16:B9:DB:FE:0D:30:24:A1:22:DF:6E:1F:15:C9:CB:EA:79:EE:F4
    Fingerprint (SHA1):
        57:F2:9C:94:FA:F7:67:AF:FB:2D:E4:0C:B6:10:04:42:43:A4:52:CD
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1524: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170238 (0x25711dfe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:17 2016
            Not After : Mon Jun 28 17:13:17 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:9d:02:c4:d6:cf:5b:c3:45:aa:b2:e1:52:8b:4b:ad:
                    3f:4e:f0:74:7c:53:d7:28:a2:e4:07:4f:d6:d7:d8:ab:
                    0d:ce:1c:c2:62:49:3f:fa:26:26:02:80:20:65:fa:65:
                    fb:61:6e:d7:fb:9a:d9:52:0c:5c:19:66:67:67:69:15:
                    7d:6a:1b:a7:30:2b:e9:e5:86:20:31:b9:93:f0:b3:0c:
                    f9:40:6a:79:67:93:70:2a:7a:88:d4:f0:86:48:c8:b2:
                    60:24:02:a8:c7:d5:14:e2:4b:6f:3c:9c:2e:e0:da:ce:
                    de:dc:c8:0c:a3:30:18:29:c9:39:7c:0f:dd:32:e2:b9:
                    76:a6:9e:87:69:90:15:97:c1:bd:76:0f:42:61:d0:4a:
                    bc:11:27:89:b4:cd:2a:9b:8d:ae:98:73:96:72:cf:4d:
                    77:88:46:96:83:65:25:25:63:ec:ca:cd:82:ee:59:8b:
                    83:c7:84:ba:98:4c:b0:ad:10:d5:9d:97:9f:3d:40:2a:
                    33:7b:8d:1c:ee:11:4b:e1:37:52:01:84:fb:b8:13:6c:
                    6b:61:10:fa:ef:a1:de:59:49:f0:7b:2f:03:8b:01:fa:
                    0d:65:c3:60:06:2c:4f:08:46:57:03:69:c7:d5:c1:23:
                    8a:be:24:f5:7e:f0:ea:ca:b2:9f:41:6b:7e:d1:f3:67
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9f:0e:98:33:37:b2:49:ff:29:7e:2c:fc:04:d4:30:a2:
        62:ab:2a:aa:83:06:a0:f8:88:96:49:aa:d3:16:32:6b:
        ed:d3:ad:e7:a4:98:30:2a:cf:ad:84:73:d9:3d:34:0c:
        22:06:b6:e8:c4:7a:6d:a4:ea:67:2a:c2:87:24:a3:89:
        da:59:b7:0d:cb:39:ae:b8:c4:bb:5e:47:03:24:ae:c3:
        55:8c:07:96:fb:01:7b:7e:e7:56:21:fa:59:10:88:45:
        a7:f0:03:e6:2b:09:17:d8:70:bd:4a:d1:8e:0e:9f:14:
        23:bb:eb:11:12:fd:d7:5e:48:94:58:f6:b5:c2:b3:ff:
        85:0e:d0:4b:a1:6b:d8:ed:7b:d9:ec:80:fb:da:a5:17:
        b4:02:aa:f1:5f:5e:9d:f3:00:13:32:0f:54:c7:96:af:
        2e:29:38:dc:ad:80:d5:c2:9b:08:a2:c2:34:c9:e4:5c:
        8a:1e:7f:77:b9:e6:a4:b3:95:81:30:36:3d:85:48:2c:
        c4:98:59:44:a4:ef:5f:ab:90:5a:a5:90:15:fb:2e:aa:
        4e:94:cc:ce:a0:23:9e:6a:b6:f7:91:e2:45:c3:b6:7d:
        c2:b5:72:4c:1f:76:29:df:42:65:06:22:45:bd:77:41:
        ef:35:8e:67:8a:1c:8a:b9:62:49:74:38:b5:8a:43:9b
    Fingerprint (SHA-256):
        3F:02:29:EE:E8:E9:C4:69:93:56:05:18:FF:16:B9:DB:FE:0D:30:24:A1:22:DF:6E:1F:15:C9:CB:EA:79:EE:F4
    Fingerprint (SHA1):
        57:F2:9C:94:FA:F7:67:AF:FB:2D:E4:0C:B6:10:04:42:43:A4:52:CD
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1525: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #1526: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170245 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1527: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #1528: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #1529: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170246 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1530: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #1531: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #1532: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1533: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628170247   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1534: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1535: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #1536: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1537: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628170248   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1538: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1539: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #1540: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1541: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628170249 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #1542: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1543: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628170250 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #1544: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1545: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #1546: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1547: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1548: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170251   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1549: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1550: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1551: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1552: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628170252   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1553: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1554: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1555: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1556: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170253   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1557: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1558: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1559: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1560: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170254   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1561: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1562: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1563: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170245 (0x25711e05)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:13:55 2016
            Not After : Mon Jun 28 17:13:55 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    af:22:bc:06:56:17:e0:09:20:6a:35:bb:49:f1:bc:3d:
                    1a:75:13:e8:4f:ac:98:71:c8:9b:b9:88:0f:11:fb:3c:
                    69:82:f6:42:1b:db:f1:81:31:84:bf:ea:2c:94:23:a2:
                    17:82:eb:30:08:1a:bd:01:a2:73:92:a5:1f:29:5d:a6:
                    3e:44:cc:c6:e4:4a:cc:41:26:80:7a:82:66:a9:13:81:
                    43:91:6d:2d:44:72:dc:b4:d4:18:6a:15:7c:ba:96:70:
                    76:18:e5:76:b3:7e:c2:05:5f:02:e4:e8:90:7b:d7:8e:
                    4a:11:43:4d:17:e4:0f:bf:bd:22:f5:fe:f0:2e:cb:17:
                    fa:25:8b:15:52:40:10:3f:ca:f4:17:a5:f8:b5:db:0e:
                    d5:4d:b5:f9:5d:d1:d8:a1:6e:78:8f:26:d2:53:68:b6:
                    d6:51:b9:97:38:30:a6:25:42:43:00:d9:20:ba:8a:f6:
                    ca:6e:0b:a9:31:ea:15:78:05:26:12:1f:28:c1:3b:0b:
                    7a:95:a5:91:b1:73:a2:5d:cf:af:56:d3:a2:64:56:01:
                    2b:72:32:22:68:84:29:be:f4:86:82:9d:52:27:9a:4b:
                    5f:8a:a3:35:46:cd:29:b8:21:19:d5:3c:45:db:f1:b1:
                    6b:de:97:56:a1:7f:35:77:0b:1f:0a:28:c4:d1:05:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        43:c7:50:85:ab:44:9b:fa:7d:1a:67:6a:40:9e:68:d8:
        6e:69:6e:4b:31:10:51:d5:05:a2:e0:85:6b:9b:bf:49:
        28:3a:5b:90:5e:40:d1:ce:80:eb:d0:96:23:f5:33:cf:
        f5:fa:44:dd:f3:12:be:40:d1:aa:b1:ac:bc:32:50:b0:
        00:cb:5f:5a:97:d5:8c:bc:99:b9:7c:e6:4f:05:52:ec:
        dd:1c:4c:8f:82:ed:7a:09:bd:fd:ec:70:62:ba:f0:aa:
        ed:57:d6:af:d7:94:95:bc:5c:16:60:a5:44:78:b8:17:
        a5:72:70:78:29:a9:ac:b7:c3:34:7b:7c:e1:35:a4:91:
        f9:38:d3:de:58:3a:97:2e:25:53:92:ed:22:24:47:6d:
        7c:5d:78:2e:62:72:5a:46:64:95:b1:3b:96:74:e8:e3:
        87:37:bb:0e:14:1b:13:28:e3:12:80:98:35:70:ab:69:
        bf:dd:24:49:eb:5b:0e:77:9c:f1:83:d2:cc:67:86:05:
        71:42:56:73:57:cd:b0:e2:67:3b:e8:4b:3f:a4:63:ba:
        fb:41:d1:b1:7f:2f:96:23:09:7b:79:a8:83:70:05:ef:
        74:d0:1f:24:9b:c2:be:76:ae:73:2c:c3:f4:5b:df:9b:
        c8:3a:b7:f8:eb:95:e4:a0:fd:af:7a:66:e1:b2:8a:d7
    Fingerprint (SHA-256):
        44:DA:3B:34:8A:00:2B:34:0E:81:C1:70:04:43:67:CC:38:43:A0:1F:7F:4B:49:0D:C1:DD:D6:77:FE:EB:E1:12
    Fingerprint (SHA1):
        8E:1F:D8:E6:65:7C:6B:93:ED:61:B8:97:CD:01:34:56:FF:1E:F2:6A
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #1564: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1565: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1566: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1567: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1568: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1569: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1570: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1571: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1572: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170246 (0x25711e06)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:14:00 2016
            Not After : Mon Jun 28 17:14:00 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a7:7e:3d:24:eb:93:d7:18:ac:cb:cc:29:f5:6c:32:18:
                    43:dd:41:09:94:ca:3f:41:22:68:8b:17:9e:d2:d6:58:
                    d0:e7:02:d6:f7:b6:16:d6:6c:d2:c6:c5:09:73:81:92:
                    2d:f4:36:88:85:7e:97:47:e3:7a:a5:48:27:50:79:02:
                    78:3c:7b:92:fe:6f:d4:24:0e:f7:0e:2d:ec:bd:7a:9d:
                    5a:c7:85:80:9f:6a:b2:66:2c:44:a9:be:f4:d6:1b:a4:
                    18:32:3a:97:b0:c5:0a:63:df:13:a9:7f:ee:a0:73:be:
                    17:fb:e8:08:5e:9f:33:b9:4a:1d:37:a0:23:d4:81:09:
                    25:a3:c4:93:00:66:0a:a7:28:07:c7:9d:af:74:e6:49:
                    15:af:0e:af:c1:73:8c:a4:38:3c:ad:13:09:a3:0a:30:
                    bc:82:90:97:a3:4b:6b:c2:6b:54:b4:76:72:26:97:f9:
                    e1:ce:15:76:b3:a8:7e:65:3a:dc:fc:a9:52:15:91:4d:
                    63:ee:c2:a3:ab:ca:92:57:45:07:32:fd:57:ef:90:d4:
                    4f:3f:1e:84:8e:9d:16:37:e1:b9:50:8c:3e:13:2d:33:
                    a4:9f:25:14:6e:a1:a6:fd:68:e2:cf:32:5b:48:65:bd:
                    3e:d2:20:21:29:80:5f:a8:2f:93:30:b7:5c:07:99:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:9d:7d:7b:09:50:d4:69:a6:c7:2d:cb:de:14:08:5e:
        af:98:05:28:77:25:06:4f:4a:63:8b:2e:3c:d0:76:8e:
        51:0e:45:c0:41:ca:ec:74:39:5c:e1:59:c1:9b:3a:00:
        f7:27:aa:2a:bf:2c:f1:0c:43:67:fe:da:77:51:aa:c5:
        88:f7:10:d5:7d:a6:c1:59:41:ab:ba:89:c7:92:da:5b:
        35:4f:7f:ac:b8:c2:d2:54:52:dc:5a:95:9e:19:58:d7:
        53:84:5c:7f:3a:c0:bb:19:50:fd:97:2f:8c:85:32:c8:
        c8:da:93:f6:1e:e3:15:f6:2c:57:a5:1c:ef:6f:07:a0:
        61:82:65:63:4d:50:29:03:9c:e9:d4:8d:07:d0:d1:f5:
        a1:f1:ef:32:69:67:ad:bb:de:5b:31:ec:52:50:d2:3b:
        be:b5:cb:bf:af:7d:7c:cb:47:fa:08:c2:2b:8d:70:1a:
        0a:76:32:6a:b4:65:28:a4:37:a8:00:e1:61:a3:1d:71:
        b3:e6:60:20:18:91:8e:16:45:2c:02:f9:9b:6e:60:a1:
        76:34:6b:a0:54:30:a4:e9:65:af:d4:fe:e7:05:bb:9d:
        4b:6a:55:78:7d:bf:8c:46:d7:46:a1:95:6c:26:a5:6c:
        3e:a1:1c:f8:2f:de:30:85:9e:0f:d5:d9:6a:2d:ab:13
    Fingerprint (SHA-256):
        9E:DF:5C:51:F2:4C:2D:CA:12:2F:B8:2C:B6:5A:EA:58:A5:37:C6:46:98:15:BD:43:22:61:AA:92:55:B4:13:26
    Fingerprint (SHA1):
        76:7F:AD:F4:1D:F0:E4:A9:49:64:F3:1B:6D:B7:0C:33:1A:3A:83:BE
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #1573: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1574: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1575: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1576: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1577: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1578: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1579: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #1580: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #1581: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #1582: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #1583: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #1584: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #1585: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #1586: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1587: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1588: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #1589: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #1590: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1591: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170255 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1592: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1593: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1594: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1595: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170256   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1596: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1597: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1598: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1599: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170257   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1600: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1601: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1602: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1603: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628170258   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1604: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1605: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1606: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1607: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170259   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1608: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1609: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #1610: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1611: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628170260   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1612: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1613: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #1614: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1615: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628170261   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1616: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1617: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #1618: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1619: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628170262   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1620: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1621: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #1622: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1623: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628170263   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1624: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1625: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1626: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170255 (0x25711e0f)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:14:41 2016
            Not After : Mon Jun 28 17:14:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    8c:f9:b4:66:79:0c:a7:86:33:47:c8:bb:e8:eb:21:b8:
                    17:ea:97:6a:25:a8:95:9f:8b:e0:55:6b:44:d1:ff:35:
                    b3:c9:e4:57:41:d2:0a:0c:3b:03:3d:41:c4:70:df:ec:
                    aa:35:17:2f:25:34:7f:f4:d3:3e:bc:0d:37:13:3f:ae:
                    6c:ef:58:0a:e9:c3:6d:46:30:ff:2d:53:b8:3c:2f:11:
                    c0:91:97:62:51:3a:1f:55:d3:12:9d:71:5d:36:88:7c:
                    b5:59:d5:24:66:f1:0e:21:eb:82:59:5a:89:eb:6f:6d:
                    af:1c:aa:99:69:a2:a7:da:69:82:c3:15:7d:38:c1:05:
                    56:9d:de:0d:93:12:db:92:73:01:9e:1e:82:89:e7:9c:
                    91:5d:fa:29:3f:87:47:9e:d4:dd:9e:c7:d6:90:5a:28:
                    96:eb:d3:87:32:9f:bb:22:ee:77:e7:82:d2:30:46:de:
                    95:d5:ac:c5:05:61:17:51:ce:49:88:1e:cf:77:f0:d7:
                    dd:95:61:d3:8a:b2:66:af:fe:ec:31:14:e6:e9:b7:30:
                    cf:d8:cc:9a:09:12:2b:04:65:ad:5d:cb:eb:76:fc:e5:
                    3d:18:62:ad:85:2f:8d:29:11:0f:53:24:7f:18:e6:9f:
                    12:c8:c5:da:77:09:83:45:c5:71:bc:85:9e:3e:88:9c
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:20:4e:67:6d:a8:f3:33:8f:7c:09:9d:4f:
        ae:85:91:f4:d7:43:90:c1:bf:f4:3f:1d:16:2b:2c:dd:
        02:1d:00:9d:98:7a:fd:28:a7:6f:26:95:66:bd:eb:a9:
        9b:5c:72:72:96:15:4c:22:ff:11:d3:20:33:3e:97
    Fingerprint (SHA-256):
        D6:63:0F:FF:89:E8:B4:A6:48:3C:7D:9E:7B:62:8C:F5:EF:CF:8B:83:2D:BA:84:DA:E7:CA:B8:54:66:A9:73:91
    Fingerprint (SHA1):
        75:84:CD:6E:05:0C:42:D9:36:CC:DE:6D:7B:0D:83:79:B7:39:1C:6C
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1627: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170255 (0x25711e0f)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:14:41 2016
            Not After : Mon Jun 28 17:14:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    8c:f9:b4:66:79:0c:a7:86:33:47:c8:bb:e8:eb:21:b8:
                    17:ea:97:6a:25:a8:95:9f:8b:e0:55:6b:44:d1:ff:35:
                    b3:c9:e4:57:41:d2:0a:0c:3b:03:3d:41:c4:70:df:ec:
                    aa:35:17:2f:25:34:7f:f4:d3:3e:bc:0d:37:13:3f:ae:
                    6c:ef:58:0a:e9:c3:6d:46:30:ff:2d:53:b8:3c:2f:11:
                    c0:91:97:62:51:3a:1f:55:d3:12:9d:71:5d:36:88:7c:
                    b5:59:d5:24:66:f1:0e:21:eb:82:59:5a:89:eb:6f:6d:
                    af:1c:aa:99:69:a2:a7:da:69:82:c3:15:7d:38:c1:05:
                    56:9d:de:0d:93:12:db:92:73:01:9e:1e:82:89:e7:9c:
                    91:5d:fa:29:3f:87:47:9e:d4:dd:9e:c7:d6:90:5a:28:
                    96:eb:d3:87:32:9f:bb:22:ee:77:e7:82:d2:30:46:de:
                    95:d5:ac:c5:05:61:17:51:ce:49:88:1e:cf:77:f0:d7:
                    dd:95:61:d3:8a:b2:66:af:fe:ec:31:14:e6:e9:b7:30:
                    cf:d8:cc:9a:09:12:2b:04:65:ad:5d:cb:eb:76:fc:e5:
                    3d:18:62:ad:85:2f:8d:29:11:0f:53:24:7f:18:e6:9f:
                    12:c8:c5:da:77:09:83:45:c5:71:bc:85:9e:3e:88:9c
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:20:4e:67:6d:a8:f3:33:8f:7c:09:9d:4f:
        ae:85:91:f4:d7:43:90:c1:bf:f4:3f:1d:16:2b:2c:dd:
        02:1d:00:9d:98:7a:fd:28:a7:6f:26:95:66:bd:eb:a9:
        9b:5c:72:72:96:15:4c:22:ff:11:d3:20:33:3e:97
    Fingerprint (SHA-256):
        D6:63:0F:FF:89:E8:B4:A6:48:3C:7D:9E:7B:62:8C:F5:EF:CF:8B:83:2D:BA:84:DA:E7:CA:B8:54:66:A9:73:91
    Fingerprint (SHA1):
        75:84:CD:6E:05:0C:42:D9:36:CC:DE:6D:7B:0D:83:79:B7:39:1C:6C
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1628: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170255 (0x25711e0f)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:14:41 2016
            Not After : Mon Jun 28 17:14:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    8c:f9:b4:66:79:0c:a7:86:33:47:c8:bb:e8:eb:21:b8:
                    17:ea:97:6a:25:a8:95:9f:8b:e0:55:6b:44:d1:ff:35:
                    b3:c9:e4:57:41:d2:0a:0c:3b:03:3d:41:c4:70:df:ec:
                    aa:35:17:2f:25:34:7f:f4:d3:3e:bc:0d:37:13:3f:ae:
                    6c:ef:58:0a:e9:c3:6d:46:30:ff:2d:53:b8:3c:2f:11:
                    c0:91:97:62:51:3a:1f:55:d3:12:9d:71:5d:36:88:7c:
                    b5:59:d5:24:66:f1:0e:21:eb:82:59:5a:89:eb:6f:6d:
                    af:1c:aa:99:69:a2:a7:da:69:82:c3:15:7d:38:c1:05:
                    56:9d:de:0d:93:12:db:92:73:01:9e:1e:82:89:e7:9c:
                    91:5d:fa:29:3f:87:47:9e:d4:dd:9e:c7:d6:90:5a:28:
                    96:eb:d3:87:32:9f:bb:22:ee:77:e7:82:d2:30:46:de:
                    95:d5:ac:c5:05:61:17:51:ce:49:88:1e:cf:77:f0:d7:
                    dd:95:61:d3:8a:b2:66:af:fe:ec:31:14:e6:e9:b7:30:
                    cf:d8:cc:9a:09:12:2b:04:65:ad:5d:cb:eb:76:fc:e5:
                    3d:18:62:ad:85:2f:8d:29:11:0f:53:24:7f:18:e6:9f:
                    12:c8:c5:da:77:09:83:45:c5:71:bc:85:9e:3e:88:9c
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:20:4e:67:6d:a8:f3:33:8f:7c:09:9d:4f:
        ae:85:91:f4:d7:43:90:c1:bf:f4:3f:1d:16:2b:2c:dd:
        02:1d:00:9d:98:7a:fd:28:a7:6f:26:95:66:bd:eb:a9:
        9b:5c:72:72:96:15:4c:22:ff:11:d3:20:33:3e:97
    Fingerprint (SHA-256):
        D6:63:0F:FF:89:E8:B4:A6:48:3C:7D:9E:7B:62:8C:F5:EF:CF:8B:83:2D:BA:84:DA:E7:CA:B8:54:66:A9:73:91
    Fingerprint (SHA1):
        75:84:CD:6E:05:0C:42:D9:36:CC:DE:6D:7B:0D:83:79:B7:39:1C:6C
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #1629: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170255 (0x25711e0f)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:14:41 2016
            Not After : Mon Jun 28 17:14:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    8c:f9:b4:66:79:0c:a7:86:33:47:c8:bb:e8:eb:21:b8:
                    17:ea:97:6a:25:a8:95:9f:8b:e0:55:6b:44:d1:ff:35:
                    b3:c9:e4:57:41:d2:0a:0c:3b:03:3d:41:c4:70:df:ec:
                    aa:35:17:2f:25:34:7f:f4:d3:3e:bc:0d:37:13:3f:ae:
                    6c:ef:58:0a:e9:c3:6d:46:30:ff:2d:53:b8:3c:2f:11:
                    c0:91:97:62:51:3a:1f:55:d3:12:9d:71:5d:36:88:7c:
                    b5:59:d5:24:66:f1:0e:21:eb:82:59:5a:89:eb:6f:6d:
                    af:1c:aa:99:69:a2:a7:da:69:82:c3:15:7d:38:c1:05:
                    56:9d:de:0d:93:12:db:92:73:01:9e:1e:82:89:e7:9c:
                    91:5d:fa:29:3f:87:47:9e:d4:dd:9e:c7:d6:90:5a:28:
                    96:eb:d3:87:32:9f:bb:22:ee:77:e7:82:d2:30:46:de:
                    95:d5:ac:c5:05:61:17:51:ce:49:88:1e:cf:77:f0:d7:
                    dd:95:61:d3:8a:b2:66:af:fe:ec:31:14:e6:e9:b7:30:
                    cf:d8:cc:9a:09:12:2b:04:65:ad:5d:cb:eb:76:fc:e5:
                    3d:18:62:ad:85:2f:8d:29:11:0f:53:24:7f:18:e6:9f:
                    12:c8:c5:da:77:09:83:45:c5:71:bc:85:9e:3e:88:9c
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:20:4e:67:6d:a8:f3:33:8f:7c:09:9d:4f:
        ae:85:91:f4:d7:43:90:c1:bf:f4:3f:1d:16:2b:2c:dd:
        02:1d:00:9d:98:7a:fd:28:a7:6f:26:95:66:bd:eb:a9:
        9b:5c:72:72:96:15:4c:22:ff:11:d3:20:33:3e:97
    Fingerprint (SHA-256):
        D6:63:0F:FF:89:E8:B4:A6:48:3C:7D:9E:7B:62:8C:F5:EF:CF:8B:83:2D:BA:84:DA:E7:CA:B8:54:66:A9:73:91
    Fingerprint (SHA1):
        75:84:CD:6E:05:0C:42:D9:36:CC:DE:6D:7B:0D:83:79:B7:39:1C:6C
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #1630: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1631: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1632: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1633: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #1634: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1635: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1636: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1637: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1638: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1639: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1640: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1641: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #1642: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1643: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1644: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1645: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #1646: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1647: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1648: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1649: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1650: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1651: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1652: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1653: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #1654: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1655: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1656: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1657: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628171541Z
nextupdate=20170628171541Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:15:41 2016
    Next Update: Wed Jun 28 17:15:41 2017
    CRL Extensions:
chains.sh: #1658: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628171541Z
nextupdate=20170628171541Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:15:41 2016
    Next Update: Wed Jun 28 17:15:41 2017
    CRL Extensions:
chains.sh: #1659: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628171542Z
nextupdate=20170628171542Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:15:42 2016
    Next Update: Wed Jun 28 17:15:42 2017
    CRL Extensions:
chains.sh: #1660: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628171542Z
nextupdate=20170628171542Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:15:42 2016
    Next Update: Wed Jun 28 17:15:42 2017
    CRL Extensions:
chains.sh: #1661: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628171543Z
addcert 14 20160628171543Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:15:43 2016
    Next Update: Wed Jun 28 17:15:42 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 17:15:43 2016
    CRL Extensions:
chains.sh: #1662: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628171544Z
addcert 15 20160628171544Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:15:44 2016
    Next Update: Wed Jun 28 17:15:41 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 17:15:44 2016
    CRL Extensions:
chains.sh: #1663: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1664: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1665: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #1666: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #1667: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #1668: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #1669: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #1670: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #1671: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #1672: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:15:06 2016
            Not After : Mon Jun 28 17:15:06 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:58:f5:dc:f9:52:01:92:cb:99:bb:5a:c4:e6:52:eb:
                    25:c4:a1:39:69:55:3d:f6:77:5d:15:6c:34:0f:42:1f:
                    b7:6e:22:c1:07:4f:24:e7:58:82:e1:7d:5c:61:37:7b:
                    06:aa:9c:a0:5d:8a:66:33:10:ef:ff:16:19:6b:31:34:
                    1e:96:61:77:30:7e:ae:05:b1:db:81:3e:8b:ce:f8:da:
                    1b:3a:d0:37:10:2c:a3:e0:d8:5a:c9:7e:89:f6:57:b2:
                    05:be:01:f1:f6:2c:8b:28:81:81:1d:96:56:65:e4:78:
                    65:b5:e6:52:ac:2b:76:e3:45:40:36:58:f7:b1:98:d5:
                    f6:64:e9:75:ae:87:5a:34:92:ca:95:0a:d0:24:db:96:
                    84:0f:36:36:d2:df:b8:5d:f8:b0:28:55:74:11:13:d4:
                    21:e9:b2:5c:00:66:06:87:76:07:0b:3b:a4:ef:8b:43:
                    5b:87:5f:ba:16:dd:98:65:ae:16:c9:8e:e0:00:e7:ab:
                    c9:13:6f:28:06:0b:57:1d:a9:9a:38:58:be:c9:0f:8e:
                    79:ea:63:98:dc:a8:52:1a:29:bb:21:60:98:97:c2:85:
                    2c:54:90:cb:56:18:04:d4:f0:1d:3c:82:f5:a4:67:37:
                    33:56:d6:0b:e9:a4:3a:19:b4:6d:04:69:ef:1e:11:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8c:5a:7f:01:02:1c:a6:ca:15:73:c1:52:d9:af:14:0d:
        18:25:cb:a2:c6:31:d5:ed:de:31:5c:84:f2:c6:8b:a1:
        90:2f:4a:fe:cc:59:86:fc:a6:6f:5f:5b:b8:78:39:6b:
        11:39:81:8d:fa:5d:76:4f:2b:be:1b:f5:97:ad:be:21:
        30:1b:ee:8f:36:95:86:98:ed:81:bc:e3:3a:d9:33:fd:
        7c:84:eb:53:64:d9:bf:df:18:61:34:f6:1f:df:34:99:
        a1:2b:35:4c:4d:89:2c:71:37:5b:56:ee:33:98:5a:c9:
        ae:85:cc:71:fd:bb:69:c4:5c:2b:eb:f6:9e:64:fa:3f:
        84:ea:87:2e:1c:80:b1:db:42:2c:8b:04:99:4e:8f:f4:
        f9:8b:ad:23:35:21:a1:ff:73:22:cf:a8:b1:1f:9f:ec:
        54:b2:8d:fe:cd:f2:82:0d:6e:e6:f7:6c:b8:27:2b:52:
        f1:23:12:92:80:3e:1d:14:c5:e0:47:11:a5:77:b2:5f:
        b8:8e:41:6a:48:1d:d8:d3:ac:41:0d:8e:4b:5e:b3:3d:
        d5:6a:44:99:cf:5e:4e:a8:6c:43:04:47:5d:cf:9a:57:
        0d:d4:ee:f8:be:df:4a:4e:38:ec:45:b6:27:39:22:6f:
        61:92:30:d8:28:68:c3:ea:e5:fa:73:2c:9f:c0:52:25
    Fingerprint (SHA-256):
        28:3A:97:42:12:1E:1C:96:B6:12:7D:99:F6:F7:06:61:B5:17:78:80:7D:A4:61:B4:3C:86:1A:91:A8:28:A0:F9
    Fingerprint (SHA1):
        16:8D:19:89:B8:45:70:A4:34:05:4C:A7:88:3F:F3:11:2D:E1:F5:EF
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #1673: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #1674: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:15:06 2016
            Not After : Mon Jun 28 17:15:06 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:58:f5:dc:f9:52:01:92:cb:99:bb:5a:c4:e6:52:eb:
                    25:c4:a1:39:69:55:3d:f6:77:5d:15:6c:34:0f:42:1f:
                    b7:6e:22:c1:07:4f:24:e7:58:82:e1:7d:5c:61:37:7b:
                    06:aa:9c:a0:5d:8a:66:33:10:ef:ff:16:19:6b:31:34:
                    1e:96:61:77:30:7e:ae:05:b1:db:81:3e:8b:ce:f8:da:
                    1b:3a:d0:37:10:2c:a3:e0:d8:5a:c9:7e:89:f6:57:b2:
                    05:be:01:f1:f6:2c:8b:28:81:81:1d:96:56:65:e4:78:
                    65:b5:e6:52:ac:2b:76:e3:45:40:36:58:f7:b1:98:d5:
                    f6:64:e9:75:ae:87:5a:34:92:ca:95:0a:d0:24:db:96:
                    84:0f:36:36:d2:df:b8:5d:f8:b0:28:55:74:11:13:d4:
                    21:e9:b2:5c:00:66:06:87:76:07:0b:3b:a4:ef:8b:43:
                    5b:87:5f:ba:16:dd:98:65:ae:16:c9:8e:e0:00:e7:ab:
                    c9:13:6f:28:06:0b:57:1d:a9:9a:38:58:be:c9:0f:8e:
                    79:ea:63:98:dc:a8:52:1a:29:bb:21:60:98:97:c2:85:
                    2c:54:90:cb:56:18:04:d4:f0:1d:3c:82:f5:a4:67:37:
                    33:56:d6:0b:e9:a4:3a:19:b4:6d:04:69:ef:1e:11:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8c:5a:7f:01:02:1c:a6:ca:15:73:c1:52:d9:af:14:0d:
        18:25:cb:a2:c6:31:d5:ed:de:31:5c:84:f2:c6:8b:a1:
        90:2f:4a:fe:cc:59:86:fc:a6:6f:5f:5b:b8:78:39:6b:
        11:39:81:8d:fa:5d:76:4f:2b:be:1b:f5:97:ad:be:21:
        30:1b:ee:8f:36:95:86:98:ed:81:bc:e3:3a:d9:33:fd:
        7c:84:eb:53:64:d9:bf:df:18:61:34:f6:1f:df:34:99:
        a1:2b:35:4c:4d:89:2c:71:37:5b:56:ee:33:98:5a:c9:
        ae:85:cc:71:fd:bb:69:c4:5c:2b:eb:f6:9e:64:fa:3f:
        84:ea:87:2e:1c:80:b1:db:42:2c:8b:04:99:4e:8f:f4:
        f9:8b:ad:23:35:21:a1:ff:73:22:cf:a8:b1:1f:9f:ec:
        54:b2:8d:fe:cd:f2:82:0d:6e:e6:f7:6c:b8:27:2b:52:
        f1:23:12:92:80:3e:1d:14:c5:e0:47:11:a5:77:b2:5f:
        b8:8e:41:6a:48:1d:d8:d3:ac:41:0d:8e:4b:5e:b3:3d:
        d5:6a:44:99:cf:5e:4e:a8:6c:43:04:47:5d:cf:9a:57:
        0d:d4:ee:f8:be:df:4a:4e:38:ec:45:b6:27:39:22:6f:
        61:92:30:d8:28:68:c3:ea:e5:fa:73:2c:9f:c0:52:25
    Fingerprint (SHA-256):
        28:3A:97:42:12:1E:1C:96:B6:12:7D:99:F6:F7:06:61:B5:17:78:80:7D:A4:61:B4:3C:86:1A:91:A8:28:A0:F9
    Fingerprint (SHA1):
        16:8D:19:89:B8:45:70:A4:34:05:4C:A7:88:3F:F3:11:2D:E1:F5:EF
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #1675: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #1676: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1677: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170264 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1678: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1679: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #1680: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1681: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628170265   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1682: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1683: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1684: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170155.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1685: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170140.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1686: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1687: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #1688: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170155.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1689: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628170266   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1690: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1691: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1692: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170155.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1693: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170141.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1694: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1695: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #1696: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1697: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628170267   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1698: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1699: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1700: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170155.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1701: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170142.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1702: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1703: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1704: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170155.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1705: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170143.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #1706: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1707: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628171627Z
nextupdate=20170628171627Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:16:27 2016
    Next Update: Wed Jun 28 17:16:27 2017
    CRL Extensions:
chains.sh: #1708: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628171627Z
nextupdate=20170628171627Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:16:27 2016
    Next Update: Wed Jun 28 17:16:27 2017
    CRL Extensions:
chains.sh: #1709: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628171627Z
nextupdate=20170628171627Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:16:27 2016
    Next Update: Wed Jun 28 17:16:27 2017
    CRL Extensions:
chains.sh: #1710: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628171627Z
nextupdate=20170628171627Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:16:27 2016
    Next Update: Wed Jun 28 17:16:27 2017
    CRL Extensions:
chains.sh: #1711: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628171628Z
addcert 20 20160628171628Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:16:28 2016
    Next Update: Wed Jun 28 17:16:27 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:16:28 2016
    CRL Extensions:
chains.sh: #1712: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628171629Z
addcert 40 20160628171629Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:16:29 2016
    Next Update: Wed Jun 28 17:16:27 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:16:28 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 17:16:29 2016
    CRL Extensions:
chains.sh: #1713: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1714: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1715: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #1716: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170264 (0x25711e18)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:15:54 2016
            Not After : Mon Jun 28 17:15:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d5:63:2b:a9:c8:bf:03:ec:18:ae:bf:11:da:01:77:1e:
                    52:14:39:07:f1:87:8e:5d:06:c7:80:bc:f9:44:d7:81:
                    ba:da:34:d1:5f:57:5e:6a:62:7a:1d:b0:6c:28:2a:c6:
                    d5:2d:25:dd:4f:c1:62:c1:ed:0b:fe:0e:ea:37:39:ab:
                    74:4d:74:99:f7:98:ad:b7:b8:ce:9b:24:c2:e1:dc:fd:
                    b8:4f:03:f7:a7:2b:dd:53:90:c5:c9:3c:31:e8:0f:85:
                    3d:6b:77:e2:93:a1:1f:92:c8:3c:70:80:9c:fd:ed:b7:
                    eb:a9:bf:16:a4:17:58:08:80:b1:99:ed:ea:47:75:2d:
                    2e:ea:9c:2c:a5:1d:ad:2a:3b:5f:98:02:e6:fe:5e:a9:
                    e6:26:12:5b:07:d7:70:84:ea:c5:74:11:84:23:d6:d3:
                    74:09:c5:13:4c:8d:f1:68:bd:ab:34:7e:c3:40:84:fd:
                    07:c7:9b:c9:8d:a4:dd:a5:9f:a1:3f:3d:06:d8:d6:09:
                    7d:61:de:31:23:4f:a4:f0:1b:4a:81:a6:e1:15:1c:a2:
                    22:73:3d:ef:89:5d:44:19:aa:9f:ab:fd:4d:51:e6:81:
                    f3:86:3b:5f:22:fa:19:76:82:3d:22:bb:aa:d5:00:6e:
                    af:8c:f6:9c:b6:a8:b1:6e:d5:35:be:d3:4c:39:da:19
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        86:02:ba:35:5f:c3:4e:27:01:93:c7:c9:4e:b5:c8:ed:
        a9:7d:80:75:e6:02:aa:2a:5b:a9:13:bf:9a:4f:c8:a0:
        47:1b:eb:bb:a6:f5:5d:67:b3:0e:85:62:ca:0d:24:3a:
        af:c1:97:a7:d2:d9:51:8f:1b:28:27:59:cf:8b:27:b4:
        b8:7c:96:06:54:03:ef:97:05:2b:e6:52:ba:08:74:c3:
        1e:51:b1:38:e0:d2:cc:77:77:30:df:7e:12:12:e9:61:
        e8:3e:1d:61:b2:88:ff:b6:13:c4:c6:89:33:88:21:35:
        f6:05:dc:d4:7b:ab:ea:66:35:a6:c0:b1:94:f3:34:5d:
        ef:be:96:74:29:f5:26:f7:be:4a:65:f6:a7:cd:57:b5:
        d7:be:14:f8:7c:70:10:a3:90:41:f0:41:7c:af:5d:4d:
        4f:79:1d:0a:c0:a1:e1:2c:c2:84:c5:d0:cc:94:96:e1:
        4f:12:37:6f:34:0b:a0:08:70:43:d1:12:a7:b8:b7:e5:
        33:41:da:63:88:40:d4:6f:10:02:df:3f:63:eb:3f:6b:
        48:52:3a:bb:3b:ba:f6:9c:3c:b3:80:38:63:06:cb:8f:
        12:67:57:a3:6c:8d:c3:40:72:a5:ee:14:ef:2f:91:2d:
        4f:cf:45:bb:6f:2b:76:ef:86:81:bb:e4:b1:c2:4c:eb
    Fingerprint (SHA-256):
        B6:4D:4F:0D:C8:C5:8C:64:EE:48:39:B5:1E:AE:A9:83:BA:34:CD:97:BE:A7:C4:AF:71:C1:6A:7F:8E:C4:EB:8D
    Fingerprint (SHA1):
        34:19:5E:A4:A9:F3:E3:9C:FF:47:1D:77:48:75:63:03:FC:3B:38:B2
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #1717: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #1718: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170264 (0x25711e18)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:15:54 2016
            Not After : Mon Jun 28 17:15:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d5:63:2b:a9:c8:bf:03:ec:18:ae:bf:11:da:01:77:1e:
                    52:14:39:07:f1:87:8e:5d:06:c7:80:bc:f9:44:d7:81:
                    ba:da:34:d1:5f:57:5e:6a:62:7a:1d:b0:6c:28:2a:c6:
                    d5:2d:25:dd:4f:c1:62:c1:ed:0b:fe:0e:ea:37:39:ab:
                    74:4d:74:99:f7:98:ad:b7:b8:ce:9b:24:c2:e1:dc:fd:
                    b8:4f:03:f7:a7:2b:dd:53:90:c5:c9:3c:31:e8:0f:85:
                    3d:6b:77:e2:93:a1:1f:92:c8:3c:70:80:9c:fd:ed:b7:
                    eb:a9:bf:16:a4:17:58:08:80:b1:99:ed:ea:47:75:2d:
                    2e:ea:9c:2c:a5:1d:ad:2a:3b:5f:98:02:e6:fe:5e:a9:
                    e6:26:12:5b:07:d7:70:84:ea:c5:74:11:84:23:d6:d3:
                    74:09:c5:13:4c:8d:f1:68:bd:ab:34:7e:c3:40:84:fd:
                    07:c7:9b:c9:8d:a4:dd:a5:9f:a1:3f:3d:06:d8:d6:09:
                    7d:61:de:31:23:4f:a4:f0:1b:4a:81:a6:e1:15:1c:a2:
                    22:73:3d:ef:89:5d:44:19:aa:9f:ab:fd:4d:51:e6:81:
                    f3:86:3b:5f:22:fa:19:76:82:3d:22:bb:aa:d5:00:6e:
                    af:8c:f6:9c:b6:a8:b1:6e:d5:35:be:d3:4c:39:da:19
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        86:02:ba:35:5f:c3:4e:27:01:93:c7:c9:4e:b5:c8:ed:
        a9:7d:80:75:e6:02:aa:2a:5b:a9:13:bf:9a:4f:c8:a0:
        47:1b:eb:bb:a6:f5:5d:67:b3:0e:85:62:ca:0d:24:3a:
        af:c1:97:a7:d2:d9:51:8f:1b:28:27:59:cf:8b:27:b4:
        b8:7c:96:06:54:03:ef:97:05:2b:e6:52:ba:08:74:c3:
        1e:51:b1:38:e0:d2:cc:77:77:30:df:7e:12:12:e9:61:
        e8:3e:1d:61:b2:88:ff:b6:13:c4:c6:89:33:88:21:35:
        f6:05:dc:d4:7b:ab:ea:66:35:a6:c0:b1:94:f3:34:5d:
        ef:be:96:74:29:f5:26:f7:be:4a:65:f6:a7:cd:57:b5:
        d7:be:14:f8:7c:70:10:a3:90:41:f0:41:7c:af:5d:4d:
        4f:79:1d:0a:c0:a1:e1:2c:c2:84:c5:d0:cc:94:96:e1:
        4f:12:37:6f:34:0b:a0:08:70:43:d1:12:a7:b8:b7:e5:
        33:41:da:63:88:40:d4:6f:10:02:df:3f:63:eb:3f:6b:
        48:52:3a:bb:3b:ba:f6:9c:3c:b3:80:38:63:06:cb:8f:
        12:67:57:a3:6c:8d:c3:40:72:a5:ee:14:ef:2f:91:2d:
        4f:cf:45:bb:6f:2b:76:ef:86:81:bb:e4:b1:c2:4c:eb
    Fingerprint (SHA-256):
        B6:4D:4F:0D:C8:C5:8C:64:EE:48:39:B5:1E:AE:A9:83:BA:34:CD:97:BE:A7:C4:AF:71:C1:6A:7F:8E:C4:EB:8D
    Fingerprint (SHA1):
        34:19:5E:A4:A9:F3:E3:9C:FF:47:1D:77:48:75:63:03:FC:3B:38:B2
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #1719: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #1720: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #1721: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170268 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1722: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #1723: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1724: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1725: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170269   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1726: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1727: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1728: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1729: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170270   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1730: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1731: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1732: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1733: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628170271   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1734: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1735: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #1736: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170272 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1737: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #1738: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #1739: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1740: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628170273   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1741: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1742: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #1743: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1744: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628170274   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1745: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1746: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #1747: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #1748: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #1749: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170268 (0x25711e1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:16:43 2016
            Not After : Mon Jun 28 17:16:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:18:77:05:ba:e4:91:38:f8:41:85:11:32:c3:02:5a:
                    80:0b:f2:1d:c5:78:3c:ec:d3:c8:7c:f0:30:52:3c:db:
                    e3:b0:4d:6f:d6:75:f5:2c:76:ef:18:65:28:c9:2e:ec:
                    fd:df:cb:8a:86:ff:df:5f:43:20:c1:e1:bf:f9:00:70:
                    56:2b:9e:6c:d1:80:96:4e:bd:7e:99:82:cb:2d:5c:df:
                    70:51:e0:db:38:88:7f:1f:31:a8:24:06:e7:69:ab:6a:
                    3d:71:e4:16:ed:b4:90:4f:3a:2c:ae:f2:62:6c:7e:cc:
                    33:dd:a1:69:d5:c0:f4:21:23:54:5e:c6:af:f7:d9:91:
                    71:5b:2f:45:c6:92:10:24:ed:c9:a3:34:6c:db:ee:e2:
                    18:cc:a1:43:52:92:13:d0:b8:93:26:65:92:6e:fb:cf:
                    a8:0e:75:4b:7e:bf:70:9e:7e:11:03:1a:1c:ce:d4:9c:
                    23:ce:bc:e1:05:09:8e:85:26:32:62:31:af:4c:c6:5e:
                    a0:2f:2c:73:52:fe:b4:8d:6d:9a:72:7a:e6:0f:46:3e:
                    7c:6d:04:08:61:38:10:65:31:01:d5:41:a5:65:1c:df:
                    17:4d:f1:84:26:75:17:27:d4:2e:06:fd:d5:f8:01:ca:
                    08:24:89:8d:93:ce:01:6d:c6:6c:79:39:de:c9:24:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:a0:dc:18:23:c9:cd:f6:64:78:83:ed:4f:59:a8:42:
        0e:69:49:07:28:13:8d:cf:d3:7d:1f:31:36:a3:3e:24:
        24:3c:fd:27:c5:94:bd:11:d9:4d:1d:1d:b4:96:d4:8c:
        67:00:17:f5:cd:c2:34:1d:a9:5f:2a:9a:0e:9a:12:74:
        fc:ca:70:d6:46:c7:d9:18:f6:aa:6c:4b:9f:da:73:08:
        09:ed:42:cf:cc:e0:53:70:01:a8:50:60:df:07:53:af:
        a0:28:b5:49:ab:0c:69:66:8f:6a:61:dc:e2:b4:bf:45:
        25:4d:f3:c8:17:d8:6a:77:9e:e7:d5:2d:0c:c5:3c:4a:
        da:3e:94:f6:0b:a2:b8:15:71:9e:2e:cd:d2:dd:1d:9c:
        94:db:f1:d2:18:a9:71:3a:44:ad:70:8e:e1:1d:67:4c:
        59:d8:a6:c5:9d:b4:db:d2:40:9b:77:ea:db:db:2c:11:
        1d:cb:2c:18:ca:c5:fd:2f:29:b7:89:cc:07:95:8c:a3:
        d4:aa:44:3e:ce:f0:e4:b5:0b:f3:cc:13:1a:b4:13:c5:
        eb:62:6a:ef:f5:6f:0c:65:4c:52:9d:c5:76:1d:ad:8c:
        9c:cd:8a:a1:25:57:dc:b4:f6:f3:4d:73:a9:b4:c9:9f:
        2d:90:f6:41:96:1c:e1:f7:ad:d0:1a:00:34:4f:82:c7
    Fingerprint (SHA-256):
        51:A3:C7:34:D8:99:DF:31:92:8F:E8:13:FC:42:8D:8B:1E:DE:6F:99:01:19:7E:EA:EB:FA:E8:A8:9B:B1:2A:F6
    Fingerprint (SHA1):
        38:FD:99:27:60:3A:54:B8:FC:D9:86:B3:D1:F1:CB:C7:20:03:22:09
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1750: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170270 (0x25711e1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:17:08 2016
            Not After : Mon Jun 28 17:17:08 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:75:30:00:b9:8e:fd:67:3d:d0:c5:6b:d0:7f:65:8d:
                    95:9a:19:60:ff:fd:ab:75:83:80:92:aa:ae:3a:43:25:
                    56:bc:0b:76:e6:24:07:8d:1c:87:96:3b:8c:9c:17:7a:
                    39:c5:0c:1f:a2:9c:ec:5b:69:eb:84:b0:b6:86:e3:19:
                    5d:f2:3a:7a:1a:68:8a:eb:30:91:9b:f7:44:90:e6:7d:
                    2e:ce:0a:55:5b:2f:09:52:02:b8:19:72:85:69:bd:5d:
                    ed:e4:9e:47:00:cc:45:06:cd:92:9e:94:a0:a2:ac:2e:
                    5f:b0:a1:fa:f8:00:3d:c9:e3:93:26:75:b8:3b:c5:e6:
                    82:d3:21:3e:74:7e:e8:4c:e8:e4:ac:ba:76:be:2f:7c:
                    15:a7:47:98:90:ef:2c:8b:a8:67:23:04:97:22:8a:62:
                    53:2e:66:db:03:25:35:c4:75:62:55:1f:28:8d:6e:4d:
                    5b:cf:58:d6:d3:17:e3:51:98:04:08:a2:8f:2b:ac:e7:
                    40:52:17:59:11:60:14:ff:13:76:32:fc:8a:4c:8e:08:
                    84:81:d3:ea:af:4b:8e:e7:b8:8c:4d:3f:a1:e6:de:b6:
                    e9:69:7e:e4:99:f4:8b:3a:1d:98:79:9a:8c:7f:63:4f:
                    99:73:b8:d9:10:ab:af:85:09:d0:ad:c6:4e:8e:42:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        99:48:68:a3:59:b5:2c:c1:61:d9:5c:a9:59:ca:3d:3c:
        fa:94:c3:e9:57:af:ee:a4:ed:a2:7c:ed:bf:e4:08:f4:
        91:fa:51:f4:72:2b:04:80:45:35:36:1a:0a:c6:35:19:
        d7:4a:7d:e1:f4:04:a2:e4:d2:70:13:1c:4b:5c:7b:07:
        4f:9b:3d:6e:20:6c:8b:a3:2a:5c:0a:62:d8:da:71:da:
        8e:0a:c0:76:d2:dc:14:62:5b:ab:e5:47:5e:5e:0a:4c:
        65:52:b8:63:35:f1:3d:65:a4:9e:58:8b:de:b2:ee:d2:
        5e:c0:3a:68:06:e9:0c:3a:40:a1:e7:cc:1f:76:c1:59:
        a8:a4:64:58:80:a5:4e:1e:0c:4b:7f:fd:64:68:c4:48:
        48:8f:24:2f:a2:ae:77:36:37:74:51:68:a6:f6:01:c2:
        ac:35:28:d8:5d:dd:44:74:ce:ab:1d:18:47:91:7f:5a:
        36:44:5c:7d:b0:6d:70:5a:38:5c:32:08:a6:2c:9f:70:
        58:f8:a8:3c:1b:92:a8:96:9b:dc:ff:9f:31:94:91:62:
        b2:bb:47:2a:c1:9e:8d:81:37:b3:1a:3c:60:d6:3b:ec:
        a4:0e:53:c3:0a:de:42:01:27:6a:a8:6c:67:14:2b:79:
        86:84:98:e6:79:5c:9c:4c:55:b1:1f:20:9c:40:f3:f0
    Fingerprint (SHA-256):
        7A:95:B2:E1:F5:B3:1A:3F:DF:A7:FD:A8:28:D1:51:8A:7C:A0:A0:27:F8:E1:D0:BF:51:F8:76:39:7D:78:1F:1E
    Fingerprint (SHA1):
        E9:20:C5:7E:67:9E:A6:4D:84:18:2F:DE:84:8F:D0:3A:FF:FC:3A:02
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1751: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170268 (0x25711e1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:16:43 2016
            Not After : Mon Jun 28 17:16:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:18:77:05:ba:e4:91:38:f8:41:85:11:32:c3:02:5a:
                    80:0b:f2:1d:c5:78:3c:ec:d3:c8:7c:f0:30:52:3c:db:
                    e3:b0:4d:6f:d6:75:f5:2c:76:ef:18:65:28:c9:2e:ec:
                    fd:df:cb:8a:86:ff:df:5f:43:20:c1:e1:bf:f9:00:70:
                    56:2b:9e:6c:d1:80:96:4e:bd:7e:99:82:cb:2d:5c:df:
                    70:51:e0:db:38:88:7f:1f:31:a8:24:06:e7:69:ab:6a:
                    3d:71:e4:16:ed:b4:90:4f:3a:2c:ae:f2:62:6c:7e:cc:
                    33:dd:a1:69:d5:c0:f4:21:23:54:5e:c6:af:f7:d9:91:
                    71:5b:2f:45:c6:92:10:24:ed:c9:a3:34:6c:db:ee:e2:
                    18:cc:a1:43:52:92:13:d0:b8:93:26:65:92:6e:fb:cf:
                    a8:0e:75:4b:7e:bf:70:9e:7e:11:03:1a:1c:ce:d4:9c:
                    23:ce:bc:e1:05:09:8e:85:26:32:62:31:af:4c:c6:5e:
                    a0:2f:2c:73:52:fe:b4:8d:6d:9a:72:7a:e6:0f:46:3e:
                    7c:6d:04:08:61:38:10:65:31:01:d5:41:a5:65:1c:df:
                    17:4d:f1:84:26:75:17:27:d4:2e:06:fd:d5:f8:01:ca:
                    08:24:89:8d:93:ce:01:6d:c6:6c:79:39:de:c9:24:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:a0:dc:18:23:c9:cd:f6:64:78:83:ed:4f:59:a8:42:
        0e:69:49:07:28:13:8d:cf:d3:7d:1f:31:36:a3:3e:24:
        24:3c:fd:27:c5:94:bd:11:d9:4d:1d:1d:b4:96:d4:8c:
        67:00:17:f5:cd:c2:34:1d:a9:5f:2a:9a:0e:9a:12:74:
        fc:ca:70:d6:46:c7:d9:18:f6:aa:6c:4b:9f:da:73:08:
        09:ed:42:cf:cc:e0:53:70:01:a8:50:60:df:07:53:af:
        a0:28:b5:49:ab:0c:69:66:8f:6a:61:dc:e2:b4:bf:45:
        25:4d:f3:c8:17:d8:6a:77:9e:e7:d5:2d:0c:c5:3c:4a:
        da:3e:94:f6:0b:a2:b8:15:71:9e:2e:cd:d2:dd:1d:9c:
        94:db:f1:d2:18:a9:71:3a:44:ad:70:8e:e1:1d:67:4c:
        59:d8:a6:c5:9d:b4:db:d2:40:9b:77:ea:db:db:2c:11:
        1d:cb:2c:18:ca:c5:fd:2f:29:b7:89:cc:07:95:8c:a3:
        d4:aa:44:3e:ce:f0:e4:b5:0b:f3:cc:13:1a:b4:13:c5:
        eb:62:6a:ef:f5:6f:0c:65:4c:52:9d:c5:76:1d:ad:8c:
        9c:cd:8a:a1:25:57:dc:b4:f6:f3:4d:73:a9:b4:c9:9f:
        2d:90:f6:41:96:1c:e1:f7:ad:d0:1a:00:34:4f:82:c7
    Fingerprint (SHA-256):
        51:A3:C7:34:D8:99:DF:31:92:8F:E8:13:FC:42:8D:8B:1E:DE:6F:99:01:19:7E:EA:EB:FA:E8:A8:9B:B1:2A:F6
    Fingerprint (SHA1):
        38:FD:99:27:60:3A:54:B8:FC:D9:86:B3:D1:F1:CB:C7:20:03:22:09
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1752: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #1753: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170268 (0x25711e1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:16:43 2016
            Not After : Mon Jun 28 17:16:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:18:77:05:ba:e4:91:38:f8:41:85:11:32:c3:02:5a:
                    80:0b:f2:1d:c5:78:3c:ec:d3:c8:7c:f0:30:52:3c:db:
                    e3:b0:4d:6f:d6:75:f5:2c:76:ef:18:65:28:c9:2e:ec:
                    fd:df:cb:8a:86:ff:df:5f:43:20:c1:e1:bf:f9:00:70:
                    56:2b:9e:6c:d1:80:96:4e:bd:7e:99:82:cb:2d:5c:df:
                    70:51:e0:db:38:88:7f:1f:31:a8:24:06:e7:69:ab:6a:
                    3d:71:e4:16:ed:b4:90:4f:3a:2c:ae:f2:62:6c:7e:cc:
                    33:dd:a1:69:d5:c0:f4:21:23:54:5e:c6:af:f7:d9:91:
                    71:5b:2f:45:c6:92:10:24:ed:c9:a3:34:6c:db:ee:e2:
                    18:cc:a1:43:52:92:13:d0:b8:93:26:65:92:6e:fb:cf:
                    a8:0e:75:4b:7e:bf:70:9e:7e:11:03:1a:1c:ce:d4:9c:
                    23:ce:bc:e1:05:09:8e:85:26:32:62:31:af:4c:c6:5e:
                    a0:2f:2c:73:52:fe:b4:8d:6d:9a:72:7a:e6:0f:46:3e:
                    7c:6d:04:08:61:38:10:65:31:01:d5:41:a5:65:1c:df:
                    17:4d:f1:84:26:75:17:27:d4:2e:06:fd:d5:f8:01:ca:
                    08:24:89:8d:93:ce:01:6d:c6:6c:79:39:de:c9:24:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:a0:dc:18:23:c9:cd:f6:64:78:83:ed:4f:59:a8:42:
        0e:69:49:07:28:13:8d:cf:d3:7d:1f:31:36:a3:3e:24:
        24:3c:fd:27:c5:94:bd:11:d9:4d:1d:1d:b4:96:d4:8c:
        67:00:17:f5:cd:c2:34:1d:a9:5f:2a:9a:0e:9a:12:74:
        fc:ca:70:d6:46:c7:d9:18:f6:aa:6c:4b:9f:da:73:08:
        09:ed:42:cf:cc:e0:53:70:01:a8:50:60:df:07:53:af:
        a0:28:b5:49:ab:0c:69:66:8f:6a:61:dc:e2:b4:bf:45:
        25:4d:f3:c8:17:d8:6a:77:9e:e7:d5:2d:0c:c5:3c:4a:
        da:3e:94:f6:0b:a2:b8:15:71:9e:2e:cd:d2:dd:1d:9c:
        94:db:f1:d2:18:a9:71:3a:44:ad:70:8e:e1:1d:67:4c:
        59:d8:a6:c5:9d:b4:db:d2:40:9b:77:ea:db:db:2c:11:
        1d:cb:2c:18:ca:c5:fd:2f:29:b7:89:cc:07:95:8c:a3:
        d4:aa:44:3e:ce:f0:e4:b5:0b:f3:cc:13:1a:b4:13:c5:
        eb:62:6a:ef:f5:6f:0c:65:4c:52:9d:c5:76:1d:ad:8c:
        9c:cd:8a:a1:25:57:dc:b4:f6:f3:4d:73:a9:b4:c9:9f:
        2d:90:f6:41:96:1c:e1:f7:ad:d0:1a:00:34:4f:82:c7
    Fingerprint (SHA-256):
        51:A3:C7:34:D8:99:DF:31:92:8F:E8:13:FC:42:8D:8B:1E:DE:6F:99:01:19:7E:EA:EB:FA:E8:A8:9B:B1:2A:F6
    Fingerprint (SHA1):
        38:FD:99:27:60:3A:54:B8:FC:D9:86:B3:D1:F1:CB:C7:20:03:22:09
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1754: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170270 (0x25711e1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:17:08 2016
            Not After : Mon Jun 28 17:17:08 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:75:30:00:b9:8e:fd:67:3d:d0:c5:6b:d0:7f:65:8d:
                    95:9a:19:60:ff:fd:ab:75:83:80:92:aa:ae:3a:43:25:
                    56:bc:0b:76:e6:24:07:8d:1c:87:96:3b:8c:9c:17:7a:
                    39:c5:0c:1f:a2:9c:ec:5b:69:eb:84:b0:b6:86:e3:19:
                    5d:f2:3a:7a:1a:68:8a:eb:30:91:9b:f7:44:90:e6:7d:
                    2e:ce:0a:55:5b:2f:09:52:02:b8:19:72:85:69:bd:5d:
                    ed:e4:9e:47:00:cc:45:06:cd:92:9e:94:a0:a2:ac:2e:
                    5f:b0:a1:fa:f8:00:3d:c9:e3:93:26:75:b8:3b:c5:e6:
                    82:d3:21:3e:74:7e:e8:4c:e8:e4:ac:ba:76:be:2f:7c:
                    15:a7:47:98:90:ef:2c:8b:a8:67:23:04:97:22:8a:62:
                    53:2e:66:db:03:25:35:c4:75:62:55:1f:28:8d:6e:4d:
                    5b:cf:58:d6:d3:17:e3:51:98:04:08:a2:8f:2b:ac:e7:
                    40:52:17:59:11:60:14:ff:13:76:32:fc:8a:4c:8e:08:
                    84:81:d3:ea:af:4b:8e:e7:b8:8c:4d:3f:a1:e6:de:b6:
                    e9:69:7e:e4:99:f4:8b:3a:1d:98:79:9a:8c:7f:63:4f:
                    99:73:b8:d9:10:ab:af:85:09:d0:ad:c6:4e:8e:42:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        99:48:68:a3:59:b5:2c:c1:61:d9:5c:a9:59:ca:3d:3c:
        fa:94:c3:e9:57:af:ee:a4:ed:a2:7c:ed:bf:e4:08:f4:
        91:fa:51:f4:72:2b:04:80:45:35:36:1a:0a:c6:35:19:
        d7:4a:7d:e1:f4:04:a2:e4:d2:70:13:1c:4b:5c:7b:07:
        4f:9b:3d:6e:20:6c:8b:a3:2a:5c:0a:62:d8:da:71:da:
        8e:0a:c0:76:d2:dc:14:62:5b:ab:e5:47:5e:5e:0a:4c:
        65:52:b8:63:35:f1:3d:65:a4:9e:58:8b:de:b2:ee:d2:
        5e:c0:3a:68:06:e9:0c:3a:40:a1:e7:cc:1f:76:c1:59:
        a8:a4:64:58:80:a5:4e:1e:0c:4b:7f:fd:64:68:c4:48:
        48:8f:24:2f:a2:ae:77:36:37:74:51:68:a6:f6:01:c2:
        ac:35:28:d8:5d:dd:44:74:ce:ab:1d:18:47:91:7f:5a:
        36:44:5c:7d:b0:6d:70:5a:38:5c:32:08:a6:2c:9f:70:
        58:f8:a8:3c:1b:92:a8:96:9b:dc:ff:9f:31:94:91:62:
        b2:bb:47:2a:c1:9e:8d:81:37:b3:1a:3c:60:d6:3b:ec:
        a4:0e:53:c3:0a:de:42:01:27:6a:a8:6c:67:14:2b:79:
        86:84:98:e6:79:5c:9c:4c:55:b1:1f:20:9c:40:f3:f0
    Fingerprint (SHA-256):
        7A:95:B2:E1:F5:B3:1A:3F:DF:A7:FD:A8:28:D1:51:8A:7C:A0:A0:27:F8:E1:D0:BF:51:F8:76:39:7D:78:1F:1E
    Fingerprint (SHA1):
        E9:20:C5:7E:67:9E:A6:4D:84:18:2F:DE:84:8F:D0:3A:FF:FC:3A:02
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1755: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #1756: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #1757: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #1758: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170268 (0x25711e1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:16:43 2016
            Not After : Mon Jun 28 17:16:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:18:77:05:ba:e4:91:38:f8:41:85:11:32:c3:02:5a:
                    80:0b:f2:1d:c5:78:3c:ec:d3:c8:7c:f0:30:52:3c:db:
                    e3:b0:4d:6f:d6:75:f5:2c:76:ef:18:65:28:c9:2e:ec:
                    fd:df:cb:8a:86:ff:df:5f:43:20:c1:e1:bf:f9:00:70:
                    56:2b:9e:6c:d1:80:96:4e:bd:7e:99:82:cb:2d:5c:df:
                    70:51:e0:db:38:88:7f:1f:31:a8:24:06:e7:69:ab:6a:
                    3d:71:e4:16:ed:b4:90:4f:3a:2c:ae:f2:62:6c:7e:cc:
                    33:dd:a1:69:d5:c0:f4:21:23:54:5e:c6:af:f7:d9:91:
                    71:5b:2f:45:c6:92:10:24:ed:c9:a3:34:6c:db:ee:e2:
                    18:cc:a1:43:52:92:13:d0:b8:93:26:65:92:6e:fb:cf:
                    a8:0e:75:4b:7e:bf:70:9e:7e:11:03:1a:1c:ce:d4:9c:
                    23:ce:bc:e1:05:09:8e:85:26:32:62:31:af:4c:c6:5e:
                    a0:2f:2c:73:52:fe:b4:8d:6d:9a:72:7a:e6:0f:46:3e:
                    7c:6d:04:08:61:38:10:65:31:01:d5:41:a5:65:1c:df:
                    17:4d:f1:84:26:75:17:27:d4:2e:06:fd:d5:f8:01:ca:
                    08:24:89:8d:93:ce:01:6d:c6:6c:79:39:de:c9:24:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:a0:dc:18:23:c9:cd:f6:64:78:83:ed:4f:59:a8:42:
        0e:69:49:07:28:13:8d:cf:d3:7d:1f:31:36:a3:3e:24:
        24:3c:fd:27:c5:94:bd:11:d9:4d:1d:1d:b4:96:d4:8c:
        67:00:17:f5:cd:c2:34:1d:a9:5f:2a:9a:0e:9a:12:74:
        fc:ca:70:d6:46:c7:d9:18:f6:aa:6c:4b:9f:da:73:08:
        09:ed:42:cf:cc:e0:53:70:01:a8:50:60:df:07:53:af:
        a0:28:b5:49:ab:0c:69:66:8f:6a:61:dc:e2:b4:bf:45:
        25:4d:f3:c8:17:d8:6a:77:9e:e7:d5:2d:0c:c5:3c:4a:
        da:3e:94:f6:0b:a2:b8:15:71:9e:2e:cd:d2:dd:1d:9c:
        94:db:f1:d2:18:a9:71:3a:44:ad:70:8e:e1:1d:67:4c:
        59:d8:a6:c5:9d:b4:db:d2:40:9b:77:ea:db:db:2c:11:
        1d:cb:2c:18:ca:c5:fd:2f:29:b7:89:cc:07:95:8c:a3:
        d4:aa:44:3e:ce:f0:e4:b5:0b:f3:cc:13:1a:b4:13:c5:
        eb:62:6a:ef:f5:6f:0c:65:4c:52:9d:c5:76:1d:ad:8c:
        9c:cd:8a:a1:25:57:dc:b4:f6:f3:4d:73:a9:b4:c9:9f:
        2d:90:f6:41:96:1c:e1:f7:ad:d0:1a:00:34:4f:82:c7
    Fingerprint (SHA-256):
        51:A3:C7:34:D8:99:DF:31:92:8F:E8:13:FC:42:8D:8B:1E:DE:6F:99:01:19:7E:EA:EB:FA:E8:A8:9B:B1:2A:F6
    Fingerprint (SHA1):
        38:FD:99:27:60:3A:54:B8:FC:D9:86:B3:D1:F1:CB:C7:20:03:22:09
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1759: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170272 (0x25711e20)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:17:31 2016
            Not After : Mon Jun 28 17:17:31 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f5:67:ba:ad:2b:13:45:6a:71:d4:ba:f1:aa:e3:25:69:
                    31:d2:e4:48:8c:d3:8f:bc:e2:a9:46:db:47:42:a6:a3:
                    52:03:6a:bb:e4:9c:e6:6a:44:ff:35:7c:cc:fc:c9:72:
                    78:cd:b8:2a:e1:f1:9e:3d:f0:fc:44:84:0b:c3:cb:f0:
                    36:29:3a:1e:03:80:93:c0:15:7b:24:de:a4:f6:b4:c9:
                    6d:e6:2d:83:55:4e:c2:9d:25:7d:d2:1c:57:82:6f:de:
                    4e:8b:4e:3c:1c:80:a6:8a:37:a2:8e:9a:ec:82:10:d0:
                    70:5e:f1:48:06:60:18:37:54:81:28:cc:ee:c5:21:38:
                    e6:f4:c9:ab:20:de:28:05:0a:78:53:30:9c:b3:35:b9:
                    07:f6:cd:59:43:d5:fb:3c:6d:58:84:52:d6:0f:df:a4:
                    ee:9f:4c:67:e9:7a:d3:c2:c6:fc:f5:0d:5c:9a:ea:cd:
                    eb:f9:b5:d9:60:ef:0c:d0:bf:a1:f5:f6:04:0f:bd:a3:
                    a5:44:7e:f5:3c:33:d3:01:7b:09:4d:79:04:58:6f:cd:
                    ec:71:e1:3d:9b:2c:8f:53:f8:6f:e3:11:ab:56:9e:42:
                    e3:3a:79:77:21:74:f8:c5:61:df:24:47:85:eb:47:35:
                    90:b6:75:3f:82:52:8b:0b:86:d9:0d:36:f5:9b:e2:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3f:18:fe:01:52:a7:7b:58:74:b6:c2:7f:a8:43:d3:0f:
        ec:96:26:64:f3:d1:ea:f6:4d:88:fe:98:ac:71:06:8a:
        ae:ac:63:4c:49:f5:3c:da:41:81:e4:fa:2f:2e:5e:10:
        2a:df:77:0b:0f:b9:d3:c4:9e:e6:e3:5a:90:68:ef:53:
        0b:23:ad:56:4d:54:32:3e:7d:2d:7c:46:4c:c4:78:2e:
        b5:38:39:d3:98:88:eb:12:69:71:8d:11:ba:c4:c2:82:
        54:c9:4e:07:e5:73:72:f5:bf:76:ee:18:06:c6:98:47:
        af:e7:df:90:ef:28:78:89:37:c2:25:15:35:e9:70:44:
        4b:92:54:c5:37:35:82:cd:cb:b2:26:ae:09:cb:94:03:
        5f:7a:0e:88:2a:58:47:e7:3f:c6:fb:5e:74:6b:39:58:
        34:6f:8f:6c:7d:c5:ae:0f:c9:6b:23:7c:7f:99:b7:54:
        d4:a8:26:62:cc:79:56:96:8d:4c:da:2d:c1:96:0c:f3:
        e8:36:69:b6:76:3b:31:39:16:a2:d8:87:b4:5d:23:9b:
        50:76:fc:ab:3f:ef:ed:4b:14:f6:9a:66:70:64:89:5d:
        57:c7:2a:b0:a8:85:28:b0:cc:42:38:4b:b8:0e:1f:d1:
        34:2d:52:06:69:04:37:3b:84:f5:96:86:09:c0:42:d1
    Fingerprint (SHA-256):
        A5:55:A3:CD:10:91:F4:07:D3:F4:A3:79:AD:46:D2:F5:5B:68:86:E2:04:C8:8E:69:99:5A:16:4F:12:DA:17:A5
    Fingerprint (SHA1):
        75:30:F5:8B:C3:15:14:85:2D:DB:5B:8D:95:91:63:35:1D:7A:9D:40
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #1760: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170268 (0x25711e1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:16:43 2016
            Not After : Mon Jun 28 17:16:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:18:77:05:ba:e4:91:38:f8:41:85:11:32:c3:02:5a:
                    80:0b:f2:1d:c5:78:3c:ec:d3:c8:7c:f0:30:52:3c:db:
                    e3:b0:4d:6f:d6:75:f5:2c:76:ef:18:65:28:c9:2e:ec:
                    fd:df:cb:8a:86:ff:df:5f:43:20:c1:e1:bf:f9:00:70:
                    56:2b:9e:6c:d1:80:96:4e:bd:7e:99:82:cb:2d:5c:df:
                    70:51:e0:db:38:88:7f:1f:31:a8:24:06:e7:69:ab:6a:
                    3d:71:e4:16:ed:b4:90:4f:3a:2c:ae:f2:62:6c:7e:cc:
                    33:dd:a1:69:d5:c0:f4:21:23:54:5e:c6:af:f7:d9:91:
                    71:5b:2f:45:c6:92:10:24:ed:c9:a3:34:6c:db:ee:e2:
                    18:cc:a1:43:52:92:13:d0:b8:93:26:65:92:6e:fb:cf:
                    a8:0e:75:4b:7e:bf:70:9e:7e:11:03:1a:1c:ce:d4:9c:
                    23:ce:bc:e1:05:09:8e:85:26:32:62:31:af:4c:c6:5e:
                    a0:2f:2c:73:52:fe:b4:8d:6d:9a:72:7a:e6:0f:46:3e:
                    7c:6d:04:08:61:38:10:65:31:01:d5:41:a5:65:1c:df:
                    17:4d:f1:84:26:75:17:27:d4:2e:06:fd:d5:f8:01:ca:
                    08:24:89:8d:93:ce:01:6d:c6:6c:79:39:de:c9:24:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:a0:dc:18:23:c9:cd:f6:64:78:83:ed:4f:59:a8:42:
        0e:69:49:07:28:13:8d:cf:d3:7d:1f:31:36:a3:3e:24:
        24:3c:fd:27:c5:94:bd:11:d9:4d:1d:1d:b4:96:d4:8c:
        67:00:17:f5:cd:c2:34:1d:a9:5f:2a:9a:0e:9a:12:74:
        fc:ca:70:d6:46:c7:d9:18:f6:aa:6c:4b:9f:da:73:08:
        09:ed:42:cf:cc:e0:53:70:01:a8:50:60:df:07:53:af:
        a0:28:b5:49:ab:0c:69:66:8f:6a:61:dc:e2:b4:bf:45:
        25:4d:f3:c8:17:d8:6a:77:9e:e7:d5:2d:0c:c5:3c:4a:
        da:3e:94:f6:0b:a2:b8:15:71:9e:2e:cd:d2:dd:1d:9c:
        94:db:f1:d2:18:a9:71:3a:44:ad:70:8e:e1:1d:67:4c:
        59:d8:a6:c5:9d:b4:db:d2:40:9b:77:ea:db:db:2c:11:
        1d:cb:2c:18:ca:c5:fd:2f:29:b7:89:cc:07:95:8c:a3:
        d4:aa:44:3e:ce:f0:e4:b5:0b:f3:cc:13:1a:b4:13:c5:
        eb:62:6a:ef:f5:6f:0c:65:4c:52:9d:c5:76:1d:ad:8c:
        9c:cd:8a:a1:25:57:dc:b4:f6:f3:4d:73:a9:b4:c9:9f:
        2d:90:f6:41:96:1c:e1:f7:ad:d0:1a:00:34:4f:82:c7
    Fingerprint (SHA-256):
        51:A3:C7:34:D8:99:DF:31:92:8F:E8:13:FC:42:8D:8B:1E:DE:6F:99:01:19:7E:EA:EB:FA:E8:A8:9B:B1:2A:F6
    Fingerprint (SHA1):
        38:FD:99:27:60:3A:54:B8:FC:D9:86:B3:D1:F1:CB:C7:20:03:22:09
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1761: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #1762: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #1763: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #1764: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #1765: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #1766: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170273 (0x25711e21)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:17:37 2016
            Not After : Mon Jun 28 17:17:37 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:1a:4f:32:ea:9e:61:a0:f1:22:7b:7b:ef:2a:3a:86:
                    f7:d9:e0:0e:b7:f6:1c:5c:6a:ff:38:48:40:e5:26:08:
                    e6:b2:3b:4f:41:92:ea:da:e0:d9:93:fb:75:c3:b7:41:
                    73:ff:d0:e8:31:0b:6f:68:13:1d:45:89:10:42:3b:a1:
                    93:16:df:c3:df:e3:1e:a2:d0:bd:66:5b:29:b1:9a:7f:
                    e5:68:01:d0:f9:0a:ba:d2:db:42:ee:5c:fe:c4:05:ef:
                    ae:67:7e:39:41:57:28:c0:be:08:37:ae:d1:aa:9f:53:
                    e6:79:ff:e3:6e:4e:7e:94:88:57:38:75:96:c4:7c:32:
                    ac:4b:e7:c1:12:bb:91:4a:36:3e:bb:53:da:57:bd:b9:
                    f1:c6:de:85:96:48:88:6a:9c:e8:b7:71:e1:3f:9c:8d:
                    4f:57:cb:ae:ba:08:6f:e6:39:dd:57:c8:d1:eb:36:24:
                    79:51:e5:dd:8c:ad:01:6c:90:2e:a7:d3:a2:5c:89:a0:
                    17:8b:c9:ab:c6:19:4d:c8:b4:2b:f2:bf:97:94:29:28:
                    5c:fc:8c:76:6e:c4:6f:8c:b9:17:44:0f:c3:49:d5:7d:
                    17:9f:22:03:6a:a0:be:e4:75:61:59:02:50:c4:78:a8:
                    1b:b5:d5:32:0a:50:50:43:d5:b2:d8:ea:c6:66:ae:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        07:78:26:23:71:7b:7a:ab:e8:6c:b0:7f:1d:f8:75:ce:
        9c:97:d8:55:39:26:7e:7b:91:98:5d:19:da:7e:43:29:
        07:a3:6a:b0:87:6f:74:7d:0b:2f:a7:cd:6d:57:a9:1d:
        27:65:e4:d1:e4:04:4f:79:e6:f7:12:8a:25:84:8a:87:
        b7:dc:be:d8:a7:04:36:d4:43:d6:25:38:01:4e:7f:60:
        3d:dc:55:f1:f7:c2:23:df:9b:f0:fd:08:59:c6:05:70:
        73:01:c4:96:9b:69:cb:19:bd:7e:45:8a:61:2e:3f:a4:
        c6:00:df:a0:c3:d0:4f:11:2a:a4:74:50:bc:10:fc:ac:
        90:cc:34:01:4c:0f:6e:d2:b4:70:0e:c1:35:e0:69:ca:
        f2:a7:71:d6:b1:00:c5:07:54:11:d9:05:52:c8:41:09:
        32:d3:87:ac:c4:6b:8a:b0:d3:da:45:9e:e2:11:57:21:
        56:26:bf:b4:37:bf:2f:20:77:46:e4:de:62:a5:43:69:
        c0:aa:9a:44:0d:11:4f:60:3b:ea:52:7e:99:ee:99:73:
        4d:23:2f:65:5b:ff:0b:ab:a0:2e:be:0f:d7:a2:07:c1:
        37:8a:ed:e5:fc:c0:51:3f:60:28:cc:14:72:18:71:06:
        4d:1e:bc:1a:02:f1:88:00:c3:be:8b:3c:ae:68:7f:64
    Fingerprint (SHA-256):
        3F:AE:EA:A8:8B:6B:6E:7D:54:58:49:B0:8D:4E:48:BC:7A:1C:6B:69:DC:99:F6:43:75:3C:3E:7A:73:24:A7:F2
    Fingerprint (SHA1):
        05:84:EB:FF:4C:1F:FD:D7:6B:6F:09:61:CE:06:F6:29:9D:49:20:9F
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1767: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #1768: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #1769: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #1770: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #1771: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #1772: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1773: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1774: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #1775: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1776: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1777: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1778: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1779: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #1780: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1781: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #1782: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1783: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #1784: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1785: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #1786: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1787: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #1788: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #1789: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #1790: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 26188 at Tue Jun 28 17:17:53 UTC 2016
kill -USR1 26188
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 26188 killed at Tue Jun 28 17:17:53 UTC 2016
httpserv starting at Tue Jun 28 17:17:53 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/OCSPCA3.crl \
         -O get-unknown -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:17:53 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 9169 >/dev/null 2>/dev/null
httpserv with PID 9169 found at Tue Jun 28 17:17:53 UTC 2016
httpserv with PID 9169 started at Tue Jun 28 17:17:53 UTC 2016
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #1791: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170275 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1792: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #1793: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #1794: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170276 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1795: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #1796: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #1797: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1798: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170277 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1799: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1800: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170278 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1801: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1802: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #1803: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1804: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1805: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628170279   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1806: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1807: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1808: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #1809: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #1810: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170276 (0x25711e24)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:08 2016
            Not After : Mon Jun 28 17:18:08 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:5d:fc:81:17:1b:5a:a1:b1:91:d7:d4:b7:6d:88:c7:
                    d7:65:ba:6e:0b:a4:6b:bf:27:ef:ca:83:a7:d0:86:40:
                    c5:54:23:ce:45:37:b6:8e:1e:63:0f:6a:f7:ec:fb:86:
                    65:ac:fc:12:29:76:87:1c:65:61:0d:f5:2a:6f:dd:7b:
                    e5:78:ce:1d:f8:e0:26:b7:2c:9f:8d:d8:df:73:5b:20:
                    5f:f2:9e:a8:88:fa:59:65:95:df:c5:dd:8b:81:0a:6a:
                    7d:c3:b5:e4:12:13:dc:34:29:67:96:5e:01:3a:b4:ac:
                    5f:87:82:f4:4d:8e:63:fb:04:35:69:c2:d1:8d:bd:d5:
                    e6:e6:79:bd:f1:50:a9:55:02:b9:1c:7d:4e:37:81:6d:
                    dc:2f:d4:60:1d:2e:ca:1c:fe:1a:bd:3a:fa:b4:a7:e0:
                    bb:50:45:4e:6d:06:22:52:91:52:32:23:8a:20:2a:cf:
                    6f:cb:0d:02:52:1f:bb:e2:96:2e:d9:d8:1d:47:36:b4:
                    1b:3c:52:e1:31:8b:36:59:30:b5:ff:eb:1f:f0:27:9e:
                    77:58:6b:b5:e8:55:74:6a:5c:9b:1f:f9:20:04:01:7e:
                    63:2a:11:5b:5d:d0:b2:40:e5:1b:4d:db:ff:62:49:04:
                    fc:7b:9e:18:6f:00:ff:bf:11:4f:91:14:a9:89:b5:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:0c:5e:63:75:4c:92:db:0d:ab:4b:56:13:da:50:df:
        a1:3f:2d:a1:98:a2:8c:a4:b9:14:6a:90:64:6a:2b:1a:
        bd:6a:94:98:e3:b4:f4:79:6a:75:0e:26:8a:f0:3f:f4:
        18:30:7f:45:63:16:bb:a2:a5:6b:aa:be:09:5e:12:7a:
        47:06:05:9e:cb:0c:a0:27:03:fb:ff:72:bd:ce:2b:1c:
        c6:b3:3e:3c:8a:df:71:01:62:12:78:81:04:dc:58:b2:
        77:b1:b9:b6:40:6b:72:70:de:fa:a6:b9:fe:5a:53:ec:
        ec:e2:27:20:98:ed:49:16:7c:61:25:ed:2a:1a:b9:9d:
        ea:3a:f0:45:6a:1c:91:14:c3:18:ca:c9:1d:49:a8:5a:
        eb:29:63:eb:75:8f:0b:bb:17:42:51:98:c5:39:ce:8d:
        da:d7:a5:59:18:67:f0:fe:ea:2b:72:b6:2e:7a:ce:7a:
        3c:f7:68:26:ed:85:e5:f8:5c:66:a7:2f:55:c0:3f:0f:
        49:9e:19:6c:dd:59:02:b7:3d:09:d7:56:3b:be:ce:0a:
        9b:eb:c1:fd:8b:59:eb:20:4e:74:38:61:a1:48:38:a1:
        f0:ec:a5:76:08:0b:ad:95:89:2a:c1:06:22:1c:22:c1:
        58:0b:16:57:d5:02:b7:4a:55:77:8d:76:ba:e4:41:eb
    Fingerprint (SHA-256):
        A4:C5:0B:C1:BF:4E:EE:13:3F:75:14:55:87:D2:B3:5F:53:27:90:17:A7:1B:CA:56:DD:B7:E8:A2:6F:36:72:0D
    Fingerprint (SHA1):
        06:B4:6A:BF:E4:34:B7:AA:47:42:A6:2B:1F:49:B8:61:31:B6:3F:34
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1811: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170275 (0x25711e23)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:03 2016
            Not After : Mon Jun 28 17:18:03 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:a2:7d:cb:4a:d0:73:50:88:d2:ef:01:e6:2b:10:e8:
                    b6:3e:66:a1:0a:bf:08:3c:4b:9f:72:ee:fa:e9:e9:79:
                    43:28:a9:ab:29:91:47:4c:51:a9:13:2b:6a:62:7b:f5:
                    cc:e6:ad:30:cb:e3:35:16:04:ac:27:5d:31:fc:2a:b3:
                    25:29:27:af:29:03:f8:47:99:28:52:51:b1:6c:2f:20:
                    42:98:cf:ae:5d:80:3a:6b:7b:91:70:ac:c9:5a:53:d7:
                    b5:80:46:65:bc:1c:56:8d:28:70:7e:63:ac:5f:a0:6a:
                    95:73:f0:04:ea:ce:26:af:d1:2f:90:9d:f9:e5:c0:cc:
                    9e:99:bb:4f:d1:99:6a:a8:73:66:a2:8b:2b:40:bf:45:
                    fd:eb:c5:b6:c1:e0:48:fb:46:bb:9d:50:5a:7f:35:59:
                    2c:a0:04:b1:2c:56:02:00:a7:23:58:05:21:d8:28:6c:
                    00:19:f3:42:4f:c0:52:6b:57:eb:97:16:e6:b4:f8:72:
                    b8:2d:77:a0:c0:bc:85:04:09:8d:7f:5b:eb:cb:68:94:
                    01:5a:39:e1:a2:ce:dd:94:5a:29:cd:2e:12:d3:bb:6c:
                    9c:01:e2:ba:8f:48:63:48:38:3f:58:09:54:e5:e6:f7:
                    f0:09:65:d3:5c:09:93:fe:df:36:d2:17:bb:87:74:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:49:0f:c3:82:29:6d:76:5b:6b:83:de:04:1b:be:f9:
        db:d0:e1:61:a5:27:8c:9a:6c:ce:e2:39:78:93:ff:3c:
        24:9a:66:8f:f2:e2:80:6d:f6:83:d8:00:4b:51:de:fd:
        b9:b4:13:20:c2:fa:f4:b5:88:96:bd:1e:aa:cd:37:2d:
        d0:1b:89:27:ec:f1:d1:04:c5:4d:b4:9c:a5:1c:95:cd:
        75:8b:86:2e:b0:b3:71:3c:82:b4:18:ef:38:bc:12:5f:
        9a:94:e8:ea:64:e0:d2:e1:1c:31:13:da:9e:cc:f5:99:
        3c:d1:35:ae:89:4e:c6:e3:12:72:b6:eb:52:46:77:da:
        a0:86:1d:f7:c5:1e:19:64:80:fe:51:aa:19:2d:ae:b5:
        45:75:a3:95:27:50:fb:35:56:64:b8:1b:ed:60:bb:46:
        98:fb:f3:22:39:1a:62:0d:77:eb:6c:b6:4b:19:7a:47:
        e3:15:6a:b6:41:2c:54:7f:82:19:4c:8c:ab:90:36:b9:
        0a:c3:9e:b3:7e:80:b1:05:fa:72:2a:66:0e:3f:33:ae:
        de:ae:c2:6a:f4:4e:1a:e1:54:29:9f:49:d3:8c:63:45:
        fe:72:4d:09:95:e9:3d:59:2a:8b:9f:15:58:1b:3b:d6:
        63:90:fc:b8:61:3f:8c:4d:ab:df:1d:40:fc:f1:ec:c2
    Fingerprint (SHA-256):
        A7:6E:2E:A4:74:3A:C0:7F:AE:24:A9:94:27:01:8F:28:89:47:E1:F8:B1:1B:AB:91:D9:AA:0F:BA:DA:22:A0:9B
    Fingerprint (SHA1):
        65:9D:1A:3E:94:E3:CB:E9:35:4B:11:03:78:52:34:96:55:0B:55:22
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1812: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1813: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #1814: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #1815: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170275 (0x25711e23)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:03 2016
            Not After : Mon Jun 28 17:18:03 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:a2:7d:cb:4a:d0:73:50:88:d2:ef:01:e6:2b:10:e8:
                    b6:3e:66:a1:0a:bf:08:3c:4b:9f:72:ee:fa:e9:e9:79:
                    43:28:a9:ab:29:91:47:4c:51:a9:13:2b:6a:62:7b:f5:
                    cc:e6:ad:30:cb:e3:35:16:04:ac:27:5d:31:fc:2a:b3:
                    25:29:27:af:29:03:f8:47:99:28:52:51:b1:6c:2f:20:
                    42:98:cf:ae:5d:80:3a:6b:7b:91:70:ac:c9:5a:53:d7:
                    b5:80:46:65:bc:1c:56:8d:28:70:7e:63:ac:5f:a0:6a:
                    95:73:f0:04:ea:ce:26:af:d1:2f:90:9d:f9:e5:c0:cc:
                    9e:99:bb:4f:d1:99:6a:a8:73:66:a2:8b:2b:40:bf:45:
                    fd:eb:c5:b6:c1:e0:48:fb:46:bb:9d:50:5a:7f:35:59:
                    2c:a0:04:b1:2c:56:02:00:a7:23:58:05:21:d8:28:6c:
                    00:19:f3:42:4f:c0:52:6b:57:eb:97:16:e6:b4:f8:72:
                    b8:2d:77:a0:c0:bc:85:04:09:8d:7f:5b:eb:cb:68:94:
                    01:5a:39:e1:a2:ce:dd:94:5a:29:cd:2e:12:d3:bb:6c:
                    9c:01:e2:ba:8f:48:63:48:38:3f:58:09:54:e5:e6:f7:
                    f0:09:65:d3:5c:09:93:fe:df:36:d2:17:bb:87:74:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:49:0f:c3:82:29:6d:76:5b:6b:83:de:04:1b:be:f9:
        db:d0:e1:61:a5:27:8c:9a:6c:ce:e2:39:78:93:ff:3c:
        24:9a:66:8f:f2:e2:80:6d:f6:83:d8:00:4b:51:de:fd:
        b9:b4:13:20:c2:fa:f4:b5:88:96:bd:1e:aa:cd:37:2d:
        d0:1b:89:27:ec:f1:d1:04:c5:4d:b4:9c:a5:1c:95:cd:
        75:8b:86:2e:b0:b3:71:3c:82:b4:18:ef:38:bc:12:5f:
        9a:94:e8:ea:64:e0:d2:e1:1c:31:13:da:9e:cc:f5:99:
        3c:d1:35:ae:89:4e:c6:e3:12:72:b6:eb:52:46:77:da:
        a0:86:1d:f7:c5:1e:19:64:80:fe:51:aa:19:2d:ae:b5:
        45:75:a3:95:27:50:fb:35:56:64:b8:1b:ed:60:bb:46:
        98:fb:f3:22:39:1a:62:0d:77:eb:6c:b6:4b:19:7a:47:
        e3:15:6a:b6:41:2c:54:7f:82:19:4c:8c:ab:90:36:b9:
        0a:c3:9e:b3:7e:80:b1:05:fa:72:2a:66:0e:3f:33:ae:
        de:ae:c2:6a:f4:4e:1a:e1:54:29:9f:49:d3:8c:63:45:
        fe:72:4d:09:95:e9:3d:59:2a:8b:9f:15:58:1b:3b:d6:
        63:90:fc:b8:61:3f:8c:4d:ab:df:1d:40:fc:f1:ec:c2
    Fingerprint (SHA-256):
        A7:6E:2E:A4:74:3A:C0:7F:AE:24:A9:94:27:01:8F:28:89:47:E1:F8:B1:1B:AB:91:D9:AA:0F:BA:DA:22:A0:9B
    Fingerprint (SHA1):
        65:9D:1A:3E:94:E3:CB:E9:35:4B:11:03:78:52:34:96:55:0B:55:22
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1816: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170276 (0x25711e24)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:08 2016
            Not After : Mon Jun 28 17:18:08 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:5d:fc:81:17:1b:5a:a1:b1:91:d7:d4:b7:6d:88:c7:
                    d7:65:ba:6e:0b:a4:6b:bf:27:ef:ca:83:a7:d0:86:40:
                    c5:54:23:ce:45:37:b6:8e:1e:63:0f:6a:f7:ec:fb:86:
                    65:ac:fc:12:29:76:87:1c:65:61:0d:f5:2a:6f:dd:7b:
                    e5:78:ce:1d:f8:e0:26:b7:2c:9f:8d:d8:df:73:5b:20:
                    5f:f2:9e:a8:88:fa:59:65:95:df:c5:dd:8b:81:0a:6a:
                    7d:c3:b5:e4:12:13:dc:34:29:67:96:5e:01:3a:b4:ac:
                    5f:87:82:f4:4d:8e:63:fb:04:35:69:c2:d1:8d:bd:d5:
                    e6:e6:79:bd:f1:50:a9:55:02:b9:1c:7d:4e:37:81:6d:
                    dc:2f:d4:60:1d:2e:ca:1c:fe:1a:bd:3a:fa:b4:a7:e0:
                    bb:50:45:4e:6d:06:22:52:91:52:32:23:8a:20:2a:cf:
                    6f:cb:0d:02:52:1f:bb:e2:96:2e:d9:d8:1d:47:36:b4:
                    1b:3c:52:e1:31:8b:36:59:30:b5:ff:eb:1f:f0:27:9e:
                    77:58:6b:b5:e8:55:74:6a:5c:9b:1f:f9:20:04:01:7e:
                    63:2a:11:5b:5d:d0:b2:40:e5:1b:4d:db:ff:62:49:04:
                    fc:7b:9e:18:6f:00:ff:bf:11:4f:91:14:a9:89:b5:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:0c:5e:63:75:4c:92:db:0d:ab:4b:56:13:da:50:df:
        a1:3f:2d:a1:98:a2:8c:a4:b9:14:6a:90:64:6a:2b:1a:
        bd:6a:94:98:e3:b4:f4:79:6a:75:0e:26:8a:f0:3f:f4:
        18:30:7f:45:63:16:bb:a2:a5:6b:aa:be:09:5e:12:7a:
        47:06:05:9e:cb:0c:a0:27:03:fb:ff:72:bd:ce:2b:1c:
        c6:b3:3e:3c:8a:df:71:01:62:12:78:81:04:dc:58:b2:
        77:b1:b9:b6:40:6b:72:70:de:fa:a6:b9:fe:5a:53:ec:
        ec:e2:27:20:98:ed:49:16:7c:61:25:ed:2a:1a:b9:9d:
        ea:3a:f0:45:6a:1c:91:14:c3:18:ca:c9:1d:49:a8:5a:
        eb:29:63:eb:75:8f:0b:bb:17:42:51:98:c5:39:ce:8d:
        da:d7:a5:59:18:67:f0:fe:ea:2b:72:b6:2e:7a:ce:7a:
        3c:f7:68:26:ed:85:e5:f8:5c:66:a7:2f:55:c0:3f:0f:
        49:9e:19:6c:dd:59:02:b7:3d:09:d7:56:3b:be:ce:0a:
        9b:eb:c1:fd:8b:59:eb:20:4e:74:38:61:a1:48:38:a1:
        f0:ec:a5:76:08:0b:ad:95:89:2a:c1:06:22:1c:22:c1:
        58:0b:16:57:d5:02:b7:4a:55:77:8d:76:ba:e4:41:eb
    Fingerprint (SHA-256):
        A4:C5:0B:C1:BF:4E:EE:13:3F:75:14:55:87:D2:B3:5F:53:27:90:17:A7:1B:CA:56:DD:B7:E8:A2:6F:36:72:0D
    Fingerprint (SHA1):
        06:B4:6A:BF:E4:34:B7:AA:47:42:A6:2B:1F:49:B8:61:31:B6:3F:34
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1817: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #1818: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #1819: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1820: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1821: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #1822: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170276 (0x25711e24)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:08 2016
            Not After : Mon Jun 28 17:18:08 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:5d:fc:81:17:1b:5a:a1:b1:91:d7:d4:b7:6d:88:c7:
                    d7:65:ba:6e:0b:a4:6b:bf:27:ef:ca:83:a7:d0:86:40:
                    c5:54:23:ce:45:37:b6:8e:1e:63:0f:6a:f7:ec:fb:86:
                    65:ac:fc:12:29:76:87:1c:65:61:0d:f5:2a:6f:dd:7b:
                    e5:78:ce:1d:f8:e0:26:b7:2c:9f:8d:d8:df:73:5b:20:
                    5f:f2:9e:a8:88:fa:59:65:95:df:c5:dd:8b:81:0a:6a:
                    7d:c3:b5:e4:12:13:dc:34:29:67:96:5e:01:3a:b4:ac:
                    5f:87:82:f4:4d:8e:63:fb:04:35:69:c2:d1:8d:bd:d5:
                    e6:e6:79:bd:f1:50:a9:55:02:b9:1c:7d:4e:37:81:6d:
                    dc:2f:d4:60:1d:2e:ca:1c:fe:1a:bd:3a:fa:b4:a7:e0:
                    bb:50:45:4e:6d:06:22:52:91:52:32:23:8a:20:2a:cf:
                    6f:cb:0d:02:52:1f:bb:e2:96:2e:d9:d8:1d:47:36:b4:
                    1b:3c:52:e1:31:8b:36:59:30:b5:ff:eb:1f:f0:27:9e:
                    77:58:6b:b5:e8:55:74:6a:5c:9b:1f:f9:20:04:01:7e:
                    63:2a:11:5b:5d:d0:b2:40:e5:1b:4d:db:ff:62:49:04:
                    fc:7b:9e:18:6f:00:ff:bf:11:4f:91:14:a9:89:b5:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:0c:5e:63:75:4c:92:db:0d:ab:4b:56:13:da:50:df:
        a1:3f:2d:a1:98:a2:8c:a4:b9:14:6a:90:64:6a:2b:1a:
        bd:6a:94:98:e3:b4:f4:79:6a:75:0e:26:8a:f0:3f:f4:
        18:30:7f:45:63:16:bb:a2:a5:6b:aa:be:09:5e:12:7a:
        47:06:05:9e:cb:0c:a0:27:03:fb:ff:72:bd:ce:2b:1c:
        c6:b3:3e:3c:8a:df:71:01:62:12:78:81:04:dc:58:b2:
        77:b1:b9:b6:40:6b:72:70:de:fa:a6:b9:fe:5a:53:ec:
        ec:e2:27:20:98:ed:49:16:7c:61:25:ed:2a:1a:b9:9d:
        ea:3a:f0:45:6a:1c:91:14:c3:18:ca:c9:1d:49:a8:5a:
        eb:29:63:eb:75:8f:0b:bb:17:42:51:98:c5:39:ce:8d:
        da:d7:a5:59:18:67:f0:fe:ea:2b:72:b6:2e:7a:ce:7a:
        3c:f7:68:26:ed:85:e5:f8:5c:66:a7:2f:55:c0:3f:0f:
        49:9e:19:6c:dd:59:02:b7:3d:09:d7:56:3b:be:ce:0a:
        9b:eb:c1:fd:8b:59:eb:20:4e:74:38:61:a1:48:38:a1:
        f0:ec:a5:76:08:0b:ad:95:89:2a:c1:06:22:1c:22:c1:
        58:0b:16:57:d5:02:b7:4a:55:77:8d:76:ba:e4:41:eb
    Fingerprint (SHA-256):
        A4:C5:0B:C1:BF:4E:EE:13:3F:75:14:55:87:D2:B3:5F:53:27:90:17:A7:1B:CA:56:DD:B7:E8:A2:6F:36:72:0D
    Fingerprint (SHA1):
        06:B4:6A:BF:E4:34:B7:AA:47:42:A6:2B:1F:49:B8:61:31:B6:3F:34
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1823: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170276 (0x25711e24)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:08 2016
            Not After : Mon Jun 28 17:18:08 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:5d:fc:81:17:1b:5a:a1:b1:91:d7:d4:b7:6d:88:c7:
                    d7:65:ba:6e:0b:a4:6b:bf:27:ef:ca:83:a7:d0:86:40:
                    c5:54:23:ce:45:37:b6:8e:1e:63:0f:6a:f7:ec:fb:86:
                    65:ac:fc:12:29:76:87:1c:65:61:0d:f5:2a:6f:dd:7b:
                    e5:78:ce:1d:f8:e0:26:b7:2c:9f:8d:d8:df:73:5b:20:
                    5f:f2:9e:a8:88:fa:59:65:95:df:c5:dd:8b:81:0a:6a:
                    7d:c3:b5:e4:12:13:dc:34:29:67:96:5e:01:3a:b4:ac:
                    5f:87:82:f4:4d:8e:63:fb:04:35:69:c2:d1:8d:bd:d5:
                    e6:e6:79:bd:f1:50:a9:55:02:b9:1c:7d:4e:37:81:6d:
                    dc:2f:d4:60:1d:2e:ca:1c:fe:1a:bd:3a:fa:b4:a7:e0:
                    bb:50:45:4e:6d:06:22:52:91:52:32:23:8a:20:2a:cf:
                    6f:cb:0d:02:52:1f:bb:e2:96:2e:d9:d8:1d:47:36:b4:
                    1b:3c:52:e1:31:8b:36:59:30:b5:ff:eb:1f:f0:27:9e:
                    77:58:6b:b5:e8:55:74:6a:5c:9b:1f:f9:20:04:01:7e:
                    63:2a:11:5b:5d:d0:b2:40:e5:1b:4d:db:ff:62:49:04:
                    fc:7b:9e:18:6f:00:ff:bf:11:4f:91:14:a9:89:b5:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:0c:5e:63:75:4c:92:db:0d:ab:4b:56:13:da:50:df:
        a1:3f:2d:a1:98:a2:8c:a4:b9:14:6a:90:64:6a:2b:1a:
        bd:6a:94:98:e3:b4:f4:79:6a:75:0e:26:8a:f0:3f:f4:
        18:30:7f:45:63:16:bb:a2:a5:6b:aa:be:09:5e:12:7a:
        47:06:05:9e:cb:0c:a0:27:03:fb:ff:72:bd:ce:2b:1c:
        c6:b3:3e:3c:8a:df:71:01:62:12:78:81:04:dc:58:b2:
        77:b1:b9:b6:40:6b:72:70:de:fa:a6:b9:fe:5a:53:ec:
        ec:e2:27:20:98:ed:49:16:7c:61:25:ed:2a:1a:b9:9d:
        ea:3a:f0:45:6a:1c:91:14:c3:18:ca:c9:1d:49:a8:5a:
        eb:29:63:eb:75:8f:0b:bb:17:42:51:98:c5:39:ce:8d:
        da:d7:a5:59:18:67:f0:fe:ea:2b:72:b6:2e:7a:ce:7a:
        3c:f7:68:26:ed:85:e5:f8:5c:66:a7:2f:55:c0:3f:0f:
        49:9e:19:6c:dd:59:02:b7:3d:09:d7:56:3b:be:ce:0a:
        9b:eb:c1:fd:8b:59:eb:20:4e:74:38:61:a1:48:38:a1:
        f0:ec:a5:76:08:0b:ad:95:89:2a:c1:06:22:1c:22:c1:
        58:0b:16:57:d5:02:b7:4a:55:77:8d:76:ba:e4:41:eb
    Fingerprint (SHA-256):
        A4:C5:0B:C1:BF:4E:EE:13:3F:75:14:55:87:D2:B3:5F:53:27:90:17:A7:1B:CA:56:DD:B7:E8:A2:6F:36:72:0D
    Fingerprint (SHA1):
        06:B4:6A:BF:E4:34:B7:AA:47:42:A6:2B:1F:49:B8:61:31:B6:3F:34
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1824: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #1825: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #1826: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #1827: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #1828: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #1829: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170275 (0x25711e23)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:03 2016
            Not After : Mon Jun 28 17:18:03 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:a2:7d:cb:4a:d0:73:50:88:d2:ef:01:e6:2b:10:e8:
                    b6:3e:66:a1:0a:bf:08:3c:4b:9f:72:ee:fa:e9:e9:79:
                    43:28:a9:ab:29:91:47:4c:51:a9:13:2b:6a:62:7b:f5:
                    cc:e6:ad:30:cb:e3:35:16:04:ac:27:5d:31:fc:2a:b3:
                    25:29:27:af:29:03:f8:47:99:28:52:51:b1:6c:2f:20:
                    42:98:cf:ae:5d:80:3a:6b:7b:91:70:ac:c9:5a:53:d7:
                    b5:80:46:65:bc:1c:56:8d:28:70:7e:63:ac:5f:a0:6a:
                    95:73:f0:04:ea:ce:26:af:d1:2f:90:9d:f9:e5:c0:cc:
                    9e:99:bb:4f:d1:99:6a:a8:73:66:a2:8b:2b:40:bf:45:
                    fd:eb:c5:b6:c1:e0:48:fb:46:bb:9d:50:5a:7f:35:59:
                    2c:a0:04:b1:2c:56:02:00:a7:23:58:05:21:d8:28:6c:
                    00:19:f3:42:4f:c0:52:6b:57:eb:97:16:e6:b4:f8:72:
                    b8:2d:77:a0:c0:bc:85:04:09:8d:7f:5b:eb:cb:68:94:
                    01:5a:39:e1:a2:ce:dd:94:5a:29:cd:2e:12:d3:bb:6c:
                    9c:01:e2:ba:8f:48:63:48:38:3f:58:09:54:e5:e6:f7:
                    f0:09:65:d3:5c:09:93:fe:df:36:d2:17:bb:87:74:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:49:0f:c3:82:29:6d:76:5b:6b:83:de:04:1b:be:f9:
        db:d0:e1:61:a5:27:8c:9a:6c:ce:e2:39:78:93:ff:3c:
        24:9a:66:8f:f2:e2:80:6d:f6:83:d8:00:4b:51:de:fd:
        b9:b4:13:20:c2:fa:f4:b5:88:96:bd:1e:aa:cd:37:2d:
        d0:1b:89:27:ec:f1:d1:04:c5:4d:b4:9c:a5:1c:95:cd:
        75:8b:86:2e:b0:b3:71:3c:82:b4:18:ef:38:bc:12:5f:
        9a:94:e8:ea:64:e0:d2:e1:1c:31:13:da:9e:cc:f5:99:
        3c:d1:35:ae:89:4e:c6:e3:12:72:b6:eb:52:46:77:da:
        a0:86:1d:f7:c5:1e:19:64:80:fe:51:aa:19:2d:ae:b5:
        45:75:a3:95:27:50:fb:35:56:64:b8:1b:ed:60:bb:46:
        98:fb:f3:22:39:1a:62:0d:77:eb:6c:b6:4b:19:7a:47:
        e3:15:6a:b6:41:2c:54:7f:82:19:4c:8c:ab:90:36:b9:
        0a:c3:9e:b3:7e:80:b1:05:fa:72:2a:66:0e:3f:33:ae:
        de:ae:c2:6a:f4:4e:1a:e1:54:29:9f:49:d3:8c:63:45:
        fe:72:4d:09:95:e9:3d:59:2a:8b:9f:15:58:1b:3b:d6:
        63:90:fc:b8:61:3f:8c:4d:ab:df:1d:40:fc:f1:ec:c2
    Fingerprint (SHA-256):
        A7:6E:2E:A4:74:3A:C0:7F:AE:24:A9:94:27:01:8F:28:89:47:E1:F8:B1:1B:AB:91:D9:AA:0F:BA:DA:22:A0:9B
    Fingerprint (SHA1):
        65:9D:1A:3E:94:E3:CB:E9:35:4B:11:03:78:52:34:96:55:0B:55:22
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1830: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170275 (0x25711e23)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:03 2016
            Not After : Mon Jun 28 17:18:03 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:a2:7d:cb:4a:d0:73:50:88:d2:ef:01:e6:2b:10:e8:
                    b6:3e:66:a1:0a:bf:08:3c:4b:9f:72:ee:fa:e9:e9:79:
                    43:28:a9:ab:29:91:47:4c:51:a9:13:2b:6a:62:7b:f5:
                    cc:e6:ad:30:cb:e3:35:16:04:ac:27:5d:31:fc:2a:b3:
                    25:29:27:af:29:03:f8:47:99:28:52:51:b1:6c:2f:20:
                    42:98:cf:ae:5d:80:3a:6b:7b:91:70:ac:c9:5a:53:d7:
                    b5:80:46:65:bc:1c:56:8d:28:70:7e:63:ac:5f:a0:6a:
                    95:73:f0:04:ea:ce:26:af:d1:2f:90:9d:f9:e5:c0:cc:
                    9e:99:bb:4f:d1:99:6a:a8:73:66:a2:8b:2b:40:bf:45:
                    fd:eb:c5:b6:c1:e0:48:fb:46:bb:9d:50:5a:7f:35:59:
                    2c:a0:04:b1:2c:56:02:00:a7:23:58:05:21:d8:28:6c:
                    00:19:f3:42:4f:c0:52:6b:57:eb:97:16:e6:b4:f8:72:
                    b8:2d:77:a0:c0:bc:85:04:09:8d:7f:5b:eb:cb:68:94:
                    01:5a:39:e1:a2:ce:dd:94:5a:29:cd:2e:12:d3:bb:6c:
                    9c:01:e2:ba:8f:48:63:48:38:3f:58:09:54:e5:e6:f7:
                    f0:09:65:d3:5c:09:93:fe:df:36:d2:17:bb:87:74:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:49:0f:c3:82:29:6d:76:5b:6b:83:de:04:1b:be:f9:
        db:d0:e1:61:a5:27:8c:9a:6c:ce:e2:39:78:93:ff:3c:
        24:9a:66:8f:f2:e2:80:6d:f6:83:d8:00:4b:51:de:fd:
        b9:b4:13:20:c2:fa:f4:b5:88:96:bd:1e:aa:cd:37:2d:
        d0:1b:89:27:ec:f1:d1:04:c5:4d:b4:9c:a5:1c:95:cd:
        75:8b:86:2e:b0:b3:71:3c:82:b4:18:ef:38:bc:12:5f:
        9a:94:e8:ea:64:e0:d2:e1:1c:31:13:da:9e:cc:f5:99:
        3c:d1:35:ae:89:4e:c6:e3:12:72:b6:eb:52:46:77:da:
        a0:86:1d:f7:c5:1e:19:64:80:fe:51:aa:19:2d:ae:b5:
        45:75:a3:95:27:50:fb:35:56:64:b8:1b:ed:60:bb:46:
        98:fb:f3:22:39:1a:62:0d:77:eb:6c:b6:4b:19:7a:47:
        e3:15:6a:b6:41:2c:54:7f:82:19:4c:8c:ab:90:36:b9:
        0a:c3:9e:b3:7e:80:b1:05:fa:72:2a:66:0e:3f:33:ae:
        de:ae:c2:6a:f4:4e:1a:e1:54:29:9f:49:d3:8c:63:45:
        fe:72:4d:09:95:e9:3d:59:2a:8b:9f:15:58:1b:3b:d6:
        63:90:fc:b8:61:3f:8c:4d:ab:df:1d:40:fc:f1:ec:c2
    Fingerprint (SHA-256):
        A7:6E:2E:A4:74:3A:C0:7F:AE:24:A9:94:27:01:8F:28:89:47:E1:F8:B1:1B:AB:91:D9:AA:0F:BA:DA:22:A0:9B
    Fingerprint (SHA1):
        65:9D:1A:3E:94:E3:CB:E9:35:4B:11:03:78:52:34:96:55:0B:55:22
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #1831: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #1832: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170280 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1833: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #1834: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #1835: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170281 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1836: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #1837: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #1838: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170282 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1839: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #1840: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #1841: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170283 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1842: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #1843: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #1844: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170284 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1845: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #1846: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #1847: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170285 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1848: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #1849: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #1850: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170286 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1851: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #1852: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #1853: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170287 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1854: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #1855: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #1856: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170288 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1857: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #1858: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #1859: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1860: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628170289 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1861: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1862: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628170290 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1863: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1864: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628170291 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1865: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1866: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #1867: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #1868: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1869: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628170292 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1870: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1871: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628170293 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1872: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1873: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628170294 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1874: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1875: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #1876: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #1877: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1878: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628170295 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1879: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1880: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628170296 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1881: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1882: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628170297 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1883: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1884: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #1885: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #1886: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1887: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628170298 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1888: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1889: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628170299 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1890: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1891: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628170300 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1892: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1893: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #1894: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1895: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1896: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628170301   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1897: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1898: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #1899: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1900: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170302   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #1901: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1902: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170280 (0x25711e28)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:36 2016
            Not After : Mon Jun 28 17:18:36 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:82:51:77:2b:6c:30:06:25:29:9b:69:ee:9b:55:64:
                    0e:b0:ff:c4:b6:a5:ba:b3:0a:0e:49:b9:e6:18:b1:86:
                    95:e6:4b:5b:41:eb:01:fc:7e:5c:dc:84:b7:f1:1c:c9:
                    bb:98:a9:b5:a8:53:a4:75:a0:86:c0:9a:9c:fd:ad:49:
                    a4:ec:b5:e1:03:c9:44:0b:60:16:ab:15:fa:03:f9:6d:
                    62:ae:c9:cf:aa:e5:17:cb:92:73:92:a0:a4:21:4c:a5:
                    ce:7c:ce:8a:e5:07:2f:2b:9f:0f:f6:c4:22:1a:be:d6:
                    4a:be:1e:e4:70:63:3f:31:63:01:95:e5:7c:a2:55:c3:
                    8f:34:93:c6:99:44:3f:3d:07:ec:11:54:ad:10:8b:a1:
                    34:fa:9e:f3:9a:74:c5:a6:5b:29:46:99:c5:8d:5f:d2:
                    08:e5:82:67:c7:fd:bc:cd:b3:96:8c:d3:b5:83:51:7d:
                    6d:aa:fa:c3:57:73:8b:0d:1e:d6:aa:ae:b2:e1:a9:16:
                    68:4d:5c:92:a6:56:77:fd:a8:40:8c:ee:48:6d:44:3a:
                    10:0c:95:f7:23:10:53:a1:af:20:09:88:48:06:63:cc:
                    4b:23:f6:3a:fc:6e:3f:b6:13:ac:66:10:6c:dc:09:46:
                    58:c8:f9:21:fa:23:97:8c:cd:7c:61:56:49:8a:89:87
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        21:b2:cf:33:2c:9f:52:02:ff:1b:e3:18:de:9f:b8:8d:
        06:9d:27:7b:9a:5c:ca:43:94:ac:16:6b:ba:de:a5:5f:
        9d:9f:ac:ec:b2:a4:63:e7:ee:5b:9a:fc:a3:67:63:1d:
        e7:8a:8c:38:b6:28:57:4b:c5:5a:71:7f:9a:5c:e2:f3:
        c3:f8:09:db:61:ae:39:d8:67:7e:f8:9b:78:e5:7a:cc:
        96:27:52:bc:ea:a2:41:42:bf:8b:d5:a1:57:30:cf:86:
        0f:31:e4:fd:e1:b6:cf:8c:71:3e:7b:05:be:9e:65:aa:
        fe:f3:d2:64:59:14:dc:5c:99:48:81:27:b4:65:c4:44:
        a4:a6:49:28:7d:52:aa:7b:c8:1e:c1:23:01:6f:fe:7b:
        bd:13:f7:69:31:8d:92:f1:e9:50:bd:c2:87:f0:e2:fb:
        ff:0e:4c:a8:40:35:26:e0:84:ec:fe:b5:f9:d6:66:aa:
        28:2c:11:79:fd:de:e0:f1:0d:4a:f3:77:e2:4b:01:4c:
        64:2d:e6:a5:38:9a:c1:70:96:44:bb:7e:a3:72:ea:42:
        e7:2d:92:ec:60:fc:5e:9f:01:20:d3:11:d6:22:d2:c8:
        94:cf:15:81:db:97:af:f1:b7:30:18:b2:fa:eb:09:93:
        3a:09:e1:af:c6:b5:fa:1a:06:e1:f4:69:0d:0b:3e:eb
    Fingerprint (SHA-256):
        11:2E:1C:AA:E5:CC:2B:B7:19:A8:EE:3D:DB:BA:B2:EE:18:09:F2:48:E8:73:B7:66:5A:5E:46:E4:8B:F5:F3:17
    Fingerprint (SHA1):
        9C:71:36:0B:BE:C2:BD:5D:BF:26:1D:6B:38:B9:9B:04:B3:A5:4C:E0
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1903: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170281 (0x25711e29)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:40 2016
            Not After : Mon Jun 28 17:18:40 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:16:c2:d8:af:5b:7a:9c:c3:4d:fa:36:ff:b7:43:d6:
                    1c:8d:0f:6d:03:18:14:4a:6f:3d:1f:a3:82:cc:bf:16:
                    5d:d4:fb:d2:34:0e:6d:47:95:68:12:0d:48:af:1f:cd:
                    ad:28:c7:ea:9d:ee:f1:e0:85:ae:2c:88:70:07:43:78:
                    bd:7a:57:7e:8d:12:94:12:b9:3f:96:8c:b7:dd:6c:8c:
                    d8:67:ab:d9:79:97:b8:24:e8:db:89:41:32:a0:bf:48:
                    f0:ce:06:b1:1a:54:66:67:00:57:39:d2:f2:2b:ee:67:
                    e8:49:49:54:37:cd:e1:e9:02:31:18:f4:b9:ee:ff:85:
                    ca:c0:c7:63:b3:cf:fc:71:88:71:2b:db:71:95:b8:a0:
                    9b:9d:81:19:5e:73:a5:23:e4:ac:0f:ef:57:03:d7:70:
                    2d:e2:7e:82:02:49:5c:e1:aa:4f:91:77:6b:08:54:5c:
                    a7:f1:ab:ee:e7:e1:1d:73:11:67:4d:4d:6b:0f:a3:06:
                    68:b8:a4:c3:b9:88:00:ab:b9:76:b6:89:d5:17:3e:1c:
                    ea:8b:14:dd:a4:fa:22:36:c6:ee:5d:43:a0:5e:6c:1b:
                    75:3b:f8:2b:e4:20:7d:47:5d:28:27:1a:8e:e5:78:1b:
                    24:5f:7d:2e:a4:7f:02:19:96:c0:be:05:4b:be:54:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        17:5c:08:25:15:e0:70:e9:e2:ac:4f:7a:bb:28:d7:30:
        3c:1d:d9:37:c2:c2:84:47:c7:a2:f9:b4:97:0e:fe:98:
        2b:bc:c2:c3:df:4d:a8:07:5a:65:48:7e:f3:97:ff:5a:
        35:52:16:ed:f5:d8:6b:e5:9c:44:9a:89:56:8e:6e:2a:
        fd:d3:fb:48:99:a2:02:e2:24:79:56:bf:83:63:e0:4b:
        01:c9:3c:2d:2a:91:af:35:36:3d:dc:a6:6b:c9:bf:9f:
        de:3e:aa:f5:27:5e:b9:e7:d8:8f:81:fc:01:5d:cb:83:
        dc:c2:53:5a:61:c6:0d:0b:b7:c0:ff:08:58:3f:b0:64:
        ad:1f:ef:2a:c1:31:72:ca:ef:0b:d1:8d:9e:08:fb:4f:
        03:54:0f:fa:b5:74:1f:85:2c:1e:cc:43:0a:d1:01:df:
        40:b8:41:33:9e:d3:f9:4b:fb:90:02:7a:54:d0:ae:c7:
        b2:2b:46:06:07:16:ba:5f:a0:89:9e:05:5a:f9:22:5a:
        88:de:d2:a8:b2:42:bb:4d:b6:ee:e8:3d:e5:ef:d0:2a:
        a4:8e:e5:e9:3f:2e:28:18:f8:89:fe:51:3d:1b:60:13:
        76:c1:e1:a8:d6:b7:fa:aa:8d:4b:11:23:b6:c7:93:f3:
        0a:ce:8c:fa:1e:a7:ed:b7:7b:9f:95:7e:c2:53:84:61
    Fingerprint (SHA-256):
        09:64:AE:9C:48:B3:ED:85:AD:A7:AF:83:69:93:B7:8C:00:97:F3:BE:5E:25:E2:A6:74:38:D0:BB:53:54:9F:97
    Fingerprint (SHA1):
        B5:F2:13:32:F8:39:1D:E3:72:2D:A3:2F:3F:2D:E0:F4:42:0F:E9:54
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1904: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170282 (0x25711e2a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:45 2016
            Not After : Mon Jun 28 17:18:45 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cb:b3:c5:14:0c:89:f1:2f:b5:f0:c9:b8:29:3f:d3:3f:
                    21:8e:fa:56:97:0b:38:32:d4:43:82:15:cc:31:16:d2:
                    9d:d7:25:37:77:bd:2e:33:b2:68:2b:5a:84:cc:85:4a:
                    0d:af:5f:9f:9b:b2:d6:be:58:92:46:e2:2a:29:63:5e:
                    1d:03:97:c8:92:29:84:05:9a:df:8d:1c:93:f6:77:a3:
                    f8:d1:19:7e:86:c0:cb:39:b7:f2:3a:c5:a5:62:00:3c:
                    e6:5b:57:22:8f:42:5a:16:be:0f:57:90:25:d8:a3:47:
                    aa:8a:75:c3:e1:42:d1:c1:33:f6:a5:b2:55:37:b1:8a:
                    62:f9:b7:2a:ff:18:78:fb:31:9e:a0:84:89:43:19:72:
                    71:35:76:45:e4:15:f6:d0:ef:46:8c:d5:89:6e:28:ff:
                    33:58:b1:cf:e7:ad:58:88:37:a9:46:e8:ce:c3:b7:a9:
                    ad:46:09:66:dc:24:af:d4:d0:e9:fa:39:c5:f4:4d:8a:
                    f3:e2:8c:1f:7a:b4:84:aa:bb:5c:e5:5c:65:08:8c:cd:
                    23:20:54:5f:70:95:e7:68:db:18:7a:cf:74:8a:08:cb:
                    d6:28:8b:5c:70:18:7f:2a:00:8a:d5:66:39:7e:c0:be:
                    86:69:38:64:71:57:a9:c3:2d:c4:3f:85:68:ac:fb:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6b:9c:ce:6f:f3:ff:15:37:89:df:90:22:2f:25:77:25:
        8d:35:72:33:48:8a:62:0e:1b:68:d5:04:67:21:31:55:
        a1:f6:6b:a7:67:ad:7c:63:42:6e:1f:21:59:aa:16:6d:
        e7:d6:7a:b0:79:6f:ca:6a:01:ae:55:84:42:c9:37:17:
        9c:ed:b7:47:76:0d:2c:61:f6:48:ef:78:39:49:d1:05:
        f2:94:a6:89:58:e0:bd:8f:79:44:56:1a:3d:56:25:3b:
        b2:3d:e9:c2:8e:aa:1a:4f:cd:76:ad:95:36:ce:7c:00:
        1a:f7:3b:54:0f:3c:10:13:81:04:71:d6:80:d4:59:8e:
        88:f7:2b:63:98:6e:1b:35:96:9b:b0:f3:f3:30:0a:41:
        da:f7:ad:86:85:69:25:eb:c7:e2:d6:e2:80:b1:99:64:
        23:61:3e:d1:9f:8d:80:ca:01:96:da:17:7b:f3:7f:d1:
        20:0a:d0:32:65:e3:fc:a0:02:dd:1c:2d:7a:a5:51:9a:
        e1:b1:33:42:cd:c0:fb:35:01:74:c8:9e:f9:22:12:15:
        c3:30:5d:17:4c:4c:49:9b:58:2d:9d:ca:3f:15:19:08:
        2e:6c:1a:52:70:b9:c7:5f:50:eb:b8:5e:5c:24:75:85:
        3f:de:79:d6:35:25:8c:0e:47:61:03:10:10:08:d8:7b
    Fingerprint (SHA-256):
        FC:BA:CB:54:07:17:8E:9F:66:DF:A3:EC:37:A8:15:29:B5:D1:23:D5:62:A3:16:39:74:01:9F:54:49:C4:61:84
    Fingerprint (SHA1):
        F1:CA:B6:4F:05:8C:9E:32:FB:15:CE:2B:1F:D0:0F:49:78:59:20:A3
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #1905: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170283 (0x25711e2b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 17:18:55 2016
            Not After : Mon Jun 28 17:18:55 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:4b:79:e1:2a:30:b1:85:51:ea:9c:5f:35:89:d0:ff:
                    1e:45:73:95:3a:71:35:de:1d:b3:68:b2:74:3b:c1:f0:
                    4c:fe:b1:73:b8:ec:62:9c:95:62:b1:ae:34:20:94:53:
                    7b:05:fd:bc:f1:78:a6:b6:cd:35:a9:a1:42:07:1b:7f:
                    51:f5:9a:3c:7c:31:b8:58:34:55:8e:c5:b8:59:58:db:
                    18:db:9a:85:d4:5e:a3:93:2a:bd:26:bc:8c:e7:19:ec:
                    cc:c8:00:84:f9:f3:54:4f:a1:19:86:8d:dc:11:a3:84:
                    3d:d3:6f:4e:13:85:d8:8f:a8:1d:d0:37:9c:15:82:60:
                    53:cc:2a:22:8a:15:c6:27:76:e3:b4:5e:db:b4:36:f2:
                    b6:9d:4b:67:39:00:f0:b9:ce:ec:5d:d6:cc:36:38:69:
                    25:4d:87:39:e7:51:b0:79:39:b7:61:e7:1d:86:cf:d1:
                    25:cd:b0:d1:9c:71:12:73:d4:4d:e8:d9:fa:94:df:75:
                    84:ec:3d:15:1f:28:33:7b:a6:d5:43:25:fa:94:d6:40:
                    64:13:51:6b:ca:25:d2:91:d6:ee:76:83:d3:b8:f3:32:
                    ff:c0:52:46:d2:95:d6:15:1c:3a:a8:df:15:cc:97:b6:
                    4d:fd:0d:f5:41:34:26:93:b8:1b:56:5a:0e:2f:34:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:81:93:17:c0:62:2e:9c:02:ea:b8:4a:22:2b:47:c8:
        a8:e7:9b:3e:2e:47:32:12:1d:5f:a0:8e:64:f1:4a:58:
        45:2b:af:43:bf:05:9e:dd:7f:06:79:d1:7d:50:9a:40:
        97:66:27:03:69:68:54:f8:99:84:93:73:d0:b4:3f:e2:
        67:34:b9:d7:3d:ef:bf:cc:f9:d5:39:30:d5:da:d2:f3:
        30:9e:86:0c:76:6a:f6:5d:e4:30:aa:0d:17:77:0e:a7:
        07:8b:28:fa:6d:5e:74:03:05:d8:0a:25:75:96:83:78:
        10:42:8c:05:57:8c:de:42:f7:d7:aa:ae:ef:55:d4:7b:
        a9:57:78:51:11:cd:4d:91:00:53:30:8d:74:4f:70:bc:
        69:a7:1d:bd:58:f2:68:dd:2c:82:d1:75:60:be:43:68:
        98:e4:e9:8c:10:ff:44:d4:9f:9b:77:61:70:b0:31:70:
        c0:12:31:be:6c:ca:a9:2a:32:f7:02:0f:2e:31:d6:da:
        84:8f:ea:94:75:69:49:95:6b:b2:71:37:ba:40:8a:ec:
        d2:60:29:bc:86:90:ad:d4:de:18:c7:41:7f:07:5e:6f:
        c0:57:fa:68:47:e2:5c:aa:3c:ea:3b:6c:b1:52:d4:7b:
        5c:1a:3b:c3:c1:95:01:df:e2:60:72:ce:3c:40:07:e8
    Fingerprint (SHA-256):
        9C:FF:EB:1C:5F:D4:3D:C8:50:1C:E3:A2:6E:7E:BC:65:6A:52:4D:19:CD:E1:1F:D8:4D:11:08:69:D8:4D:0C:5F
    Fingerprint (SHA1):
        80:DB:38:3D:5D:64:94:B7:70:65:E5:1A:CA:B2:5C:A0:F0:7D:80:D2
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1906: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170284 (0x25711e2c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 17:19:12 2016
            Not After : Mon Jun 28 17:19:12 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a7:00:c3:a5:d7:f5:13:0b:b7:e2:df:56:37:67:eb:17:
                    c2:f1:f6:3c:77:ff:4c:70:75:3e:bd:a8:30:a3:82:ef:
                    d5:f2:92:9b:2f:a8:19:5d:99:68:2d:af:d5:62:e8:a6:
                    5c:28:b8:e3:a7:59:95:4c:9d:1c:95:47:41:94:86:34:
                    aa:64:a7:be:2a:a7:e0:56:13:0a:36:72:4b:0f:90:f2:
                    40:f6:d7:d0:82:16:f1:f4:bf:58:80:61:20:5c:9c:35:
                    13:cc:b3:3e:97:1d:4d:5f:c1:b0:f3:31:71:b5:04:e4:
                    7a:f3:bd:8c:50:f6:67:72:23:e8:ea:f7:38:63:a7:94:
                    87:62:7f:7f:b2:68:f6:b0:a5:5a:6e:64:69:4a:13:3c:
                    b8:cf:ac:de:80:75:ef:68:9d:f5:6b:6b:7d:9b:ef:5b:
                    19:35:1c:97:92:ac:55:fa:36:12:a6:09:77:da:5d:2b:
                    78:6a:32:e9:9e:c7:3b:aa:2c:e6:41:fc:84:cf:10:61:
                    85:7a:6f:1e:2c:67:26:1f:3d:84:c4:97:45:9e:ec:b6:
                    fa:b8:dd:d7:f5:d9:1e:a8:cf:51:bb:9e:5d:5d:86:84:
                    df:c7:5a:a4:34:1f:37:98:02:92:b8:13:78:65:41:ed:
                    ef:c3:9f:c0:8a:11:f7:b3:b2:fb:3c:2a:61:51:5f:c5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        62:b8:2a:5f:86:ff:99:8f:b0:97:cc:b0:e8:c0:cc:4d:
        a7:18:c7:9f:96:e3:1c:d2:d7:19:43:aa:95:95:55:98:
        15:8c:0d:67:03:ef:0c:20:35:f4:a5:dd:24:30:0d:89:
        7f:0f:09:ac:69:1b:d3:4f:5b:d0:65:e6:e0:8a:e2:a6:
        13:b1:3d:58:58:00:66:6e:b6:17:88:a1:c6:9f:bc:bf:
        bd:4d:ef:7e:ca:59:6b:e1:66:4f:1a:08:e6:b4:79:f7:
        ff:11:35:57:7a:1f:c6:64:e5:13:15:18:13:74:03:c1:
        87:98:bd:2f:54:33:37:57:4a:d0:6f:d3:25:43:59:15:
        1f:0d:89:90:29:97:23:1e:6f:a0:c2:56:4a:6a:ba:06:
        04:bb:06:96:94:5e:5b:30:ab:74:c7:9a:05:34:02:aa:
        69:4b:01:d1:24:36:8e:bd:3e:36:63:e1:8a:83:89:d7:
        4d:78:c6:7b:95:d6:3b:ef:40:ca:60:e3:bf:ba:7e:8f:
        06:e2:ca:d5:a7:cc:f8:10:94:07:b2:6f:68:dc:09:33:
        67:c1:82:f9:2f:1f:71:89:84:1c:d0:62:19:8f:25:d3:
        93:13:97:25:db:e2:cc:9d:e3:51:fa:3b:8b:45:df:f5:
        de:bc:25:17:4c:72:5c:d4:6b:0e:a3:40:3a:d2:80:1c
    Fingerprint (SHA-256):
        39:B1:5E:16:61:FA:5F:EF:1A:55:D1:7A:1B:A8:29:23:BA:8D:9A:3E:3A:C7:FC:87:94:97:CE:D6:62:09:AC:3E
    Fingerprint (SHA1):
        DB:A7:4A:1B:43:47:AC:DB:61:78:7D:14:3C:9D:F0:D2:7F:21:32:DC
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1907: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170285 (0x25711e2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 17:19:22 2016
            Not After : Mon Jun 28 17:19:22 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:81:83:18:8c:c3:2f:d3:c7:db:07:bd:23:87:37:1b:
                    79:f6:08:e1:e8:d0:97:f8:04:41:ee:2a:ce:b7:54:1c:
                    f7:6c:49:65:d8:29:66:42:7e:76:cd:3d:b4:d8:bc:fd:
                    24:c5:dc:d2:5a:75:a9:93:6b:e8:de:74:a4:ad:93:a2:
                    bc:c6:07:8b:b2:77:6a:f0:5a:47:25:95:92:e9:5c:b5:
                    40:90:46:dc:70:3e:62:55:05:4f:98:f6:28:e4:ef:bf:
                    79:a7:73:38:12:63:c2:21:37:20:1d:5f:2d:64:3c:93:
                    9f:57:76:6b:16:25:ed:84:38:93:ca:29:c4:2e:33:df:
                    06:b2:ab:f8:94:78:df:1f:49:1e:33:39:ba:08:8c:7b:
                    48:c9:32:95:03:a3:20:1c:aa:16:f6:12:e1:73:2e:7d:
                    ca:ea:52:7d:04:e6:82:c5:dd:8c:0a:c6:34:23:b1:c0:
                    bb:04:71:93:7c:00:f5:65:43:49:ad:03:ae:d6:1d:97:
                    81:d2:bf:11:76:ea:9f:2c:d3:31:b0:a2:ce:fe:7d:7f:
                    61:57:cd:b2:9b:0a:b7:db:db:87:e0:a5:83:72:6c:09:
                    a7:df:06:04:f9:3b:68:ff:c1:69:98:e1:5d:6b:8b:c9:
                    cc:29:c2:7f:29:e7:5c:e7:e4:e4:a6:ed:86:c5:ff:d9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:ab:73:bf:6c:55:b5:51:93:f2:52:9a:4d:1f:c8:ee:
        5d:90:fa:9b:b3:f0:ae:91:72:ce:26:ed:d0:ab:ee:7a:
        03:f2:12:df:91:c7:7c:e4:c5:ec:b0:26:dd:7f:12:8d:
        bd:c1:e1:f9:10:af:2c:8d:e5:8c:9f:3f:75:18:19:17:
        82:52:bd:8d:d0:77:7b:18:41:94:c8:50:7b:68:4c:88:
        91:27:9d:9e:58:b3:73:db:13:c7:42:98:a5:8c:80:ae:
        1e:db:ab:95:1d:d3:06:0f:2e:48:34:29:bf:af:a3:66:
        98:25:23:9e:cf:ab:9b:b5:ef:44:cc:d8:7a:13:bc:d0:
        46:e8:bb:1d:bc:3c:69:dd:d7:81:76:be:8d:12:d5:0d:
        51:eb:14:fc:27:2f:52:5a:55:d8:a8:13:e5:a3:ed:4b:
        09:fd:43:85:22:d0:b1:d3:07:af:03:0f:ee:73:09:ad:
        95:c7:44:e9:b0:31:2e:a1:93:67:05:d9:2a:4e:4d:16:
        b9:b7:c4:fb:33:4f:ba:a6:46:73:66:ac:90:4a:94:b9:
        88:b0:23:45:bb:89:37:71:2a:9e:55:e8:f5:91:49:9b:
        d1:48:98:fa:74:55:90:40:15:bc:ee:5e:de:3c:5d:ff:
        af:b5:2d:2d:02:49:fc:d4:11:ff:8e:83:dd:09:4b:1d
    Fingerprint (SHA-256):
        48:6A:77:EE:2F:33:58:26:32:16:38:3E:55:C4:72:3C:81:8F:9B:72:DE:EB:8F:57:FB:53:D4:EF:81:5D:25:00
    Fingerprint (SHA1):
        3C:EF:FA:0A:3C:F5:B7:E8:EB:A4:83:09:C2:CA:DE:B0:45:4E:E0:65
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #1908: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170286 (0x25711e2e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 17:19:26 2016
            Not After : Mon Jun 28 17:19:26 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e1:56:21:f8:5d:2a:a8:7b:93:9b:0d:77:50:f1:3a:7a:
                    82:5c:7a:b1:c5:04:b9:c6:1a:ed:74:e5:30:3b:4e:c0:
                    65:07:7b:47:30:69:bd:f3:7a:dc:92:e2:5e:19:88:92:
                    93:ee:c9:3b:f1:62:c6:db:b4:8b:11:0d:98:98:b0:04:
                    37:f8:79:44:82:fc:ea:80:15:10:4d:68:8f:0c:53:d0:
                    1d:ec:b3:92:e9:95:69:13:b7:57:ed:23:7f:52:bb:89:
                    3a:8c:95:65:65:17:cd:bc:3f:a1:2a:61:a3:32:6f:14:
                    7e:9c:3a:0c:c2:eb:c5:02:a5:99:35:1a:80:c5:cc:37:
                    07:90:03:82:a1:77:3b:20:58:f7:97:e5:85:c3:75:ae:
                    09:f6:e9:fc:47:9b:ec:b0:f3:4a:6b:55:d4:10:ac:7b:
                    df:c1:5f:54:ed:8c:c3:20:39:53:cb:ad:2a:8a:40:3d:
                    a4:56:9c:38:c3:0c:0a:13:ef:fc:51:f4:50:10:7b:2b:
                    99:8e:00:42:83:fb:aa:c0:8f:7e:07:0f:ea:0c:bc:5b:
                    16:33:44:ec:ab:13:c4:a6:0b:9f:e7:6e:fa:36:7a:10:
                    3c:5e:5d:9c:29:24:4c:56:0e:90:37:56:f1:66:a8:f4:
                    f3:c9:bd:e0:64:b4:33:1a:95:d5:35:ef:32:d2:fa:2b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        92:3e:81:4c:b0:49:1e:3c:a3:5f:ff:d1:cc:cd:6c:a0:
        11:e2:07:86:f1:68:4c:ee:9e:6c:df:d5:63:94:b2:98:
        01:f6:46:3d:24:f1:15:ef:ab:87:ee:36:d3:38:a8:5e:
        20:43:55:5a:58:74:22:18:79:34:35:e6:4a:12:49:c3:
        0e:c6:d2:2b:cd:56:36:63:42:46:68:53:fa:f1:96:b4:
        e5:ce:3a:2d:f4:f2:1e:b7:0c:1f:b4:8d:8e:d5:fb:c7:
        2b:cd:1a:9d:a1:fb:92:8d:2f:a3:e2:f2:c4:0a:3d:63:
        40:8c:6a:89:90:3d:e0:59:2f:03:47:56:c4:4b:fd:c1:
        e4:d3:e2:3d:5e:75:d5:1e:69:a4:fd:12:de:f0:fb:0c:
        7b:3e:6c:67:15:42:41:ea:86:54:b8:b2:81:b0:4c:ee:
        5f:2c:e6:61:eb:5d:7c:54:de:99:55:8b:a8:bd:23:51:
        58:3c:b6:6a:78:48:8d:17:44:4f:46:82:d7:d0:e7:13:
        58:13:dd:e5:2d:c3:fe:56:4a:c8:01:95:7e:fa:0e:22:
        69:17:8c:b5:ac:dd:bd:c6:1e:60:46:24:a2:7a:72:8c:
        53:66:60:6d:57:bb:16:f0:d8:24:31:75:79:b6:06:7d:
        de:56:aa:f6:94:33:07:46:0c:20:fc:c6:bd:72:fc:3f
    Fingerprint (SHA-256):
        18:28:D2:FF:5D:DF:9F:A5:BE:6F:10:8E:89:6A:56:8A:5D:71:35:D8:98:9F:A9:57:4F:EC:BB:B2:53:A1:76:F4
    Fingerprint (SHA1):
        59:63:BF:A9:54:93:36:B7:C9:8A:FB:F0:F1:1B:85:79:C5:03:51:06
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1909: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170287 (0x25711e2f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 17:19:29 2016
            Not After : Mon Jun 28 17:19:29 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e4:bf:37:10:64:c3:58:42:36:04:65:c6:21:90:a2:65:
                    6e:2f:5e:67:7c:51:0b:49:3e:b0:ec:76:38:3b:77:7d:
                    35:45:29:25:09:5a:ea:67:3c:e0:1a:f5:f4:c2:1a:fd:
                    61:95:93:b5:3a:e6:e3:19:9e:bb:e5:c3:7d:cb:6a:3a:
                    f9:be:31:4e:29:c3:da:14:20:26:4b:ae:03:e5:f5:3a:
                    a7:cb:27:81:05:09:0c:17:37:c0:7f:7b:2f:68:eb:86:
                    f2:44:88:cd:a7:5f:a8:78:47:15:09:70:88:7f:34:f6:
                    70:7f:07:8d:6b:5a:5f:4d:00:6e:bb:d0:f3:d3:2c:de:
                    97:31:b8:e8:ed:74:0f:a0:92:3f:66:49:86:f6:e5:9b:
                    e7:62:72:42:2d:59:11:87:15:73:cc:8e:41:50:60:75:
                    08:0a:8c:35:3a:d6:6b:22:bd:32:6a:53:fc:11:fc:65:
                    91:f4:e1:14:0b:47:b3:95:45:0f:b6:21:2c:1c:57:28:
                    74:e4:04:50:53:93:36:34:89:50:78:92:1f:7e:c8:3f:
                    51:c9:3c:13:47:38:5a:29:31:95:6b:61:85:72:78:d2:
                    15:27:13:7b:8e:76:1b:b5:e8:ad:e3:0e:73:c4:f3:f2:
                    d4:0f:0c:bc:c7:b5:db:3f:4f:05:eb:5b:c1:4e:e5:61
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5a:ed:74:59:24:e4:2e:ed:a9:18:28:ca:9a:9b:d7:c6:
        99:ba:7f:21:d3:a1:b0:ff:8e:7e:b8:ca:47:ed:ec:80:
        e5:00:c7:5e:03:1c:3b:cb:5f:72:06:f9:03:d7:ab:c5:
        e4:8a:c6:a2:9a:42:93:01:de:22:bc:e3:13:cf:05:11:
        aa:7b:33:6f:8c:e1:b7:26:14:4e:09:38:47:10:60:8f:
        ef:68:2d:4a:52:9b:ef:91:eb:31:97:31:6b:0c:ec:a3:
        a0:50:82:77:5b:1e:c8:71:9a:47:3f:30:17:16:8b:05:
        b0:15:78:ee:71:9e:47:e7:b0:10:cd:e5:56:e6:cf:32:
        0d:d7:4b:cd:6f:59:9e:bc:45:7d:e2:2e:89:f9:04:6c:
        cc:00:cb:a1:b9:03:73:63:d0:34:a7:38:4c:d1:8d:cf:
        49:a0:07:cc:99:ea:53:56:0c:39:67:14:fe:96:0d:5d:
        de:76:77:6a:49:6f:f3:7d:3b:43:22:6a:96:c6:9b:c2:
        2b:23:22:d1:7d:f2:04:cf:26:c5:f3:ec:c7:e4:1e:c9:
        04:e1:38:91:e8:8f:c9:9e:ff:94:dd:b1:f3:16:13:98:
        89:b5:57:64:62:05:02:1b:43:6c:67:c2:db:e5:c5:9c:
        03:5c:b7:23:da:b0:42:46:86:df:0d:71:05:a4:66:fa
    Fingerprint (SHA-256):
        88:F3:99:FC:E3:E7:DF:B2:2F:BE:2D:5E:4F:A4:0F:4A:3A:D6:2E:FB:2B:07:51:92:B2:C0:11:C0:84:47:D0:14
    Fingerprint (SHA1):
        7E:1B:63:64:86:C5:D9:12:5F:16:55:C6:CB:40:1D:89:F8:74:25:B9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1910: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170288 (0x25711e30)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 17:19:43 2016
            Not After : Mon Jun 28 17:19:43 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:e6:b3:7a:e3:f6:40:8e:af:06:fa:ec:e0:ec:37:79:
                    d5:c2:be:5c:b2:1f:4b:58:5e:b4:cd:dc:3c:f6:85:1e:
                    19:c7:b5:47:0c:dc:3f:1b:60:44:23:bb:39:81:0c:a2:
                    89:4d:70:1e:98:c4:bf:28:fc:35:2f:07:66:66:c5:0c:
                    b0:af:8a:ed:52:ef:68:97:cb:d7:b7:28:e6:5d:eb:02:
                    1c:b2:f1:3d:33:d9:54:aa:d4:17:ad:ed:3f:6c:c8:c8:
                    f1:33:e3:c2:a6:32:c6:ef:9d:c3:17:82:13:7e:d3:e6:
                    c3:7a:ae:bc:91:53:57:9c:26:e6:69:d8:46:49:10:b7:
                    dd:af:81:3b:c3:24:13:9e:5f:6d:55:31:9f:24:72:c4:
                    e7:78:4e:33:0f:62:42:7e:45:7c:c8:c7:a0:d3:95:fb:
                    94:cf:b4:76:38:9d:ac:13:67:74:aa:a2:22:48:4f:5a:
                    19:75:60:69:21:f3:bc:4b:90:31:42:fa:73:72:fa:fd:
                    da:ed:46:15:2b:77:85:61:8b:60:9f:8c:f2:ac:a2:3c:
                    cf:4c:6a:89:d6:7e:06:1a:80:1b:79:8e:91:6d:d2:cb:
                    57:67:09:a8:45:93:6c:18:b5:8d:5d:44:f1:28:2c:99:
                    ec:ce:c2:7c:1f:23:e1:0c:ab:f1:97:b3:8e:ba:66:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        49:8f:4f:1f:36:0b:8a:6b:65:0d:cd:3a:8a:3c:63:21:
        1e:7e:7d:5c:f5:0d:ab:25:d8:db:0c:58:86:cd:bf:79:
        f2:fd:10:a6:b7:99:43:23:09:3d:7a:66:3c:b6:d3:12:
        41:2a:c6:84:04:95:ae:4f:dc:c9:34:dc:b3:de:95:1e:
        d0:c0:3a:f4:77:ec:82:98:be:08:49:b6:e1:09:b6:3e:
        b7:2a:4e:70:75:5e:f9:a2:64:9b:a4:54:92:02:f1:60:
        0f:2e:1a:15:e6:c4:83:77:53:a9:72:b3:9e:e1:4b:89:
        ae:72:b3:b9:11:f8:81:9b:a3:2e:6f:ef:7a:a8:e5:25:
        61:02:cc:19:99:71:5f:c4:7a:89:af:d2:58:8e:fb:65:
        b2:04:5d:92:f3:72:10:18:65:11:4b:3d:db:a0:e3:2a:
        26:f9:58:25:fd:a7:2c:43:f4:13:e7:ec:d7:72:17:d2:
        21:1a:2e:1d:6b:44:4e:85:72:5f:6c:07:65:aa:80:51:
        ae:84:56:07:f5:80:44:6c:2f:76:0e:6e:6a:22:d1:c7:
        84:35:b8:39:9f:57:31:24:9a:ec:1b:2f:26:01:43:cd:
        5e:48:dc:47:4b:11:82:cb:a4:72:56:e7:4b:e6:10:36:
        52:c9:ef:ae:41:47:18:0c:70:1e:7b:b2:94:bc:40:35
    Fingerprint (SHA-256):
        A4:68:15:A6:1B:70:18:04:8B:A9:EF:28:02:09:01:21:0C:6E:E5:F1:88:3A:76:59:6F:4E:79:83:05:9A:B7:05
    Fingerprint (SHA1):
        FF:86:7C:19:F6:20:12:B3:61:A7:A7:A7:4A:6E:36:84:40:9C:88:CB
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #1911: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1912: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170303 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1913: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1914: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1915: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1916: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170304   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1917: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1918: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1919: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1920: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170305   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1921: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1922: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #1923: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1924: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170306   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1925: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1926: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1927: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170303 (0x25711e3f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:43 2016
            Not After : Mon Jun 28 17:20:43 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:36:dc:0e:e2:5f:1b:11:9e:ce:a4:4d:77:b3:f4:e2:
                    8c:03:26:45:c7:7d:59:db:30:8e:92:66:de:b5:c6:a3:
                    0f:f6:74:92:9a:3c:80:63:a5:df:e6:c2:44:35:bd:e2:
                    af:a8:43:8e:bb:ca:0e:64:4a:59:1e:c2:89:a4:34:7c:
                    d5:8f:31:b8:18:67:f5:8a:15:07:ab:7f:f8:34:58:13:
                    fc:a4:11:eb:6d:99:c7:8f:fb:a5:40:36:1e:a7:67:b9:
                    50:70:56:99:35:a7:13:e1:55:50:30:33:74:83:a9:62:
                    52:99:86:d3:f7:d2:d1:8a:17:56:06:54:3f:d3:1a:d6:
                    fe:fa:01:74:a6:25:71:8a:98:d8:35:fb:15:fa:cd:c1:
                    8e:8e:7c:db:91:19:6d:cb:00:69:e1:ce:34:51:3d:ff:
                    d8:2e:3b:ef:08:72:72:6e:99:3e:20:30:bb:6f:29:06:
                    8b:35:fa:fe:f5:46:05:c7:26:c4:57:ce:c9:b2:4a:17:
                    0d:09:00:27:65:91:0f:00:f2:5b:05:89:d9:f1:17:c7:
                    2d:cf:80:eb:d4:6c:fa:9d:7c:ce:6c:7f:1e:ce:18:97:
                    a3:6b:e2:1a:c7:04:35:29:13:5a:ab:5a:54:64:7c:45:
                    93:94:0c:bc:b5:bc:44:e9:15:b9:da:af:65:fb:87:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:bc:28:30:34:37:ab:c5:2f:f1:a7:ca:82:e0:4d:c0:
        19:d5:fb:74:8e:06:aa:5e:a1:27:03:e3:20:d0:94:99:
        9b:30:5e:a3:0b:3e:ce:89:19:5d:09:8b:28:ed:e6:6a:
        99:00:28:7c:7e:17:2e:8b:38:da:6b:b1:1b:f9:be:6e:
        39:46:f1:84:93:8e:6d:25:d7:b4:af:83:6c:8a:bc:db:
        e9:b9:7f:92:ba:4d:65:dc:bf:85:fe:92:4d:1e:fa:cf:
        90:d7:73:d3:20:c0:db:e3:44:c5:61:94:9b:b0:24:5f:
        25:c5:29:0c:f0:51:f0:4f:92:dd:f0:7b:0c:10:88:4f:
        1d:3f:21:40:95:4b:46:d7:42:40:91:80:18:87:7b:13:
        fd:b5:2b:d4:1f:d6:0a:d2:3e:74:6b:fb:5a:bd:59:99:
        82:59:ac:c4:29:04:4f:9b:3d:c0:95:4e:65:da:32:ec:
        1b:be:f1:16:80:57:3e:6e:5c:96:02:28:4e:96:6f:ac:
        1d:1a:7d:2c:b1:73:84:a9:98:01:5b:f6:89:9d:57:dd:
        3b:59:ba:ab:7a:2e:2f:cb:0e:5c:16:76:36:3a:a9:e0:
        e2:b5:42:71:56:c1:20:e0:54:74:4e:b2:72:25:6c:19:
        11:dd:18:ad:b7:b0:bc:7f:c6:79:b1:5b:40:e2:d9:5f
    Fingerprint (SHA-256):
        18:4B:A3:70:B8:A4:7D:0F:15:A7:AA:CB:EE:A2:B5:91:B9:09:EB:95:0B:DA:76:9A:79:89:ED:09:50:97:C8:9D
    Fingerprint (SHA1):
        37:5D:BD:C8:10:FA:E6:51:C8:7C:FC:DE:05:43:61:B4:C1:C3:B9:4C
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1928: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1929: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170304 (0x25711e40)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:47 2016
            Not After : Mon Jun 28 17:20:47 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:d7:db:94:af:e7:b0:98:24:11:80:28:70:12:55:0c:
                    36:97:d5:39:97:2f:5c:a9:30:8f:f9:f8:45:41:72:83:
                    db:0f:9e:e8:d1:62:13:8a:92:21:9e:35:24:91:b5:91:
                    ec:fb:36:73:88:f9:f1:39:5f:dd:a9:92:85:be:db:e0:
                    4c:3c:a9:e2:8e:98:49:b2:8a:99:4c:7d:d8:70:18:84:
                    29:96:3a:90:83:a5:48:91:33:2c:01:ac:24:13:64:62:
                    02:b6:07:02:e6:f4:93:0c:00:23:3e:f0:3e:10:78:b8:
                    4b:2c:0c:5d:34:b7:35:32:6b:01:95:38:1a:b4:5b:05:
                    ff:2f:19:6d:b1:e2:c9:2d:23:ae:c9:0e:ae:24:b0:a5:
                    99:04:b5:cd:2c:84:20:91:a8:3d:d3:14:a4:b9:04:cf:
                    e7:7a:e8:1a:d0:16:81:74:a5:23:cf:3d:1d:c0:44:53:
                    3f:bf:37:d2:4a:7d:16:34:48:28:5f:6a:91:e0:ca:79:
                    52:8d:80:82:1f:6f:16:8b:73:c4:73:1a:8d:08:49:23:
                    59:2d:4e:c9:c0:b3:68:99:74:a6:72:70:cc:d1:f3:a0:
                    2b:56:5f:23:5f:b6:61:3e:69:8f:37:9b:cc:38:d9:ef:
                    a1:6b:07:e1:21:04:83:f8:ad:89:34:00:e8:e4:e0:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ad:dd:86:d8:42:ff:de:a2:91:89:9c:24:4f:63:85:77:
        54:90:23:d0:1f:f9:76:6d:a3:0d:99:91:db:1c:0c:ac:
        38:f5:f9:48:06:f8:eb:12:3d:62:af:01:b6:96:ab:7a:
        a1:e9:74:a1:95:db:7a:2a:ac:78:26:ed:94:0c:43:b2:
        5f:0e:02:90:1b:1e:8e:ba:07:d0:bc:05:42:fe:d2:06:
        ed:3e:01:d8:46:22:60:f5:9b:30:7b:99:2a:63:ee:44:
        36:db:ba:51:8a:ee:61:5d:a3:d7:53:45:cb:72:1a:09:
        ec:35:2c:ad:d0:2f:d8:e5:96:c8:ab:73:0c:28:f5:76:
        87:8f:bc:fa:6d:dd:17:4e:86:0b:98:a1:bf:0e:47:76:
        2b:a2:44:6c:97:52:f1:5b:e4:7a:f1:29:57:22:28:70:
        ac:10:4f:ab:d9:5a:93:96:8f:ce:45:f7:89:05:a4:4b:
        ba:45:38:58:4f:37:4b:68:00:86:b0:68:3c:1c:a0:31:
        12:c4:15:75:4b:84:28:2a:86:a5:3e:61:f8:38:6b:a7:
        72:f9:06:d1:01:d3:7d:e9:91:9a:58:f1:ea:eb:23:02:
        83:21:26:7f:14:2d:32:6b:7a:c4:4c:2e:d3:ab:6a:da:
        e8:f1:20:60:4d:c2:eb:ec:45:fe:ad:c8:54:27:aa:30
    Fingerprint (SHA-256):
        86:E3:F8:2C:95:65:1A:12:94:A0:57:9D:7C:C3:BF:0C:D4:78:E6:5F:A9:C4:8B:73:96:DA:F3:F0:72:22:74:36
    Fingerprint (SHA1):
        F0:27:4A:27:1C:32:F8:3E:0D:E3:88:40:59:F4:3A:65:DA:B1:3F:B0
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1930: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1931: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170305 (0x25711e41)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:57 2016
            Not After : Mon Jun 28 17:20:57 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9c:db:b4:b4:61:7d:8a:88:24:ab:95:6b:f8:c4:03:67:
                    bd:69:69:b0:09:88:a2:6b:3c:69:64:7a:7c:88:25:7e:
                    dc:d2:f0:da:59:df:df:88:e8:b5:e4:b9:26:1f:64:d2:
                    91:c1:6a:79:d8:01:1a:0e:b9:8b:6f:f0:51:a7:5f:7f:
                    56:40:92:cb:49:92:89:b4:ba:3a:63:c3:a1:08:2a:fe:
                    c4:af:e9:92:17:27:83:d2:1a:96:cd:80:45:c2:d2:20:
                    b5:89:98:44:fd:37:78:05:0c:00:d5:e7:7c:40:29:22:
                    60:77:af:7a:4b:35:4f:27:9b:eb:41:61:c9:b1:69:99:
                    8f:5e:b4:c4:31:f5:3a:f0:5f:2f:ab:3b:4a:6f:32:5d:
                    47:b3:a2:ee:5c:2f:24:e6:78:4e:4f:b4:a6:a9:29:76:
                    45:3a:82:00:82:bd:f2:6c:b6:69:d0:68:bb:76:d0:3d:
                    67:b6:e3:4a:aa:df:69:55:c2:41:84:17:0e:3f:16:ca:
                    94:45:b9:1c:64:39:c7:17:d8:34:48:be:5c:21:cc:d7:
                    26:c1:4a:a9:a0:1b:15:d3:cb:e2:04:2b:c7:66:7a:a9:
                    a0:72:cf:48:07:49:dd:66:2c:5e:48:88:63:33:72:db:
                    11:82:35:41:46:65:4d:54:01:a8:dc:92:9e:28:79:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        28:2f:3e:f5:ff:05:32:27:ac:cc:d0:92:69:b2:81:cd:
        c8:c9:d5:d0:b0:eb:1b:15:dd:bc:4f:b9:51:81:ab:47:
        69:f6:20:8f:9f:c3:66:53:bc:98:5d:3d:be:2e:3d:09:
        56:13:7f:de:c7:b1:fd:85:6f:ea:32:96:7b:2d:58:bb:
        00:25:74:24:9d:bc:a8:10:7e:c4:db:08:37:33:29:25:
        19:b7:3a:2d:f8:44:e7:a6:62:92:6c:b9:89:92:90:80:
        4b:55:b3:a9:8b:6d:c2:15:51:78:4f:2d:c0:1a:d8:8a:
        97:4a:f6:a3:6d:9b:08:20:fe:4c:8b:18:58:9f:93:44:
        e5:8a:06:19:27:23:01:b5:78:31:b8:09:25:23:1d:64:
        d8:b3:af:79:5b:58:9c:38:8d:32:88:c1:0d:17:b5:4f:
        af:b5:24:33:69:a6:16:75:0e:01:bc:b2:8b:59:ff:4d:
        45:ed:38:42:44:15:4f:11:0e:1a:a7:07:6f:14:2e:9f:
        70:5e:05:c6:b8:a0:78:1a:dc:26:d5:4d:97:29:b2:b7:
        9b:9f:49:5e:d2:7b:a0:3e:5c:8a:cc:9b:ad:5e:26:bd:
        83:a3:fb:08:1f:70:1e:52:71:b5:e0:b4:43:a7:52:c4:
        61:99:e4:00:71:5e:bb:e4:f5:bb:e5:4b:f4:c4:db:d4
    Fingerprint (SHA-256):
        38:0E:5D:1E:A4:80:9F:99:BD:A3:00:3F:73:97:6B:42:C8:E4:19:AF:A9:B1:01:F6:B6:80:ED:74:36:B1:65:45
    Fingerprint (SHA1):
        38:84:D3:BE:76:5D:4B:71:A1:B1:9E:AF:20:3C:95:85:BF:C0:20:04
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #1932: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1933: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1934: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1935: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1936: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170303 (0x25711e3f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:43 2016
            Not After : Mon Jun 28 17:20:43 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:36:dc:0e:e2:5f:1b:11:9e:ce:a4:4d:77:b3:f4:e2:
                    8c:03:26:45:c7:7d:59:db:30:8e:92:66:de:b5:c6:a3:
                    0f:f6:74:92:9a:3c:80:63:a5:df:e6:c2:44:35:bd:e2:
                    af:a8:43:8e:bb:ca:0e:64:4a:59:1e:c2:89:a4:34:7c:
                    d5:8f:31:b8:18:67:f5:8a:15:07:ab:7f:f8:34:58:13:
                    fc:a4:11:eb:6d:99:c7:8f:fb:a5:40:36:1e:a7:67:b9:
                    50:70:56:99:35:a7:13:e1:55:50:30:33:74:83:a9:62:
                    52:99:86:d3:f7:d2:d1:8a:17:56:06:54:3f:d3:1a:d6:
                    fe:fa:01:74:a6:25:71:8a:98:d8:35:fb:15:fa:cd:c1:
                    8e:8e:7c:db:91:19:6d:cb:00:69:e1:ce:34:51:3d:ff:
                    d8:2e:3b:ef:08:72:72:6e:99:3e:20:30:bb:6f:29:06:
                    8b:35:fa:fe:f5:46:05:c7:26:c4:57:ce:c9:b2:4a:17:
                    0d:09:00:27:65:91:0f:00:f2:5b:05:89:d9:f1:17:c7:
                    2d:cf:80:eb:d4:6c:fa:9d:7c:ce:6c:7f:1e:ce:18:97:
                    a3:6b:e2:1a:c7:04:35:29:13:5a:ab:5a:54:64:7c:45:
                    93:94:0c:bc:b5:bc:44:e9:15:b9:da:af:65:fb:87:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:bc:28:30:34:37:ab:c5:2f:f1:a7:ca:82:e0:4d:c0:
        19:d5:fb:74:8e:06:aa:5e:a1:27:03:e3:20:d0:94:99:
        9b:30:5e:a3:0b:3e:ce:89:19:5d:09:8b:28:ed:e6:6a:
        99:00:28:7c:7e:17:2e:8b:38:da:6b:b1:1b:f9:be:6e:
        39:46:f1:84:93:8e:6d:25:d7:b4:af:83:6c:8a:bc:db:
        e9:b9:7f:92:ba:4d:65:dc:bf:85:fe:92:4d:1e:fa:cf:
        90:d7:73:d3:20:c0:db:e3:44:c5:61:94:9b:b0:24:5f:
        25:c5:29:0c:f0:51:f0:4f:92:dd:f0:7b:0c:10:88:4f:
        1d:3f:21:40:95:4b:46:d7:42:40:91:80:18:87:7b:13:
        fd:b5:2b:d4:1f:d6:0a:d2:3e:74:6b:fb:5a:bd:59:99:
        82:59:ac:c4:29:04:4f:9b:3d:c0:95:4e:65:da:32:ec:
        1b:be:f1:16:80:57:3e:6e:5c:96:02:28:4e:96:6f:ac:
        1d:1a:7d:2c:b1:73:84:a9:98:01:5b:f6:89:9d:57:dd:
        3b:59:ba:ab:7a:2e:2f:cb:0e:5c:16:76:36:3a:a9:e0:
        e2:b5:42:71:56:c1:20:e0:54:74:4e:b2:72:25:6c:19:
        11:dd:18:ad:b7:b0:bc:7f:c6:79:b1:5b:40:e2:d9:5f
    Fingerprint (SHA-256):
        18:4B:A3:70:B8:A4:7D:0F:15:A7:AA:CB:EE:A2:B5:91:B9:09:EB:95:0B:DA:76:9A:79:89:ED:09:50:97:C8:9D
    Fingerprint (SHA1):
        37:5D:BD:C8:10:FA:E6:51:C8:7C:FC:DE:05:43:61:B4:C1:C3:B9:4C
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1937: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1938: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170304 (0x25711e40)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:47 2016
            Not After : Mon Jun 28 17:20:47 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:d7:db:94:af:e7:b0:98:24:11:80:28:70:12:55:0c:
                    36:97:d5:39:97:2f:5c:a9:30:8f:f9:f8:45:41:72:83:
                    db:0f:9e:e8:d1:62:13:8a:92:21:9e:35:24:91:b5:91:
                    ec:fb:36:73:88:f9:f1:39:5f:dd:a9:92:85:be:db:e0:
                    4c:3c:a9:e2:8e:98:49:b2:8a:99:4c:7d:d8:70:18:84:
                    29:96:3a:90:83:a5:48:91:33:2c:01:ac:24:13:64:62:
                    02:b6:07:02:e6:f4:93:0c:00:23:3e:f0:3e:10:78:b8:
                    4b:2c:0c:5d:34:b7:35:32:6b:01:95:38:1a:b4:5b:05:
                    ff:2f:19:6d:b1:e2:c9:2d:23:ae:c9:0e:ae:24:b0:a5:
                    99:04:b5:cd:2c:84:20:91:a8:3d:d3:14:a4:b9:04:cf:
                    e7:7a:e8:1a:d0:16:81:74:a5:23:cf:3d:1d:c0:44:53:
                    3f:bf:37:d2:4a:7d:16:34:48:28:5f:6a:91:e0:ca:79:
                    52:8d:80:82:1f:6f:16:8b:73:c4:73:1a:8d:08:49:23:
                    59:2d:4e:c9:c0:b3:68:99:74:a6:72:70:cc:d1:f3:a0:
                    2b:56:5f:23:5f:b6:61:3e:69:8f:37:9b:cc:38:d9:ef:
                    a1:6b:07:e1:21:04:83:f8:ad:89:34:00:e8:e4:e0:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ad:dd:86:d8:42:ff:de:a2:91:89:9c:24:4f:63:85:77:
        54:90:23:d0:1f:f9:76:6d:a3:0d:99:91:db:1c:0c:ac:
        38:f5:f9:48:06:f8:eb:12:3d:62:af:01:b6:96:ab:7a:
        a1:e9:74:a1:95:db:7a:2a:ac:78:26:ed:94:0c:43:b2:
        5f:0e:02:90:1b:1e:8e:ba:07:d0:bc:05:42:fe:d2:06:
        ed:3e:01:d8:46:22:60:f5:9b:30:7b:99:2a:63:ee:44:
        36:db:ba:51:8a:ee:61:5d:a3:d7:53:45:cb:72:1a:09:
        ec:35:2c:ad:d0:2f:d8:e5:96:c8:ab:73:0c:28:f5:76:
        87:8f:bc:fa:6d:dd:17:4e:86:0b:98:a1:bf:0e:47:76:
        2b:a2:44:6c:97:52:f1:5b:e4:7a:f1:29:57:22:28:70:
        ac:10:4f:ab:d9:5a:93:96:8f:ce:45:f7:89:05:a4:4b:
        ba:45:38:58:4f:37:4b:68:00:86:b0:68:3c:1c:a0:31:
        12:c4:15:75:4b:84:28:2a:86:a5:3e:61:f8:38:6b:a7:
        72:f9:06:d1:01:d3:7d:e9:91:9a:58:f1:ea:eb:23:02:
        83:21:26:7f:14:2d:32:6b:7a:c4:4c:2e:d3:ab:6a:da:
        e8:f1:20:60:4d:c2:eb:ec:45:fe:ad:c8:54:27:aa:30
    Fingerprint (SHA-256):
        86:E3:F8:2C:95:65:1A:12:94:A0:57:9D:7C:C3:BF:0C:D4:78:E6:5F:A9:C4:8B:73:96:DA:F3:F0:72:22:74:36
    Fingerprint (SHA1):
        F0:27:4A:27:1C:32:F8:3E:0D:E3:88:40:59:F4:3A:65:DA:B1:3F:B0
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1939: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1940: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170305 (0x25711e41)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:20:57 2016
            Not After : Mon Jun 28 17:20:57 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9c:db:b4:b4:61:7d:8a:88:24:ab:95:6b:f8:c4:03:67:
                    bd:69:69:b0:09:88:a2:6b:3c:69:64:7a:7c:88:25:7e:
                    dc:d2:f0:da:59:df:df:88:e8:b5:e4:b9:26:1f:64:d2:
                    91:c1:6a:79:d8:01:1a:0e:b9:8b:6f:f0:51:a7:5f:7f:
                    56:40:92:cb:49:92:89:b4:ba:3a:63:c3:a1:08:2a:fe:
                    c4:af:e9:92:17:27:83:d2:1a:96:cd:80:45:c2:d2:20:
                    b5:89:98:44:fd:37:78:05:0c:00:d5:e7:7c:40:29:22:
                    60:77:af:7a:4b:35:4f:27:9b:eb:41:61:c9:b1:69:99:
                    8f:5e:b4:c4:31:f5:3a:f0:5f:2f:ab:3b:4a:6f:32:5d:
                    47:b3:a2:ee:5c:2f:24:e6:78:4e:4f:b4:a6:a9:29:76:
                    45:3a:82:00:82:bd:f2:6c:b6:69:d0:68:bb:76:d0:3d:
                    67:b6:e3:4a:aa:df:69:55:c2:41:84:17:0e:3f:16:ca:
                    94:45:b9:1c:64:39:c7:17:d8:34:48:be:5c:21:cc:d7:
                    26:c1:4a:a9:a0:1b:15:d3:cb:e2:04:2b:c7:66:7a:a9:
                    a0:72:cf:48:07:49:dd:66:2c:5e:48:88:63:33:72:db:
                    11:82:35:41:46:65:4d:54:01:a8:dc:92:9e:28:79:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        28:2f:3e:f5:ff:05:32:27:ac:cc:d0:92:69:b2:81:cd:
        c8:c9:d5:d0:b0:eb:1b:15:dd:bc:4f:b9:51:81:ab:47:
        69:f6:20:8f:9f:c3:66:53:bc:98:5d:3d:be:2e:3d:09:
        56:13:7f:de:c7:b1:fd:85:6f:ea:32:96:7b:2d:58:bb:
        00:25:74:24:9d:bc:a8:10:7e:c4:db:08:37:33:29:25:
        19:b7:3a:2d:f8:44:e7:a6:62:92:6c:b9:89:92:90:80:
        4b:55:b3:a9:8b:6d:c2:15:51:78:4f:2d:c0:1a:d8:8a:
        97:4a:f6:a3:6d:9b:08:20:fe:4c:8b:18:58:9f:93:44:
        e5:8a:06:19:27:23:01:b5:78:31:b8:09:25:23:1d:64:
        d8:b3:af:79:5b:58:9c:38:8d:32:88:c1:0d:17:b5:4f:
        af:b5:24:33:69:a6:16:75:0e:01:bc:b2:8b:59:ff:4d:
        45:ed:38:42:44:15:4f:11:0e:1a:a7:07:6f:14:2e:9f:
        70:5e:05:c6:b8:a0:78:1a:dc:26:d5:4d:97:29:b2:b7:
        9b:9f:49:5e:d2:7b:a0:3e:5c:8a:cc:9b:ad:5e:26:bd:
        83:a3:fb:08:1f:70:1e:52:71:b5:e0:b4:43:a7:52:c4:
        61:99:e4:00:71:5e:bb:e4:f5:bb:e5:4b:f4:c4:db:d4
    Fingerprint (SHA-256):
        38:0E:5D:1E:A4:80:9F:99:BD:A3:00:3F:73:97:6B:42:C8:E4:19:AF:A9:B1:01:F6:B6:80:ED:74:36:B1:65:45
    Fingerprint (SHA1):
        38:84:D3:BE:76:5D:4B:71:A1:B1:9E:AF:20:3C:95:85:BF:C0:20:04
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #1941: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1942: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #1943: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170307 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1944: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #1945: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1946: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1947: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170308   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1948: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1949: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1950: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1951: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170309   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1952: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1953: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #1954: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1955: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628170310   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1956: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1957: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #1958: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #1959: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628170311   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1960: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1961: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #1962: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170307 (0x25711e43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:08 2016
            Not After : Mon Jun 28 17:21:08 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e0:63:ed:c1:cb:a5:01:18:2f:ea:72:44:0f:12:4d:0c:
                    81:40:d7:cc:c9:6e:09:4a:86:11:60:e4:a0:8a:fc:f9:
                    3b:cd:07:12:42:3b:7c:16:c3:25:c7:38:e5:9c:d1:c0:
                    ba:7e:03:35:dd:b2:46:f6:07:c9:41:4d:d9:95:08:8f:
                    9a:79:b5:85:8f:a7:92:06:bf:88:76:03:38:b8:ec:1f:
                    5d:7a:4c:68:fc:63:c8:12:cf:7f:3e:c2:8a:0b:31:52:
                    3e:42:5c:f7:05:9d:24:f9:75:e3:c4:7a:9a:2c:2a:b4:
                    c2:55:1c:68:1f:cc:02:4e:5f:ec:6c:6d:35:08:fc:b0:
                    d8:0a:3f:51:3b:f9:80:66:76:0a:8d:fd:0c:db:dc:84:
                    ec:9d:70:6f:fd:71:32:1e:74:be:ae:a4:76:c0:ea:9f:
                    84:c7:27:c8:97:24:d9:bc:ac:e6:6f:cf:c1:ea:90:0e:
                    b4:8e:1c:5f:2b:91:76:e0:48:8f:7a:1c:2e:aa:71:84:
                    8c:05:68:3b:9e:13:6d:fa:26:61:4a:75:b4:1d:85:d3:
                    fa:97:30:ee:fd:84:fb:69:5c:db:63:35:bd:e3:e4:89:
                    7c:9e:17:29:1c:22:4e:c8:e1:c4:87:22:d8:26:72:69:
                    48:7e:92:a6:a4:46:40:63:ed:04:d1:81:7d:84:b6:09
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a4:37:d6:38:25:bd:9b:69:7d:2e:64:22:9e:dc:3f:7c:
        fc:c8:c8:8d:f9:73:8c:c6:04:b8:ea:19:a9:1f:16:c5:
        31:9a:39:91:b4:37:1e:9c:fa:35:23:3f:d9:4b:c7:d1:
        d9:e6:c9:32:38:17:53:d3:8c:fa:0b:fb:0d:bb:ba:29:
        35:d1:94:2e:2f:5f:80:bf:23:cd:2d:51:a3:91:b7:c2:
        ce:b1:1c:a5:a0:75:17:4a:0e:0b:27:85:b8:a2:50:01:
        74:3a:fb:ec:c2:b8:25:77:19:a8:ee:d3:d8:f5:95:b0:
        22:bc:8b:48:66:0f:95:ae:27:73:71:ef:01:da:27:2d:
        e5:97:c5:ca:94:94:c9:35:d9:18:58:4a:32:e8:fc:cc:
        4f:7b:6c:5e:b5:63:40:1f:b2:15:84:53:31:53:d9:a0:
        ec:d2:6c:0c:70:6d:26:33:ca:ec:8a:7e:6d:61:da:91:
        9d:ff:9d:58:68:e1:e9:76:77:68:03:a7:c0:c2:73:cc:
        59:4b:4a:e0:6b:e5:a5:06:be:6d:0a:3a:7e:26:4a:62:
        ac:2a:dd:b1:c3:a0:08:21:b4:83:99:07:7b:af:2d:e5:
        11:da:ab:a8:cc:78:36:ee:e5:19:4d:2b:27:93:1f:1b:
        df:c6:3a:f8:54:54:15:8a:40:34:fb:f7:3c:29:39:fb
    Fingerprint (SHA-256):
        14:2E:B0:42:36:FC:B2:9B:53:54:DD:73:5D:97:C3:F8:8E:22:25:C4:6A:57:1A:5E:4A:E4:9F:28:1C:D2:67:3B
    Fingerprint (SHA1):
        19:7F:FF:35:C2:95:34:54:6E:6A:FA:13:BF:EF:71:F9:B4:7D:D1:17
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1963: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1964: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170308 (0x25711e44)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:12 2016
            Not After : Mon Jun 28 17:21:12 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:43:1c:a2:f3:86:35:29:70:23:ae:09:0f:c4:74:89:
                    b4:0c:27:77:03:88:fe:b1:0b:5f:8b:12:d2:71:ae:e0:
                    3c:46:16:9a:2c:d5:73:e2:03:f7:85:91:c1:9e:61:ea:
                    6e:15:ce:28:e0:63:ff:0f:70:64:cc:0f:39:f7:42:0d:
                    2f:32:98:4c:bb:ea:89:42:f4:cf:a4:c6:2a:cf:c2:74:
                    a4:12:3a:e9:40:67:e7:78:8d:5c:d1:0b:41:c2:89:47:
                    27:e3:de:57:f6:b2:e7:46:fd:fa:41:10:a0:ac:fb:7c:
                    e2:f3:04:10:16:b1:34:79:2d:94:9b:b9:90:63:6e:98:
                    f0:2c:33:fd:6a:02:97:c8:09:6c:bd:28:21:47:ea:4b:
                    f7:1a:28:b7:d9:cc:b0:3a:e4:ee:fe:99:87:31:4d:87:
                    95:fb:d8:81:8d:40:d6:05:1a:cb:72:9f:00:a5:02:92:
                    9a:c5:2e:46:77:76:b6:41:a2:d1:f9:78:cf:2d:d9:46:
                    93:32:a0:4c:36:72:32:fa:d1:52:6d:d2:88:62:47:c3:
                    54:51:8e:d6:e4:6b:ac:8a:72:c6:90:25:b6:e7:5a:83:
                    f2:6a:0c:b5:71:ef:2f:a5:eb:c1:ed:80:91:21:01:07:
                    1e:4b:59:29:3d:e3:f6:95:32:ad:9c:79:98:17:6d:47
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b5:96:46:33:8e:37:95:6a:31:ad:0b:06:29:dd:05:a2:
        0b:f5:b2:4e:2f:de:56:d6:af:24:87:ef:4d:92:bf:7b:
        a9:14:fe:27:df:96:98:ce:d2:53:7a:1e:c4:9e:ca:0d:
        4b:98:99:f1:81:6e:7f:67:de:65:46:b8:09:4b:55:95:
        aa:f6:e8:1a:e0:dd:e8:17:f0:27:78:4e:49:cd:f4:a3:
        1f:4d:26:2c:8d:72:79:01:94:7e:31:65:43:be:7f:09:
        de:ff:c1:4a:b7:f8:26:fa:43:d2:f2:a4:5a:d8:c6:37:
        cc:b1:ce:fa:36:ea:ee:07:5c:6d:95:cd:e2:22:a0:98:
        3b:ee:11:fc:5e:a6:73:24:7e:9b:7a:71:b9:41:48:2c:
        e8:69:de:59:12:b3:58:6c:08:71:ae:4e:e0:29:a0:d0:
        ed:25:ac:41:38:e9:ad:78:d4:30:7b:49:ac:ce:77:13:
        f9:d8:57:1c:56:26:3d:92:c7:c0:32:5e:05:b0:86:f4:
        d4:00:ea:22:aa:23:ca:66:40:54:bc:01:fa:e8:62:75:
        13:00:54:5b:79:fa:b0:0d:45:75:a3:94:6e:7b:27:4a:
        8e:9e:57:73:40:ba:22:d6:d3:0f:ba:bc:b4:86:73:30:
        aa:c5:95:05:6d:47:2b:3f:bf:97:52:1b:13:98:00:c1
    Fingerprint (SHA-256):
        22:E0:DF:23:1A:EE:20:E4:BF:EC:F7:B1:7A:62:E5:15:8F:85:58:EC:00:0D:BE:45:42:63:41:77:42:54:5C:64
    Fingerprint (SHA1):
        D5:44:60:36:6E:36:59:EB:59:3E:D4:82:8E:24:23:D0:33:8B:7F:CE
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1965: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1966: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170309 (0x25711e45)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:22 2016
            Not After : Mon Jun 28 17:21:22 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:ea:fe:91:f8:a9:a8:27:b1:75:b6:dc:99:ce:de:7d:
                    65:e5:73:c0:be:b9:d4:6c:e5:06:3e:fd:bd:fc:5e:f8:
                    d4:eb:5c:c5:0a:b0:a4:32:13:12:8c:1a:48:3e:c0:a1:
                    cc:ba:ec:02:27:8b:87:ca:2b:c8:f6:fd:f3:68:1a:80:
                    b7:4e:d4:fe:a9:6f:8e:f2:5f:76:c9:40:a8:10:01:96:
                    45:6e:72:9a:df:b7:45:03:c1:6b:16:c5:10:d7:42:27:
                    99:38:15:b0:3c:11:f5:6b:f0:a9:a1:73:b5:0c:61:60:
                    b0:ff:99:06:98:1f:35:4d:85:a2:ce:f9:16:08:69:fd:
                    d0:c4:7b:db:e8:9a:16:b3:51:e2:ff:fe:fc:92:ef:e2:
                    1c:64:e3:78:32:eb:15:24:d9:50:e4:8c:d2:5c:81:ff:
                    07:a5:ba:d1:73:6c:f0:40:86:93:4c:72:65:71:08:ec:
                    06:d6:c1:82:0c:40:24:b3:3f:67:fe:52:ea:7d:41:87:
                    31:1c:f4:7f:81:11:78:08:cc:5b:9b:c9:16:f4:23:c5:
                    74:08:2c:b9:6b:d0:25:94:28:9c:62:43:3b:c1:fc:e3:
                    cc:20:f1:ca:8b:59:fe:25:10:61:c6:28:7e:fe:82:3a:
                    97:fb:54:ed:96:8b:88:00:f2:34:75:17:28:d6:c4:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4f:ec:9d:94:8c:96:d5:54:40:6e:f3:1a:07:fc:aa:da:
        39:a1:a7:7b:7d:75:be:7c:8d:a4:1f:3e:f1:1f:11:64:
        b3:80:dd:a7:34:f5:34:dc:f7:4c:37:82:7e:da:12:14:
        0a:05:a5:de:fa:4c:07:9e:e6:1d:a7:c3:e1:f5:32:8b:
        b2:ac:b4:85:21:29:58:37:61:7d:dc:54:f4:e6:2b:7e:
        93:0d:f8:25:5f:41:3a:c4:8b:44:53:aa:c7:b1:69:91:
        b0:bc:27:07:0e:72:60:5b:0b:7d:66:70:8f:13:40:76:
        47:ad:5c:e9:20:3a:db:4d:61:1a:f2:fc:a7:91:91:40:
        6d:f6:d3:60:8a:b6:fe:e3:ff:cc:6a:c9:71:6e:5d:e3:
        da:fc:40:93:ec:2c:b0:7e:1e:1c:d4:07:a3:04:3d:79:
        73:3a:d7:3e:e2:8b:d8:9b:15:86:cc:da:3c:d8:ef:ec:
        3b:d3:96:dc:e5:83:e8:80:ac:9e:47:7e:8e:c9:96:fc:
        3f:dd:21:b0:68:90:8c:46:08:00:94:44:da:08:fb:87:
        32:08:41:3c:4d:e4:ef:62:a4:00:22:07:8a:89:fd:79:
        3a:1b:6a:2a:b8:f1:40:67:e8:17:7b:ab:d6:64:94:9d:
        11:31:eb:a1:a2:88:37:84:c3:35:0e:4b:2d:8b:2f:b7
    Fingerprint (SHA-256):
        CD:B0:3A:6C:0F:14:20:BC:CA:6F:72:BF:7D:5A:93:0C:4D:04:6C:7F:18:25:14:79:23:0D:2B:94:31:0F:4D:34
    Fingerprint (SHA1):
        D6:C3:21:29:38:BF:5F:63:AA:F4:CF:5F:28:9F:AF:B2:86:EA:39:3E
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1967: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1968: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #1969: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #1970: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #1971: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170307 (0x25711e43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:08 2016
            Not After : Mon Jun 28 17:21:08 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e0:63:ed:c1:cb:a5:01:18:2f:ea:72:44:0f:12:4d:0c:
                    81:40:d7:cc:c9:6e:09:4a:86:11:60:e4:a0:8a:fc:f9:
                    3b:cd:07:12:42:3b:7c:16:c3:25:c7:38:e5:9c:d1:c0:
                    ba:7e:03:35:dd:b2:46:f6:07:c9:41:4d:d9:95:08:8f:
                    9a:79:b5:85:8f:a7:92:06:bf:88:76:03:38:b8:ec:1f:
                    5d:7a:4c:68:fc:63:c8:12:cf:7f:3e:c2:8a:0b:31:52:
                    3e:42:5c:f7:05:9d:24:f9:75:e3:c4:7a:9a:2c:2a:b4:
                    c2:55:1c:68:1f:cc:02:4e:5f:ec:6c:6d:35:08:fc:b0:
                    d8:0a:3f:51:3b:f9:80:66:76:0a:8d:fd:0c:db:dc:84:
                    ec:9d:70:6f:fd:71:32:1e:74:be:ae:a4:76:c0:ea:9f:
                    84:c7:27:c8:97:24:d9:bc:ac:e6:6f:cf:c1:ea:90:0e:
                    b4:8e:1c:5f:2b:91:76:e0:48:8f:7a:1c:2e:aa:71:84:
                    8c:05:68:3b:9e:13:6d:fa:26:61:4a:75:b4:1d:85:d3:
                    fa:97:30:ee:fd:84:fb:69:5c:db:63:35:bd:e3:e4:89:
                    7c:9e:17:29:1c:22:4e:c8:e1:c4:87:22:d8:26:72:69:
                    48:7e:92:a6:a4:46:40:63:ed:04:d1:81:7d:84:b6:09
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a4:37:d6:38:25:bd:9b:69:7d:2e:64:22:9e:dc:3f:7c:
        fc:c8:c8:8d:f9:73:8c:c6:04:b8:ea:19:a9:1f:16:c5:
        31:9a:39:91:b4:37:1e:9c:fa:35:23:3f:d9:4b:c7:d1:
        d9:e6:c9:32:38:17:53:d3:8c:fa:0b:fb:0d:bb:ba:29:
        35:d1:94:2e:2f:5f:80:bf:23:cd:2d:51:a3:91:b7:c2:
        ce:b1:1c:a5:a0:75:17:4a:0e:0b:27:85:b8:a2:50:01:
        74:3a:fb:ec:c2:b8:25:77:19:a8:ee:d3:d8:f5:95:b0:
        22:bc:8b:48:66:0f:95:ae:27:73:71:ef:01:da:27:2d:
        e5:97:c5:ca:94:94:c9:35:d9:18:58:4a:32:e8:fc:cc:
        4f:7b:6c:5e:b5:63:40:1f:b2:15:84:53:31:53:d9:a0:
        ec:d2:6c:0c:70:6d:26:33:ca:ec:8a:7e:6d:61:da:91:
        9d:ff:9d:58:68:e1:e9:76:77:68:03:a7:c0:c2:73:cc:
        59:4b:4a:e0:6b:e5:a5:06:be:6d:0a:3a:7e:26:4a:62:
        ac:2a:dd:b1:c3:a0:08:21:b4:83:99:07:7b:af:2d:e5:
        11:da:ab:a8:cc:78:36:ee:e5:19:4d:2b:27:93:1f:1b:
        df:c6:3a:f8:54:54:15:8a:40:34:fb:f7:3c:29:39:fb
    Fingerprint (SHA-256):
        14:2E:B0:42:36:FC:B2:9B:53:54:DD:73:5D:97:C3:F8:8E:22:25:C4:6A:57:1A:5E:4A:E4:9F:28:1C:D2:67:3B
    Fingerprint (SHA1):
        19:7F:FF:35:C2:95:34:54:6E:6A:FA:13:BF:EF:71:F9:B4:7D:D1:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1972: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1973: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170308 (0x25711e44)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:12 2016
            Not After : Mon Jun 28 17:21:12 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:43:1c:a2:f3:86:35:29:70:23:ae:09:0f:c4:74:89:
                    b4:0c:27:77:03:88:fe:b1:0b:5f:8b:12:d2:71:ae:e0:
                    3c:46:16:9a:2c:d5:73:e2:03:f7:85:91:c1:9e:61:ea:
                    6e:15:ce:28:e0:63:ff:0f:70:64:cc:0f:39:f7:42:0d:
                    2f:32:98:4c:bb:ea:89:42:f4:cf:a4:c6:2a:cf:c2:74:
                    a4:12:3a:e9:40:67:e7:78:8d:5c:d1:0b:41:c2:89:47:
                    27:e3:de:57:f6:b2:e7:46:fd:fa:41:10:a0:ac:fb:7c:
                    e2:f3:04:10:16:b1:34:79:2d:94:9b:b9:90:63:6e:98:
                    f0:2c:33:fd:6a:02:97:c8:09:6c:bd:28:21:47:ea:4b:
                    f7:1a:28:b7:d9:cc:b0:3a:e4:ee:fe:99:87:31:4d:87:
                    95:fb:d8:81:8d:40:d6:05:1a:cb:72:9f:00:a5:02:92:
                    9a:c5:2e:46:77:76:b6:41:a2:d1:f9:78:cf:2d:d9:46:
                    93:32:a0:4c:36:72:32:fa:d1:52:6d:d2:88:62:47:c3:
                    54:51:8e:d6:e4:6b:ac:8a:72:c6:90:25:b6:e7:5a:83:
                    f2:6a:0c:b5:71:ef:2f:a5:eb:c1:ed:80:91:21:01:07:
                    1e:4b:59:29:3d:e3:f6:95:32:ad:9c:79:98:17:6d:47
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b5:96:46:33:8e:37:95:6a:31:ad:0b:06:29:dd:05:a2:
        0b:f5:b2:4e:2f:de:56:d6:af:24:87:ef:4d:92:bf:7b:
        a9:14:fe:27:df:96:98:ce:d2:53:7a:1e:c4:9e:ca:0d:
        4b:98:99:f1:81:6e:7f:67:de:65:46:b8:09:4b:55:95:
        aa:f6:e8:1a:e0:dd:e8:17:f0:27:78:4e:49:cd:f4:a3:
        1f:4d:26:2c:8d:72:79:01:94:7e:31:65:43:be:7f:09:
        de:ff:c1:4a:b7:f8:26:fa:43:d2:f2:a4:5a:d8:c6:37:
        cc:b1:ce:fa:36:ea:ee:07:5c:6d:95:cd:e2:22:a0:98:
        3b:ee:11:fc:5e:a6:73:24:7e:9b:7a:71:b9:41:48:2c:
        e8:69:de:59:12:b3:58:6c:08:71:ae:4e:e0:29:a0:d0:
        ed:25:ac:41:38:e9:ad:78:d4:30:7b:49:ac:ce:77:13:
        f9:d8:57:1c:56:26:3d:92:c7:c0:32:5e:05:b0:86:f4:
        d4:00:ea:22:aa:23:ca:66:40:54:bc:01:fa:e8:62:75:
        13:00:54:5b:79:fa:b0:0d:45:75:a3:94:6e:7b:27:4a:
        8e:9e:57:73:40:ba:22:d6:d3:0f:ba:bc:b4:86:73:30:
        aa:c5:95:05:6d:47:2b:3f:bf:97:52:1b:13:98:00:c1
    Fingerprint (SHA-256):
        22:E0:DF:23:1A:EE:20:E4:BF:EC:F7:B1:7A:62:E5:15:8F:85:58:EC:00:0D:BE:45:42:63:41:77:42:54:5C:64
    Fingerprint (SHA1):
        D5:44:60:36:6E:36:59:EB:59:3E:D4:82:8E:24:23:D0:33:8B:7F:CE
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1974: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1975: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170309 (0x25711e45)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:22 2016
            Not After : Mon Jun 28 17:21:22 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:ea:fe:91:f8:a9:a8:27:b1:75:b6:dc:99:ce:de:7d:
                    65:e5:73:c0:be:b9:d4:6c:e5:06:3e:fd:bd:fc:5e:f8:
                    d4:eb:5c:c5:0a:b0:a4:32:13:12:8c:1a:48:3e:c0:a1:
                    cc:ba:ec:02:27:8b:87:ca:2b:c8:f6:fd:f3:68:1a:80:
                    b7:4e:d4:fe:a9:6f:8e:f2:5f:76:c9:40:a8:10:01:96:
                    45:6e:72:9a:df:b7:45:03:c1:6b:16:c5:10:d7:42:27:
                    99:38:15:b0:3c:11:f5:6b:f0:a9:a1:73:b5:0c:61:60:
                    b0:ff:99:06:98:1f:35:4d:85:a2:ce:f9:16:08:69:fd:
                    d0:c4:7b:db:e8:9a:16:b3:51:e2:ff:fe:fc:92:ef:e2:
                    1c:64:e3:78:32:eb:15:24:d9:50:e4:8c:d2:5c:81:ff:
                    07:a5:ba:d1:73:6c:f0:40:86:93:4c:72:65:71:08:ec:
                    06:d6:c1:82:0c:40:24:b3:3f:67:fe:52:ea:7d:41:87:
                    31:1c:f4:7f:81:11:78:08:cc:5b:9b:c9:16:f4:23:c5:
                    74:08:2c:b9:6b:d0:25:94:28:9c:62:43:3b:c1:fc:e3:
                    cc:20:f1:ca:8b:59:fe:25:10:61:c6:28:7e:fe:82:3a:
                    97:fb:54:ed:96:8b:88:00:f2:34:75:17:28:d6:c4:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4f:ec:9d:94:8c:96:d5:54:40:6e:f3:1a:07:fc:aa:da:
        39:a1:a7:7b:7d:75:be:7c:8d:a4:1f:3e:f1:1f:11:64:
        b3:80:dd:a7:34:f5:34:dc:f7:4c:37:82:7e:da:12:14:
        0a:05:a5:de:fa:4c:07:9e:e6:1d:a7:c3:e1:f5:32:8b:
        b2:ac:b4:85:21:29:58:37:61:7d:dc:54:f4:e6:2b:7e:
        93:0d:f8:25:5f:41:3a:c4:8b:44:53:aa:c7:b1:69:91:
        b0:bc:27:07:0e:72:60:5b:0b:7d:66:70:8f:13:40:76:
        47:ad:5c:e9:20:3a:db:4d:61:1a:f2:fc:a7:91:91:40:
        6d:f6:d3:60:8a:b6:fe:e3:ff:cc:6a:c9:71:6e:5d:e3:
        da:fc:40:93:ec:2c:b0:7e:1e:1c:d4:07:a3:04:3d:79:
        73:3a:d7:3e:e2:8b:d8:9b:15:86:cc:da:3c:d8:ef:ec:
        3b:d3:96:dc:e5:83:e8:80:ac:9e:47:7e:8e:c9:96:fc:
        3f:dd:21:b0:68:90:8c:46:08:00:94:44:da:08:fb:87:
        32:08:41:3c:4d:e4:ef:62:a4:00:22:07:8a:89:fd:79:
        3a:1b:6a:2a:b8:f1:40:67:e8:17:7b:ab:d6:64:94:9d:
        11:31:eb:a1:a2:88:37:84:c3:35:0e:4b:2d:8b:2f:b7
    Fingerprint (SHA-256):
        CD:B0:3A:6C:0F:14:20:BC:CA:6F:72:BF:7D:5A:93:0C:4D:04:6C:7F:18:25:14:79:23:0D:2B:94:31:0F:4D:34
    Fingerprint (SHA1):
        D6:C3:21:29:38:BF:5F:63:AA:F4:CF:5F:28:9F:AF:B2:86:EA:39:3E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1976: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #1977: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170307 (0x25711e43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:08 2016
            Not After : Mon Jun 28 17:21:08 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e0:63:ed:c1:cb:a5:01:18:2f:ea:72:44:0f:12:4d:0c:
                    81:40:d7:cc:c9:6e:09:4a:86:11:60:e4:a0:8a:fc:f9:
                    3b:cd:07:12:42:3b:7c:16:c3:25:c7:38:e5:9c:d1:c0:
                    ba:7e:03:35:dd:b2:46:f6:07:c9:41:4d:d9:95:08:8f:
                    9a:79:b5:85:8f:a7:92:06:bf:88:76:03:38:b8:ec:1f:
                    5d:7a:4c:68:fc:63:c8:12:cf:7f:3e:c2:8a:0b:31:52:
                    3e:42:5c:f7:05:9d:24:f9:75:e3:c4:7a:9a:2c:2a:b4:
                    c2:55:1c:68:1f:cc:02:4e:5f:ec:6c:6d:35:08:fc:b0:
                    d8:0a:3f:51:3b:f9:80:66:76:0a:8d:fd:0c:db:dc:84:
                    ec:9d:70:6f:fd:71:32:1e:74:be:ae:a4:76:c0:ea:9f:
                    84:c7:27:c8:97:24:d9:bc:ac:e6:6f:cf:c1:ea:90:0e:
                    b4:8e:1c:5f:2b:91:76:e0:48:8f:7a:1c:2e:aa:71:84:
                    8c:05:68:3b:9e:13:6d:fa:26:61:4a:75:b4:1d:85:d3:
                    fa:97:30:ee:fd:84:fb:69:5c:db:63:35:bd:e3:e4:89:
                    7c:9e:17:29:1c:22:4e:c8:e1:c4:87:22:d8:26:72:69:
                    48:7e:92:a6:a4:46:40:63:ed:04:d1:81:7d:84:b6:09
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a4:37:d6:38:25:bd:9b:69:7d:2e:64:22:9e:dc:3f:7c:
        fc:c8:c8:8d:f9:73:8c:c6:04:b8:ea:19:a9:1f:16:c5:
        31:9a:39:91:b4:37:1e:9c:fa:35:23:3f:d9:4b:c7:d1:
        d9:e6:c9:32:38:17:53:d3:8c:fa:0b:fb:0d:bb:ba:29:
        35:d1:94:2e:2f:5f:80:bf:23:cd:2d:51:a3:91:b7:c2:
        ce:b1:1c:a5:a0:75:17:4a:0e:0b:27:85:b8:a2:50:01:
        74:3a:fb:ec:c2:b8:25:77:19:a8:ee:d3:d8:f5:95:b0:
        22:bc:8b:48:66:0f:95:ae:27:73:71:ef:01:da:27:2d:
        e5:97:c5:ca:94:94:c9:35:d9:18:58:4a:32:e8:fc:cc:
        4f:7b:6c:5e:b5:63:40:1f:b2:15:84:53:31:53:d9:a0:
        ec:d2:6c:0c:70:6d:26:33:ca:ec:8a:7e:6d:61:da:91:
        9d:ff:9d:58:68:e1:e9:76:77:68:03:a7:c0:c2:73:cc:
        59:4b:4a:e0:6b:e5:a5:06:be:6d:0a:3a:7e:26:4a:62:
        ac:2a:dd:b1:c3:a0:08:21:b4:83:99:07:7b:af:2d:e5:
        11:da:ab:a8:cc:78:36:ee:e5:19:4d:2b:27:93:1f:1b:
        df:c6:3a:f8:54:54:15:8a:40:34:fb:f7:3c:29:39:fb
    Fingerprint (SHA-256):
        14:2E:B0:42:36:FC:B2:9B:53:54:DD:73:5D:97:C3:F8:8E:22:25:C4:6A:57:1A:5E:4A:E4:9F:28:1C:D2:67:3B
    Fingerprint (SHA1):
        19:7F:FF:35:C2:95:34:54:6E:6A:FA:13:BF:EF:71:F9:B4:7D:D1:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1978: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170307 (0x25711e43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:08 2016
            Not After : Mon Jun 28 17:21:08 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e0:63:ed:c1:cb:a5:01:18:2f:ea:72:44:0f:12:4d:0c:
                    81:40:d7:cc:c9:6e:09:4a:86:11:60:e4:a0:8a:fc:f9:
                    3b:cd:07:12:42:3b:7c:16:c3:25:c7:38:e5:9c:d1:c0:
                    ba:7e:03:35:dd:b2:46:f6:07:c9:41:4d:d9:95:08:8f:
                    9a:79:b5:85:8f:a7:92:06:bf:88:76:03:38:b8:ec:1f:
                    5d:7a:4c:68:fc:63:c8:12:cf:7f:3e:c2:8a:0b:31:52:
                    3e:42:5c:f7:05:9d:24:f9:75:e3:c4:7a:9a:2c:2a:b4:
                    c2:55:1c:68:1f:cc:02:4e:5f:ec:6c:6d:35:08:fc:b0:
                    d8:0a:3f:51:3b:f9:80:66:76:0a:8d:fd:0c:db:dc:84:
                    ec:9d:70:6f:fd:71:32:1e:74:be:ae:a4:76:c0:ea:9f:
                    84:c7:27:c8:97:24:d9:bc:ac:e6:6f:cf:c1:ea:90:0e:
                    b4:8e:1c:5f:2b:91:76:e0:48:8f:7a:1c:2e:aa:71:84:
                    8c:05:68:3b:9e:13:6d:fa:26:61:4a:75:b4:1d:85:d3:
                    fa:97:30:ee:fd:84:fb:69:5c:db:63:35:bd:e3:e4:89:
                    7c:9e:17:29:1c:22:4e:c8:e1:c4:87:22:d8:26:72:69:
                    48:7e:92:a6:a4:46:40:63:ed:04:d1:81:7d:84:b6:09
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a4:37:d6:38:25:bd:9b:69:7d:2e:64:22:9e:dc:3f:7c:
        fc:c8:c8:8d:f9:73:8c:c6:04:b8:ea:19:a9:1f:16:c5:
        31:9a:39:91:b4:37:1e:9c:fa:35:23:3f:d9:4b:c7:d1:
        d9:e6:c9:32:38:17:53:d3:8c:fa:0b:fb:0d:bb:ba:29:
        35:d1:94:2e:2f:5f:80:bf:23:cd:2d:51:a3:91:b7:c2:
        ce:b1:1c:a5:a0:75:17:4a:0e:0b:27:85:b8:a2:50:01:
        74:3a:fb:ec:c2:b8:25:77:19:a8:ee:d3:d8:f5:95:b0:
        22:bc:8b:48:66:0f:95:ae:27:73:71:ef:01:da:27:2d:
        e5:97:c5:ca:94:94:c9:35:d9:18:58:4a:32:e8:fc:cc:
        4f:7b:6c:5e:b5:63:40:1f:b2:15:84:53:31:53:d9:a0:
        ec:d2:6c:0c:70:6d:26:33:ca:ec:8a:7e:6d:61:da:91:
        9d:ff:9d:58:68:e1:e9:76:77:68:03:a7:c0:c2:73:cc:
        59:4b:4a:e0:6b:e5:a5:06:be:6d:0a:3a:7e:26:4a:62:
        ac:2a:dd:b1:c3:a0:08:21:b4:83:99:07:7b:af:2d:e5:
        11:da:ab:a8:cc:78:36:ee:e5:19:4d:2b:27:93:1f:1b:
        df:c6:3a:f8:54:54:15:8a:40:34:fb:f7:3c:29:39:fb
    Fingerprint (SHA-256):
        14:2E:B0:42:36:FC:B2:9B:53:54:DD:73:5D:97:C3:F8:8E:22:25:C4:6A:57:1A:5E:4A:E4:9F:28:1C:D2:67:3B
    Fingerprint (SHA1):
        19:7F:FF:35:C2:95:34:54:6E:6A:FA:13:BF:EF:71:F9:B4:7D:D1:17
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #1979: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170308 (0x25711e44)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:12 2016
            Not After : Mon Jun 28 17:21:12 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:43:1c:a2:f3:86:35:29:70:23:ae:09:0f:c4:74:89:
                    b4:0c:27:77:03:88:fe:b1:0b:5f:8b:12:d2:71:ae:e0:
                    3c:46:16:9a:2c:d5:73:e2:03:f7:85:91:c1:9e:61:ea:
                    6e:15:ce:28:e0:63:ff:0f:70:64:cc:0f:39:f7:42:0d:
                    2f:32:98:4c:bb:ea:89:42:f4:cf:a4:c6:2a:cf:c2:74:
                    a4:12:3a:e9:40:67:e7:78:8d:5c:d1:0b:41:c2:89:47:
                    27:e3:de:57:f6:b2:e7:46:fd:fa:41:10:a0:ac:fb:7c:
                    e2:f3:04:10:16:b1:34:79:2d:94:9b:b9:90:63:6e:98:
                    f0:2c:33:fd:6a:02:97:c8:09:6c:bd:28:21:47:ea:4b:
                    f7:1a:28:b7:d9:cc:b0:3a:e4:ee:fe:99:87:31:4d:87:
                    95:fb:d8:81:8d:40:d6:05:1a:cb:72:9f:00:a5:02:92:
                    9a:c5:2e:46:77:76:b6:41:a2:d1:f9:78:cf:2d:d9:46:
                    93:32:a0:4c:36:72:32:fa:d1:52:6d:d2:88:62:47:c3:
                    54:51:8e:d6:e4:6b:ac:8a:72:c6:90:25:b6:e7:5a:83:
                    f2:6a:0c:b5:71:ef:2f:a5:eb:c1:ed:80:91:21:01:07:
                    1e:4b:59:29:3d:e3:f6:95:32:ad:9c:79:98:17:6d:47
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b5:96:46:33:8e:37:95:6a:31:ad:0b:06:29:dd:05:a2:
        0b:f5:b2:4e:2f:de:56:d6:af:24:87:ef:4d:92:bf:7b:
        a9:14:fe:27:df:96:98:ce:d2:53:7a:1e:c4:9e:ca:0d:
        4b:98:99:f1:81:6e:7f:67:de:65:46:b8:09:4b:55:95:
        aa:f6:e8:1a:e0:dd:e8:17:f0:27:78:4e:49:cd:f4:a3:
        1f:4d:26:2c:8d:72:79:01:94:7e:31:65:43:be:7f:09:
        de:ff:c1:4a:b7:f8:26:fa:43:d2:f2:a4:5a:d8:c6:37:
        cc:b1:ce:fa:36:ea:ee:07:5c:6d:95:cd:e2:22:a0:98:
        3b:ee:11:fc:5e:a6:73:24:7e:9b:7a:71:b9:41:48:2c:
        e8:69:de:59:12:b3:58:6c:08:71:ae:4e:e0:29:a0:d0:
        ed:25:ac:41:38:e9:ad:78:d4:30:7b:49:ac:ce:77:13:
        f9:d8:57:1c:56:26:3d:92:c7:c0:32:5e:05:b0:86:f4:
        d4:00:ea:22:aa:23:ca:66:40:54:bc:01:fa:e8:62:75:
        13:00:54:5b:79:fa:b0:0d:45:75:a3:94:6e:7b:27:4a:
        8e:9e:57:73:40:ba:22:d6:d3:0f:ba:bc:b4:86:73:30:
        aa:c5:95:05:6d:47:2b:3f:bf:97:52:1b:13:98:00:c1
    Fingerprint (SHA-256):
        22:E0:DF:23:1A:EE:20:E4:BF:EC:F7:B1:7A:62:E5:15:8F:85:58:EC:00:0D:BE:45:42:63:41:77:42:54:5C:64
    Fingerprint (SHA1):
        D5:44:60:36:6E:36:59:EB:59:3E:D4:82:8E:24:23:D0:33:8B:7F:CE
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1980: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170308 (0x25711e44)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:12 2016
            Not After : Mon Jun 28 17:21:12 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:43:1c:a2:f3:86:35:29:70:23:ae:09:0f:c4:74:89:
                    b4:0c:27:77:03:88:fe:b1:0b:5f:8b:12:d2:71:ae:e0:
                    3c:46:16:9a:2c:d5:73:e2:03:f7:85:91:c1:9e:61:ea:
                    6e:15:ce:28:e0:63:ff:0f:70:64:cc:0f:39:f7:42:0d:
                    2f:32:98:4c:bb:ea:89:42:f4:cf:a4:c6:2a:cf:c2:74:
                    a4:12:3a:e9:40:67:e7:78:8d:5c:d1:0b:41:c2:89:47:
                    27:e3:de:57:f6:b2:e7:46:fd:fa:41:10:a0:ac:fb:7c:
                    e2:f3:04:10:16:b1:34:79:2d:94:9b:b9:90:63:6e:98:
                    f0:2c:33:fd:6a:02:97:c8:09:6c:bd:28:21:47:ea:4b:
                    f7:1a:28:b7:d9:cc:b0:3a:e4:ee:fe:99:87:31:4d:87:
                    95:fb:d8:81:8d:40:d6:05:1a:cb:72:9f:00:a5:02:92:
                    9a:c5:2e:46:77:76:b6:41:a2:d1:f9:78:cf:2d:d9:46:
                    93:32:a0:4c:36:72:32:fa:d1:52:6d:d2:88:62:47:c3:
                    54:51:8e:d6:e4:6b:ac:8a:72:c6:90:25:b6:e7:5a:83:
                    f2:6a:0c:b5:71:ef:2f:a5:eb:c1:ed:80:91:21:01:07:
                    1e:4b:59:29:3d:e3:f6:95:32:ad:9c:79:98:17:6d:47
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b5:96:46:33:8e:37:95:6a:31:ad:0b:06:29:dd:05:a2:
        0b:f5:b2:4e:2f:de:56:d6:af:24:87:ef:4d:92:bf:7b:
        a9:14:fe:27:df:96:98:ce:d2:53:7a:1e:c4:9e:ca:0d:
        4b:98:99:f1:81:6e:7f:67:de:65:46:b8:09:4b:55:95:
        aa:f6:e8:1a:e0:dd:e8:17:f0:27:78:4e:49:cd:f4:a3:
        1f:4d:26:2c:8d:72:79:01:94:7e:31:65:43:be:7f:09:
        de:ff:c1:4a:b7:f8:26:fa:43:d2:f2:a4:5a:d8:c6:37:
        cc:b1:ce:fa:36:ea:ee:07:5c:6d:95:cd:e2:22:a0:98:
        3b:ee:11:fc:5e:a6:73:24:7e:9b:7a:71:b9:41:48:2c:
        e8:69:de:59:12:b3:58:6c:08:71:ae:4e:e0:29:a0:d0:
        ed:25:ac:41:38:e9:ad:78:d4:30:7b:49:ac:ce:77:13:
        f9:d8:57:1c:56:26:3d:92:c7:c0:32:5e:05:b0:86:f4:
        d4:00:ea:22:aa:23:ca:66:40:54:bc:01:fa:e8:62:75:
        13:00:54:5b:79:fa:b0:0d:45:75:a3:94:6e:7b:27:4a:
        8e:9e:57:73:40:ba:22:d6:d3:0f:ba:bc:b4:86:73:30:
        aa:c5:95:05:6d:47:2b:3f:bf:97:52:1b:13:98:00:c1
    Fingerprint (SHA-256):
        22:E0:DF:23:1A:EE:20:E4:BF:EC:F7:B1:7A:62:E5:15:8F:85:58:EC:00:0D:BE:45:42:63:41:77:42:54:5C:64
    Fingerprint (SHA1):
        D5:44:60:36:6E:36:59:EB:59:3E:D4:82:8E:24:23:D0:33:8B:7F:CE
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1981: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170309 (0x25711e45)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:22 2016
            Not After : Mon Jun 28 17:21:22 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:ea:fe:91:f8:a9:a8:27:b1:75:b6:dc:99:ce:de:7d:
                    65:e5:73:c0:be:b9:d4:6c:e5:06:3e:fd:bd:fc:5e:f8:
                    d4:eb:5c:c5:0a:b0:a4:32:13:12:8c:1a:48:3e:c0:a1:
                    cc:ba:ec:02:27:8b:87:ca:2b:c8:f6:fd:f3:68:1a:80:
                    b7:4e:d4:fe:a9:6f:8e:f2:5f:76:c9:40:a8:10:01:96:
                    45:6e:72:9a:df:b7:45:03:c1:6b:16:c5:10:d7:42:27:
                    99:38:15:b0:3c:11:f5:6b:f0:a9:a1:73:b5:0c:61:60:
                    b0:ff:99:06:98:1f:35:4d:85:a2:ce:f9:16:08:69:fd:
                    d0:c4:7b:db:e8:9a:16:b3:51:e2:ff:fe:fc:92:ef:e2:
                    1c:64:e3:78:32:eb:15:24:d9:50:e4:8c:d2:5c:81:ff:
                    07:a5:ba:d1:73:6c:f0:40:86:93:4c:72:65:71:08:ec:
                    06:d6:c1:82:0c:40:24:b3:3f:67:fe:52:ea:7d:41:87:
                    31:1c:f4:7f:81:11:78:08:cc:5b:9b:c9:16:f4:23:c5:
                    74:08:2c:b9:6b:d0:25:94:28:9c:62:43:3b:c1:fc:e3:
                    cc:20:f1:ca:8b:59:fe:25:10:61:c6:28:7e:fe:82:3a:
                    97:fb:54:ed:96:8b:88:00:f2:34:75:17:28:d6:c4:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4f:ec:9d:94:8c:96:d5:54:40:6e:f3:1a:07:fc:aa:da:
        39:a1:a7:7b:7d:75:be:7c:8d:a4:1f:3e:f1:1f:11:64:
        b3:80:dd:a7:34:f5:34:dc:f7:4c:37:82:7e:da:12:14:
        0a:05:a5:de:fa:4c:07:9e:e6:1d:a7:c3:e1:f5:32:8b:
        b2:ac:b4:85:21:29:58:37:61:7d:dc:54:f4:e6:2b:7e:
        93:0d:f8:25:5f:41:3a:c4:8b:44:53:aa:c7:b1:69:91:
        b0:bc:27:07:0e:72:60:5b:0b:7d:66:70:8f:13:40:76:
        47:ad:5c:e9:20:3a:db:4d:61:1a:f2:fc:a7:91:91:40:
        6d:f6:d3:60:8a:b6:fe:e3:ff:cc:6a:c9:71:6e:5d:e3:
        da:fc:40:93:ec:2c:b0:7e:1e:1c:d4:07:a3:04:3d:79:
        73:3a:d7:3e:e2:8b:d8:9b:15:86:cc:da:3c:d8:ef:ec:
        3b:d3:96:dc:e5:83:e8:80:ac:9e:47:7e:8e:c9:96:fc:
        3f:dd:21:b0:68:90:8c:46:08:00:94:44:da:08:fb:87:
        32:08:41:3c:4d:e4:ef:62:a4:00:22:07:8a:89:fd:79:
        3a:1b:6a:2a:b8:f1:40:67:e8:17:7b:ab:d6:64:94:9d:
        11:31:eb:a1:a2:88:37:84:c3:35:0e:4b:2d:8b:2f:b7
    Fingerprint (SHA-256):
        CD:B0:3A:6C:0F:14:20:BC:CA:6F:72:BF:7D:5A:93:0C:4D:04:6C:7F:18:25:14:79:23:0D:2B:94:31:0F:4D:34
    Fingerprint (SHA1):
        D6:C3:21:29:38:BF:5F:63:AA:F4:CF:5F:28:9F:AF:B2:86:EA:39:3E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1982: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170309 (0x25711e45)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:22 2016
            Not After : Mon Jun 28 17:21:22 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:ea:fe:91:f8:a9:a8:27:b1:75:b6:dc:99:ce:de:7d:
                    65:e5:73:c0:be:b9:d4:6c:e5:06:3e:fd:bd:fc:5e:f8:
                    d4:eb:5c:c5:0a:b0:a4:32:13:12:8c:1a:48:3e:c0:a1:
                    cc:ba:ec:02:27:8b:87:ca:2b:c8:f6:fd:f3:68:1a:80:
                    b7:4e:d4:fe:a9:6f:8e:f2:5f:76:c9:40:a8:10:01:96:
                    45:6e:72:9a:df:b7:45:03:c1:6b:16:c5:10:d7:42:27:
                    99:38:15:b0:3c:11:f5:6b:f0:a9:a1:73:b5:0c:61:60:
                    b0:ff:99:06:98:1f:35:4d:85:a2:ce:f9:16:08:69:fd:
                    d0:c4:7b:db:e8:9a:16:b3:51:e2:ff:fe:fc:92:ef:e2:
                    1c:64:e3:78:32:eb:15:24:d9:50:e4:8c:d2:5c:81:ff:
                    07:a5:ba:d1:73:6c:f0:40:86:93:4c:72:65:71:08:ec:
                    06:d6:c1:82:0c:40:24:b3:3f:67:fe:52:ea:7d:41:87:
                    31:1c:f4:7f:81:11:78:08:cc:5b:9b:c9:16:f4:23:c5:
                    74:08:2c:b9:6b:d0:25:94:28:9c:62:43:3b:c1:fc:e3:
                    cc:20:f1:ca:8b:59:fe:25:10:61:c6:28:7e:fe:82:3a:
                    97:fb:54:ed:96:8b:88:00:f2:34:75:17:28:d6:c4:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4f:ec:9d:94:8c:96:d5:54:40:6e:f3:1a:07:fc:aa:da:
        39:a1:a7:7b:7d:75:be:7c:8d:a4:1f:3e:f1:1f:11:64:
        b3:80:dd:a7:34:f5:34:dc:f7:4c:37:82:7e:da:12:14:
        0a:05:a5:de:fa:4c:07:9e:e6:1d:a7:c3:e1:f5:32:8b:
        b2:ac:b4:85:21:29:58:37:61:7d:dc:54:f4:e6:2b:7e:
        93:0d:f8:25:5f:41:3a:c4:8b:44:53:aa:c7:b1:69:91:
        b0:bc:27:07:0e:72:60:5b:0b:7d:66:70:8f:13:40:76:
        47:ad:5c:e9:20:3a:db:4d:61:1a:f2:fc:a7:91:91:40:
        6d:f6:d3:60:8a:b6:fe:e3:ff:cc:6a:c9:71:6e:5d:e3:
        da:fc:40:93:ec:2c:b0:7e:1e:1c:d4:07:a3:04:3d:79:
        73:3a:d7:3e:e2:8b:d8:9b:15:86:cc:da:3c:d8:ef:ec:
        3b:d3:96:dc:e5:83:e8:80:ac:9e:47:7e:8e:c9:96:fc:
        3f:dd:21:b0:68:90:8c:46:08:00:94:44:da:08:fb:87:
        32:08:41:3c:4d:e4:ef:62:a4:00:22:07:8a:89:fd:79:
        3a:1b:6a:2a:b8:f1:40:67:e8:17:7b:ab:d6:64:94:9d:
        11:31:eb:a1:a2:88:37:84:c3:35:0e:4b:2d:8b:2f:b7
    Fingerprint (SHA-256):
        CD:B0:3A:6C:0F:14:20:BC:CA:6F:72:BF:7D:5A:93:0C:4D:04:6C:7F:18:25:14:79:23:0D:2B:94:31:0F:4D:34
    Fingerprint (SHA1):
        D6:C3:21:29:38:BF:5F:63:AA:F4:CF:5F:28:9F:AF:B2:86:EA:39:3E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #1983: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #1984: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170312 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #1985: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #1986: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #1987: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1988: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170313   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1989: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1990: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #1991: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1992: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170314   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #1993: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1994: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #1995: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #1996: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628170315   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #1997: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #1998: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #1999: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2000: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628170316   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2001: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2002: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #2003: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2004: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628170317   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2005: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2006: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #2007: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2008: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628170318   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2009: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2010: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2011: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #2012: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #2013: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #2014: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #2015: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170312 (0x25711e48)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:38 2016
            Not After : Mon Jun 28 17:21:38 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:3f:00:b3:bf:9a:42:b0:4f:59:51:4f:ac:d3:16:e5:
                    16:81:f9:fd:81:dd:93:07:9b:8e:df:99:a6:a3:06:3b:
                    cc:1f:25:64:34:cf:09:3c:17:cf:c5:43:13:d2:d8:38:
                    43:a9:c3:32:f5:4e:44:40:4b:97:0e:dd:ba:3e:14:c9:
                    1c:88:0e:75:72:ed:98:b9:99:50:d2:32:33:dd:27:5c:
                    c1:21:1f:c6:84:d2:71:d4:7d:5e:6e:7b:20:49:28:d0:
                    17:85:a0:da:fe:3b:9c:2e:be:ff:e4:39:f9:31:10:2f:
                    18:c4:56:0f:04:22:1d:58:0c:56:9b:73:1d:47:47:dd:
                    2c:4a:d4:24:0d:17:c6:83:44:ab:49:ce:2c:8f:04:48:
                    10:84:2e:e2:45:47:2f:d1:fd:51:f1:e7:03:e8:d0:ba:
                    5f:24:ad:50:46:af:6d:14:62:b8:f0:50:e9:f4:7a:fb:
                    98:dc:2b:c3:13:03:6e:c9:56:32:87:f1:47:b4:f6:5a:
                    a4:b7:9a:4b:4a:4e:1e:1f:1f:51:2f:55:c6:87:03:d5:
                    7d:95:b9:29:5b:07:d8:75:12:54:d4:b4:43:f3:5c:a8:
                    15:3d:ca:ad:50:56:9b:d8:20:bc:60:c4:7c:b5:33:10:
                    33:eb:fe:95:b2:b7:91:5f:fe:04:d9:83:11:79:84:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        16:0d:7e:e0:44:b6:f2:8c:50:bb:40:bb:34:b5:e0:67:
        f9:3f:c1:6b:8b:64:35:d7:b7:4b:39:f2:9f:6c:ac:88:
        99:b8:73:74:73:6d:f4:1c:b3:89:c5:fb:d3:71:20:7b:
        d2:b5:91:c6:45:68:ab:e5:70:b7:77:12:b3:8d:a2:e9:
        17:8d:17:a5:b9:ab:96:10:f4:f9:65:c5:4b:80:65:43:
        4e:57:09:a9:f9:ce:45:5e:35:84:a0:53:8f:fd:7e:d5:
        44:03:bf:b5:01:45:c0:bd:6b:ba:0e:3a:57:5a:c8:8b:
        14:bd:66:91:b3:6e:cf:36:6d:08:7f:36:09:f1:4b:43:
        29:6e:c4:e3:43:52:0b:08:96:b2:3d:7d:27:ac:2b:8d:
        60:21:3c:d6:c8:4e:06:7c:a7:4a:2e:b6:7e:b2:ed:e5:
        7e:e1:78:57:4f:42:f6:33:d3:1c:05:71:f0:76:90:0a:
        d0:5d:b6:5b:d1:6b:31:82:7c:98:f5:ea:16:c3:0a:62:
        d6:f3:50:92:1a:85:34:99:3f:35:9a:8a:bd:7b:0b:d6:
        f9:de:30:91:33:20:02:db:fb:18:5f:28:b7:af:80:cb:
        29:ad:90:73:7f:38:1e:ea:1f:0a:54:71:14:3c:24:35:
        94:bb:87:a0:ba:dc:c2:8c:97:16:61:82:c2:47:87:8f
    Fingerprint (SHA-256):
        DA:39:E3:CA:95:F7:D7:B0:18:6C:6C:5F:45:05:FF:DD:99:D0:3B:9D:EE:3C:22:64:59:6C:47:B5:BC:46:AF:DC
    Fingerprint (SHA1):
        06:7F:4D:BD:4B:AE:3F:F8:FA:40:D7:0D:47:90:1E:10:87:04:71:07
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2016: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2017: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2018: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2019: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170312 (0x25711e48)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:21:38 2016
            Not After : Mon Jun 28 17:21:38 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:3f:00:b3:bf:9a:42:b0:4f:59:51:4f:ac:d3:16:e5:
                    16:81:f9:fd:81:dd:93:07:9b:8e:df:99:a6:a3:06:3b:
                    cc:1f:25:64:34:cf:09:3c:17:cf:c5:43:13:d2:d8:38:
                    43:a9:c3:32:f5:4e:44:40:4b:97:0e:dd:ba:3e:14:c9:
                    1c:88:0e:75:72:ed:98:b9:99:50:d2:32:33:dd:27:5c:
                    c1:21:1f:c6:84:d2:71:d4:7d:5e:6e:7b:20:49:28:d0:
                    17:85:a0:da:fe:3b:9c:2e:be:ff:e4:39:f9:31:10:2f:
                    18:c4:56:0f:04:22:1d:58:0c:56:9b:73:1d:47:47:dd:
                    2c:4a:d4:24:0d:17:c6:83:44:ab:49:ce:2c:8f:04:48:
                    10:84:2e:e2:45:47:2f:d1:fd:51:f1:e7:03:e8:d0:ba:
                    5f:24:ad:50:46:af:6d:14:62:b8:f0:50:e9:f4:7a:fb:
                    98:dc:2b:c3:13:03:6e:c9:56:32:87:f1:47:b4:f6:5a:
                    a4:b7:9a:4b:4a:4e:1e:1f:1f:51:2f:55:c6:87:03:d5:
                    7d:95:b9:29:5b:07:d8:75:12:54:d4:b4:43:f3:5c:a8:
                    15:3d:ca:ad:50:56:9b:d8:20:bc:60:c4:7c:b5:33:10:
                    33:eb:fe:95:b2:b7:91:5f:fe:04:d9:83:11:79:84:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        16:0d:7e:e0:44:b6:f2:8c:50:bb:40:bb:34:b5:e0:67:
        f9:3f:c1:6b:8b:64:35:d7:b7:4b:39:f2:9f:6c:ac:88:
        99:b8:73:74:73:6d:f4:1c:b3:89:c5:fb:d3:71:20:7b:
        d2:b5:91:c6:45:68:ab:e5:70:b7:77:12:b3:8d:a2:e9:
        17:8d:17:a5:b9:ab:96:10:f4:f9:65:c5:4b:80:65:43:
        4e:57:09:a9:f9:ce:45:5e:35:84:a0:53:8f:fd:7e:d5:
        44:03:bf:b5:01:45:c0:bd:6b:ba:0e:3a:57:5a:c8:8b:
        14:bd:66:91:b3:6e:cf:36:6d:08:7f:36:09:f1:4b:43:
        29:6e:c4:e3:43:52:0b:08:96:b2:3d:7d:27:ac:2b:8d:
        60:21:3c:d6:c8:4e:06:7c:a7:4a:2e:b6:7e:b2:ed:e5:
        7e:e1:78:57:4f:42:f6:33:d3:1c:05:71:f0:76:90:0a:
        d0:5d:b6:5b:d1:6b:31:82:7c:98:f5:ea:16:c3:0a:62:
        d6:f3:50:92:1a:85:34:99:3f:35:9a:8a:bd:7b:0b:d6:
        f9:de:30:91:33:20:02:db:fb:18:5f:28:b7:af:80:cb:
        29:ad:90:73:7f:38:1e:ea:1f:0a:54:71:14:3c:24:35:
        94:bb:87:a0:ba:dc:c2:8c:97:16:61:82:c2:47:87:8f
    Fingerprint (SHA-256):
        DA:39:E3:CA:95:F7:D7:B0:18:6C:6C:5F:45:05:FF:DD:99:D0:3B:9D:EE:3C:22:64:59:6C:47:B5:BC:46:AF:DC
    Fingerprint (SHA1):
        06:7F:4D:BD:4B:AE:3F:F8:FA:40:D7:0D:47:90:1E:10:87:04:71:07
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2020: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2021: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #2022: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170319 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2023: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #2024: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2025: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2026: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170320   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #2027: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2028: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #2029: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2030: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628170321   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2031: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2032: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #2033: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2034: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628170322   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2035: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2036: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2037: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2038: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628170323   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2039: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2040: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #2041: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2042: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628170324   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2043: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2044: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #2045: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2046: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628170325   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2047: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2048: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2049: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2050: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628170326   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2051: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2052: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #2053: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2054: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628170327   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #2055: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2056: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #2057: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2058: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628170328   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2059: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2060: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #2061: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2062: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628170329   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2063: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2064: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #2065: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2066: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628170330   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2067: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2068: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #2069: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2070: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628170331   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2071: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2072: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #2073: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2074: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628170332   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2075: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2076: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #2077: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2078: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628170333   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2079: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2080: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #2081: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2082: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628170334   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2083: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2084: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #2085: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2086: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628170335   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2087: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2088: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #2089: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2090: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628170336   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #2091: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2092: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #2093: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2094: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628170337   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2095: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2096: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #2097: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2098: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628170338   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2099: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2100: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #2101: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2102: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628170339   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2103: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2104: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #2105: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2106: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628170340   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2107: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2108: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #2109: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2110: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628170341   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2111: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2112: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #2113: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2114: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628170342   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2115: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2116: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #2117: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2118: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628170343   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2119: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2120: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #2121: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2122: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628170344   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2123: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2124: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #2125: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2126: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628170345   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2127: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2128: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #2129: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2130: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628170346   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2131: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2132: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #2133: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2134: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628170347   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2135: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2136: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #2137: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2138: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628170348   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2139: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2140: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2141: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2142: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2143: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2144: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2145: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2146: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2147: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2148: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2149: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2150: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2151: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2152: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2153: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2154: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2155: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2156: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2157: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2158: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2159: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #2160: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #2161: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #2162: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #2163: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170319 (0x25711e4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:22:17 2016
            Not After : Mon Jun 28 17:22:17 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:64:7e:2d:a8:a7:73:b6:97:f7:c8:b7:7f:42:80:cd:
                    98:82:1c:9a:6a:52:de:87:2b:4e:fd:d6:35:af:fc:97:
                    18:c9:80:e3:1e:c1:66:dc:fd:be:40:f9:08:28:b3:d0:
                    9d:5b:d8:22:6e:8d:5c:b9:0d:93:d0:aa:ab:64:7f:f4:
                    89:57:cf:81:00:06:1a:78:52:54:7f:03:95:e7:2b:e8:
                    24:77:76:18:80:a1:17:97:1d:d7:4d:5f:28:c8:3a:7f:
                    16:b7:91:a3:c4:f8:a4:92:ca:39:5c:79:7f:c8:2f:24:
                    ad:f9:ac:fb:29:64:b5:11:31:e5:61:51:5f:dc:6e:41:
                    32:32:d1:68:71:c0:60:37:50:ee:51:71:5b:56:53:c7:
                    4e:de:cc:92:80:bf:c7:49:16:2c:95:2c:68:89:14:55:
                    47:c2:35:21:19:cb:f6:dc:81:05:98:70:89:3b:7e:63:
                    f3:83:bb:6f:6e:ce:68:0b:c7:51:a2:b0:9a:80:f7:6c:
                    53:6b:ca:10:4c:23:47:4c:aa:47:db:4e:b0:9b:89:7b:
                    42:81:1a:a1:3b:de:5e:8b:df:e2:d7:a2:00:a5:c8:69:
                    04:ef:04:8d:ea:9e:13:04:84:aa:97:45:44:64:82:17:
                    bc:b1:aa:fe:20:97:76:ca:21:2f:42:fb:4c:d3:d0:d7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        88:7e:ad:d4:99:5f:43:5a:f4:f8:0b:76:30:8f:b9:f8:
        73:9d:32:a3:2d:9d:39:2f:03:0a:21:7b:2e:2a:4f:d2:
        33:56:76:f5:7f:ac:20:64:72:f9:ae:31:be:88:4d:38:
        48:5a:76:d4:32:5a:c1:df:85:e2:5e:3c:cf:9e:7b:3b:
        54:47:64:b7:e3:0c:a6:9e:49:a5:35:55:dd:3f:f0:81:
        41:76:99:0c:04:c7:b4:f5:86:0f:67:af:60:88:41:dd:
        7e:53:51:44:17:44:2c:94:15:7c:c3:f7:53:29:9d:7e:
        fa:11:02:29:a6:80:34:bb:52:a7:ee:e4:6d:d9:3f:21:
        1c:e6:74:e8:4f:36:57:b8:ed:c4:83:74:2c:cd:c6:27:
        b2:0b:20:81:02:eb:5f:39:c6:0d:65:ef:c0:9e:ee:a3:
        8f:46:fd:4b:d1:aa:ce:92:4c:11:38:09:71:63:5e:8c:
        63:69:75:1a:b7:93:e6:fd:a3:aa:17:96:13:13:a4:c1:
        6c:f7:46:d8:67:02:c1:1c:97:90:6a:ae:33:db:b3:86:
        da:a7:ec:d2:a8:6c:b7:7a:6d:ca:18:ff:17:e8:66:38:
        b6:7d:2e:d1:8a:b3:7e:3f:9b:bf:04:6d:77:d6:f3:92:
        82:41:9b:b8:47:56:e6:52:04:86:7b:01:26:4f:0d:4f
    Fingerprint (SHA-256):
        B9:E1:15:8C:56:98:A2:D8:72:6B:D7:2C:CC:D2:94:FF:AD:16:FA:2D:45:D8:FA:B6:E6:6B:0A:B6:A9:D3:80:56
    Fingerprint (SHA1):
        6D:4D:06:9D:02:66:92:5B:D3:BB:AB:FB:4E:A7:CF:F1:A6:8A:67:91
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #2164: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2165: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2166: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170349 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2167: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2168: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #2169: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2170: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628170350   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2171: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2172: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #2173: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2174: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628170351   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2175: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2176: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #2177: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2178: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628170352   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2179: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2180: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #2181: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2182: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628170353   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2183: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2184: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #2185: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2186: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628170354   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2187: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2188: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #2189: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2190: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628170355   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2191: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2192: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2193: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170349 (0x25711e6d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:25:43 2016
            Not After : Mon Jun 28 17:25:43 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:33:c8:1a:d8:9c:cb:32:bf:c5:13:4a:8e:2a:8c:d9:
                    23:cb:20:c9:89:e2:b2:d0:37:24:47:13:dc:6d:b8:1f:
                    40:cd:90:fc:96:ba:f4:51:13:0e:64:40:4d:b3:c5:9f:
                    86:1f:d4:c5:06:e8:d6:f7:2c:41:c5:42:f3:74:9e:33:
                    52:14:13:19:60:fb:56:39:65:54:17:5e:0d:1a:f0:55:
                    7d:e4:cd:a2:be:ea:51:46:d3:0c:e8:63:41:bc:ef:08:
                    de:2a:78:16:32:b6:3f:50:64:15:13:04:a1:e3:84:85:
                    1c:f2:db:a5:d0:55:54:43:c1:65:50:ef:16:8a:ad:a9:
                    31:52:0b:8d:18:97:fc:67:88:23:0e:db:bd:49:fa:bf:
                    26:d6:fc:d0:90:a2:77:21:86:4d:1c:b6:f3:7c:1c:d6:
                    be:01:6f:a0:f8:58:31:75:ee:c2:d7:c6:d1:17:12:28:
                    f8:12:b5:46:d6:fb:09:41:a2:70:e4:bd:33:a4:be:d6:
                    61:21:38:b8:b5:c8:7c:43:6e:10:b7:12:45:7e:60:cd:
                    d3:62:33:c4:03:67:c2:3b:c5:64:73:1a:15:6f:de:59:
                    57:93:9c:2f:a4:b1:05:23:24:ec:cb:43:13:6f:54:6d:
                    18:24:51:f4:34:e2:44:c2:aa:5b:80:75:7b:a5:e5:25
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4a:dd:97:fb:1c:ff:97:a0:f8:b0:14:9a:ac:88:30:2f:
        7f:a5:ac:c0:c3:70:14:0d:97:f3:fd:e0:cc:de:c3:60:
        8f:35:37:38:3c:fc:ae:60:19:de:7e:24:25:ec:0e:25:
        13:32:a0:b5:34:c0:0a:4a:0c:5c:42:e2:0a:8c:f6:11:
        6e:37:1b:9e:3d:21:79:83:97:f0:de:3f:d5:4f:ce:75:
        f7:17:00:95:b2:04:aa:f9:71:83:8e:64:1f:d0:6b:9a:
        d6:08:84:cb:f4:34:85:f8:d7:b3:58:0f:9b:92:e7:c6:
        ac:b9:24:93:78:38:e3:2d:b0:4c:f4:34:9f:62:85:6c:
        72:95:a5:ca:b7:45:6c:ac:e5:8a:44:45:d3:cd:d0:85:
        d9:77:9e:f4:73:91:2b:65:2d:7e:01:c8:2c:8a:02:f0:
        ff:9e:2f:c2:0f:4a:a5:e8:75:0b:12:ed:bc:9b:04:b1:
        97:e1:12:a5:39:47:bf:1a:f4:81:bf:16:d9:d7:11:53:
        f6:0f:ab:34:ef:6c:a3:ad:04:d5:84:03:c3:ed:09:01:
        f5:00:22:07:8e:0c:fb:a9:23:5d:fa:a1:45:5a:f8:b3:
        79:01:f1:06:9c:3c:79:49:5b:c1:57:b2:aa:f8:0c:78:
        51:d4:a3:2a:ca:47:3f:66:b9:d2:94:4a:9a:62:8b:ba
    Fingerprint (SHA-256):
        6B:27:D6:55:D1:38:20:5F:61:17:E6:B4:9A:9C:F6:1D:F5:29:F2:7B:FC:4E:9D:22:34:96:B7:F8:77:23:76:EE
    Fingerprint (SHA1):
        A9:48:D2:50:CF:1E:F4:32:55:9D:39:8F:44:8E:E2:74:1B:F5:1C:9A
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #2194: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2195: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2196: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #2197: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170349 (0x25711e6d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:25:43 2016
            Not After : Mon Jun 28 17:25:43 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:33:c8:1a:d8:9c:cb:32:bf:c5:13:4a:8e:2a:8c:d9:
                    23:cb:20:c9:89:e2:b2:d0:37:24:47:13:dc:6d:b8:1f:
                    40:cd:90:fc:96:ba:f4:51:13:0e:64:40:4d:b3:c5:9f:
                    86:1f:d4:c5:06:e8:d6:f7:2c:41:c5:42:f3:74:9e:33:
                    52:14:13:19:60:fb:56:39:65:54:17:5e:0d:1a:f0:55:
                    7d:e4:cd:a2:be:ea:51:46:d3:0c:e8:63:41:bc:ef:08:
                    de:2a:78:16:32:b6:3f:50:64:15:13:04:a1:e3:84:85:
                    1c:f2:db:a5:d0:55:54:43:c1:65:50:ef:16:8a:ad:a9:
                    31:52:0b:8d:18:97:fc:67:88:23:0e:db:bd:49:fa:bf:
                    26:d6:fc:d0:90:a2:77:21:86:4d:1c:b6:f3:7c:1c:d6:
                    be:01:6f:a0:f8:58:31:75:ee:c2:d7:c6:d1:17:12:28:
                    f8:12:b5:46:d6:fb:09:41:a2:70:e4:bd:33:a4:be:d6:
                    61:21:38:b8:b5:c8:7c:43:6e:10:b7:12:45:7e:60:cd:
                    d3:62:33:c4:03:67:c2:3b:c5:64:73:1a:15:6f:de:59:
                    57:93:9c:2f:a4:b1:05:23:24:ec:cb:43:13:6f:54:6d:
                    18:24:51:f4:34:e2:44:c2:aa:5b:80:75:7b:a5:e5:25
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4a:dd:97:fb:1c:ff:97:a0:f8:b0:14:9a:ac:88:30:2f:
        7f:a5:ac:c0:c3:70:14:0d:97:f3:fd:e0:cc:de:c3:60:
        8f:35:37:38:3c:fc:ae:60:19:de:7e:24:25:ec:0e:25:
        13:32:a0:b5:34:c0:0a:4a:0c:5c:42:e2:0a:8c:f6:11:
        6e:37:1b:9e:3d:21:79:83:97:f0:de:3f:d5:4f:ce:75:
        f7:17:00:95:b2:04:aa:f9:71:83:8e:64:1f:d0:6b:9a:
        d6:08:84:cb:f4:34:85:f8:d7:b3:58:0f:9b:92:e7:c6:
        ac:b9:24:93:78:38:e3:2d:b0:4c:f4:34:9f:62:85:6c:
        72:95:a5:ca:b7:45:6c:ac:e5:8a:44:45:d3:cd:d0:85:
        d9:77:9e:f4:73:91:2b:65:2d:7e:01:c8:2c:8a:02:f0:
        ff:9e:2f:c2:0f:4a:a5:e8:75:0b:12:ed:bc:9b:04:b1:
        97:e1:12:a5:39:47:bf:1a:f4:81:bf:16:d9:d7:11:53:
        f6:0f:ab:34:ef:6c:a3:ad:04:d5:84:03:c3:ed:09:01:
        f5:00:22:07:8e:0c:fb:a9:23:5d:fa:a1:45:5a:f8:b3:
        79:01:f1:06:9c:3c:79:49:5b:c1:57:b2:aa:f8:0c:78:
        51:d4:a3:2a:ca:47:3f:66:b9:d2:94:4a:9a:62:8b:ba
    Fingerprint (SHA-256):
        6B:27:D6:55:D1:38:20:5F:61:17:E6:B4:9A:9C:F6:1D:F5:29:F2:7B:FC:4E:9D:22:34:96:B7:F8:77:23:76:EE
    Fingerprint (SHA1):
        A9:48:D2:50:CF:1E:F4:32:55:9D:39:8F:44:8E:E2:74:1B:F5:1C:9A
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #2198: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2199: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2200: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2201: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170356 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2202: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2203: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2204: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2205: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170357   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #2206: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2207: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2208: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2209: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170358   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2210: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2211: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #2212: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2213: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170359   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2214: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2215: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2216: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #2217: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #2218: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #2219: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170356 (0x25711e74)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:23 2016
            Not After : Mon Jun 28 17:26:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:a3:d7:58:32:8c:5e:c0:34:df:ac:68:75:56:0b:97:
                    31:47:9a:f4:66:c4:08:b6:81:38:59:cb:de:00:a5:f8:
                    5b:27:6c:53:c5:07:00:88:d1:b7:84:5f:6d:49:10:83:
                    b6:60:d8:a9:82:5b:4b:2c:32:35:41:eb:4c:70:2b:a1:
                    37:e5:bc:16:27:85:30:df:18:da:90:d6:f9:38:44:f4:
                    a6:8a:29:02:a0:a0:79:50:eb:ac:9b:f3:5c:5e:a7:89:
                    a4:23:65:3a:32:25:cf:e1:40:5d:4e:83:ba:19:3b:38:
                    0e:62:75:0f:d1:cd:74:55:59:cf:5c:e9:e7:22:b2:33:
                    2c:f2:96:59:0b:38:4b:f3:c2:6b:61:77:42:ba:73:41:
                    af:0b:95:8a:78:79:a7:78:ab:a6:b4:4d:ac:f4:1a:05:
                    74:a6:ac:60:de:01:0d:79:0f:b1:42:12:d5:8f:e4:e6:
                    09:e7:9a:33:7f:2c:c2:23:ad:b0:f7:93:6a:44:c5:eb:
                    f0:74:23:01:d5:77:fe:34:a2:0f:7c:15:16:8a:dd:13:
                    36:8c:e1:ad:38:3a:3f:75:65:ad:f6:85:94:50:19:5e:
                    6c:c7:50:25:77:0e:9f:75:51:19:53:64:1e:d2:9a:15:
                    cf:64:ec:d2:7b:ef:13:a0:55:03:6e:c7:15:2e:15:73
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        34:d4:81:bb:1f:67:28:38:a0:fc:bf:89:e2:1f:4c:68:
        e9:e9:e4:fc:69:f8:5e:02:89:20:1b:03:d1:18:cb:2b:
        eb:7f:1f:28:25:49:b0:bb:6f:34:b6:a6:a0:a3:65:57:
        cc:67:aa:6d:24:59:fb:56:32:4a:4f:87:f6:4c:aa:50:
        f4:80:cf:98:ad:0c:09:61:e8:88:9f:c9:f3:39:13:cf:
        0f:be:d1:f9:29:11:77:9e:1d:1e:09:46:f2:af:eb:14:
        33:ce:cb:29:9b:2e:53:67:46:09:49:19:15:b3:f0:2e:
        9c:e0:45:6c:c4:40:aa:ee:d2:0b:b3:92:20:78:c9:13:
        01:de:18:c8:d9:72:e7:4e:b1:b7:ee:44:4f:79:2b:a3:
        91:69:87:10:34:d6:37:6c:48:4c:7f:cd:78:db:34:4d:
        d7:a4:39:fb:72:ba:5d:14:5f:b8:e2:c5:41:4d:73:4e:
        6d:7b:67:6b:24:30:cc:c7:97:f7:71:b7:ac:96:83:a2:
        1c:d3:90:64:d0:31:ac:a4:62:9b:6e:f2:77:04:5e:88:
        bf:ce:1d:17:d3:8f:18:a5:6b:72:06:40:ef:69:9d:a6:
        09:d5:c2:b5:8e:9a:03:51:61:d5:35:77:a9:4c:3a:3b:
        18:5c:4c:9c:7a:59:94:1d:2a:3e:eb:51:67:9f:be:1a
    Fingerprint (SHA-256):
        F5:C7:A0:CE:20:5D:FB:A6:48:2B:20:96:28:55:F6:28:1E:B4:9D:DC:32:61:3C:8D:F2:48:0A:95:45:89:8B:7F
    Fingerprint (SHA1):
        EA:2A:7B:C6:78:F5:20:FB:DD:FF:B2:77:33:67:D1:C9:59:69:D5:64
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2220: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2221: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2222: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170357 (0x25711e75)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:29 2016
            Not After : Mon Jun 28 17:26:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e1:71:a1:a6:13:c2:a4:4b:e7:60:40:cc:6c:1c:85:c9:
                    34:80:e6:fc:e8:60:1b:c7:59:c4:6c:1d:dc:b6:dd:b0:
                    30:fe:04:b5:05:15:50:96:59:b4:ef:c0:61:21:2e:84:
                    83:6c:a5:3f:14:5c:76:29:a2:f6:6b:b9:40:93:86:a9:
                    01:fd:f7:b4:5b:4f:4c:57:10:9c:a9:59:42:8c:ce:5a:
                    ad:2b:2a:71:db:b2:d9:14:8c:68:be:9f:b7:2b:5d:04:
                    b5:40:5f:a9:b2:52:3f:bd:63:11:f5:79:11:93:72:2d:
                    58:d4:f0:47:de:e5:99:83:e3:d1:54:a0:a3:82:77:82:
                    a7:b2:8a:fb:f3:80:e4:8c:f7:38:63:f2:f6:27:31:65:
                    72:d1:72:6e:7e:06:72:b1:5f:71:81:7f:33:a3:11:2d:
                    7d:d0:29:90:08:db:ad:03:7e:ad:8f:af:29:bb:20:b5:
                    f3:c7:f7:eb:02:6d:b6:77:2f:f2:81:32:d8:61:e8:6b:
                    e0:33:49:f5:7e:a8:01:b2:ec:a2:a9:f9:b8:db:5a:6f:
                    84:3e:90:5b:c0:d6:8d:fb:fb:e7:6f:6d:f1:b8:6e:b3:
                    73:dd:5f:cd:fd:4b:1b:9e:b3:a5:46:78:be:1e:37:05:
                    26:3f:7d:ab:88:6a:0a:79:a3:4f:4f:ee:4c:cb:08:63
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2a:e5:20:b1:2d:1d:8a:18:05:19:3c:5e:ff:24:2c:15:
        29:8b:70:31:e4:4e:26:27:fc:16:e3:87:81:44:66:92:
        80:a3:9e:78:81:4e:c6:20:e5:dc:7e:1a:bd:7d:a1:fe:
        15:12:65:35:f3:80:93:1e:b2:10:19:e0:64:03:f2:71:
        55:30:5c:0f:68:e1:19:1a:f9:03:be:23:5f:89:93:bd:
        91:e8:99:9e:c5:51:d6:dd:44:ec:62:44:de:15:b2:3d:
        fe:42:5d:db:3c:0d:33:b9:c8:ab:de:f6:38:91:31:e8:
        0c:90:a1:94:f9:ab:2f:e1:5b:c5:de:b1:bb:9b:ed:a5:
        22:cb:97:92:4c:6d:51:a1:2c:ef:d9:69:57:b3:58:8d:
        b7:86:61:a4:67:92:a9:e0:54:6b:0e:85:13:b2:a4:c6:
        79:07:6b:cf:7e:4d:e3:8d:9b:e2:01:3b:49:e8:e5:cc:
        6b:b8:d3:21:7e:76:37:b0:93:ec:30:cc:59:b5:7f:7f:
        48:4d:df:0d:7b:27:8d:54:27:bb:92:ec:01:a9:08:c2:
        21:d0:fb:a6:6f:53:29:51:c1:82:30:68:93:3c:2b:69:
        27:d7:42:47:12:1a:50:9b:60:70:e1:7a:8b:38:29:8c:
        c6:0e:22:3c:61:97:aa:17:95:7a:ee:dd:b3:e5:7e:23
    Fingerprint (SHA-256):
        F8:90:81:B4:E3:88:F2:F7:02:F0:D7:A1:BA:9C:2C:41:1B:7E:0D:CF:F6:D5:6E:A8:06:91:40:23:C9:59:CF:64
    Fingerprint (SHA1):
        25:4F:10:C6:CF:1C:BD:8F:0F:C4:2F:34:08:75:C3:60:BB:B3:95:53
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #2223: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2224: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170358 (0x25711e76)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:31 2016
            Not After : Mon Jun 28 17:26:31 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d9:22:e4:a1:2f:01:b9:df:e8:d0:f2:7e:06:46:64:5d:
                    31:70:b2:d2:d3:27:ba:46:d6:ef:c5:44:36:6a:0c:da:
                    69:ea:f2:b1:fc:54:a5:e4:24:03:11:79:bf:be:0b:88:
                    63:02:fd:6b:cf:33:ee:76:8b:cd:11:1b:bb:a9:6d:fd:
                    39:f5:6f:be:d4:ee:7d:5b:1d:0e:3a:4a:06:38:0e:d6:
                    08:84:be:1a:be:2a:01:89:4d:0b:fb:da:56:6a:3d:bc:
                    4f:55:58:7d:5a:05:c5:07:35:26:b2:4e:d2:01:f4:f8:
                    ee:69:47:ed:0c:05:b8:e2:9d:79:94:90:d6:3f:80:16:
                    22:16:11:7e:5b:b7:e9:76:a8:3b:49:b4:ff:ac:c9:8c:
                    29:ad:51:06:a9:b6:48:8d:4f:fd:f1:ff:e5:02:b0:de:
                    40:74:20:19:6d:a3:7b:3f:03:aa:fc:e0:86:c8:f4:d8:
                    83:23:fc:36:96:79:fa:c5:db:9a:38:50:e3:47:84:84:
                    99:ff:a1:f7:39:af:1c:29:77:b7:68:35:f0:19:9e:6d:
                    cc:62:ad:20:1c:3a:26:dc:51:be:e1:f5:20:b7:5c:e2:
                    bc:69:12:b3:8a:e4:ce:3e:19:5e:76:24:c2:05:80:a0:
                    0a:29:5d:61:5b:d9:e5:9e:05:a3:8f:07:71:8d:43:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        49:3d:92:72:03:b8:78:39:35:e1:c3:ad:42:2c:06:4d:
        97:31:08:61:b4:28:9c:39:18:61:54:f9:ce:71:fb:89:
        b0:14:17:e7:1a:6d:2b:02:56:4a:78:01:54:85:3b:4e:
        43:4c:07:58:33:76:66:13:ba:fd:cc:81:64:ad:78:1c:
        2e:f0:3d:aa:96:74:9a:41:92:53:bb:2b:6b:ab:43:3c:
        ee:44:4e:6b:62:f8:76:cb:8d:ef:88:92:20:30:6e:b6:
        26:52:c1:eb:54:1d:78:a8:4a:50:9a:5f:91:3e:46:3a:
        61:a0:98:7f:c5:73:71:80:dc:c4:82:96:08:68:de:9e:
        75:2d:ce:60:7c:e0:5a:c1:5e:f7:56:ea:ac:46:ed:ee:
        0c:a4:09:ea:f5:28:7b:10:42:73:f0:20:a3:07:a3:c9:
        85:c7:9b:52:69:5c:aa:2f:96:e2:23:f7:07:3a:e3:0a:
        88:01:19:af:6a:1c:f5:74:b1:22:03:c3:bc:0f:42:de:
        e8:62:e2:27:b5:48:31:8c:25:15:13:d7:61:12:3b:79:
        2c:13:84:8c:24:6d:61:6c:ea:cf:0c:48:36:23:6c:e7:
        98:7f:e9:fd:7e:10:65:7d:c2:8c:53:7b:8a:e2:93:a2:
        95:66:e1:66:8b:50:be:21:dd:81:6e:80:bb:c1:c1:a5
    Fingerprint (SHA-256):
        6D:FD:5C:9F:94:A9:83:26:83:BE:39:EB:9F:8B:8E:DD:AF:F3:6E:72:96:CC:69:76:8F:A6:51:99:4F:92:25:73
    Fingerprint (SHA1):
        DD:10:A4:C6:AE:0E:FA:99:B7:FB:34:59:4E:CB:84:0B:06:FF:29:3F
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #2225: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2226: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170360 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2227: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2228: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2229: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2230: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170361   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2231: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2232: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2233: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2234: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170362   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #2235: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2236: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #2237: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2238: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628170363   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2239: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2240: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #2241: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2242: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628170364   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2243: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2244: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2245: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #2246: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #2247: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #2248: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #2249: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170360 (0x25711e78)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:38 2016
            Not After : Mon Jun 28 17:26:38 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d9:a9:cc:a9:b5:6c:5b:6f:bb:88:2c:fb:45:5c:86:9d:
                    2b:c1:30:07:26:1a:81:b7:0d:42:5f:26:cb:d6:60:7f:
                    e3:b1:0e:0f:a7:3c:6f:da:68:3b:31:09:b6:35:35:85:
                    5e:9b:66:88:b9:b1:3f:04:bf:37:f7:79:62:60:1f:85:
                    d6:c9:52:22:d7:11:56:d6:be:d8:39:92:6f:4b:c6:1b:
                    eb:ae:54:4a:64:53:a3:a6:2c:db:de:91:80:1f:e3:d0:
                    5b:85:ec:dd:f7:bd:f9:14:34:0c:52:8d:de:a9:d9:e8:
                    a3:c1:38:7b:4a:1e:76:42:49:21:46:d6:48:e0:8e:33:
                    83:ee:c2:3f:9d:e4:a8:b9:8c:05:9c:92:61:2b:d4:a0:
                    74:72:1d:24:40:21:01:98:5b:9f:e5:87:07:5f:be:2e:
                    b5:ee:4a:3e:c8:94:db:ef:3a:2b:0a:23:27:fd:18:d6:
                    1b:ee:28:bf:56:07:0a:a4:34:21:2a:79:ea:f7:8d:1d:
                    96:35:cc:9a:59:cd:c5:72:b8:c8:8d:0c:c8:28:f9:0e:
                    d1:da:d1:7c:65:88:60:70:b5:41:42:c0:de:54:fc:4c:
                    2d:84:7a:e0:22:53:4e:cd:1a:49:20:8a:fd:fd:a3:4b:
                    1e:e0:7b:13:e1:e6:57:b6:5f:d6:77:e0:34:c6:3a:4f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        76:7a:5e:eb:d7:a7:89:e8:c8:6c:31:38:cc:de:ea:2e:
        81:1c:16:5b:5b:38:18:f2:55:0b:75:75:c5:29:04:c6:
        1e:0a:02:18:83:0b:06:17:43:d4:ad:cb:e9:29:ca:1c:
        45:09:ac:d3:40:00:eb:74:d5:97:72:78:81:58:01:30:
        40:54:ba:0a:24:3c:0b:0c:c7:c5:1d:65:da:c6:d3:f8:
        2a:48:19:a5:47:a1:ee:5a:a4:de:43:9c:bb:83:b9:c2:
        c9:b0:7b:81:7d:25:fb:a8:f3:83:b1:bb:21:0a:20:13:
        ad:92:c6:d7:22:d0:a3:f7:0c:e1:fe:5f:71:3e:36:12:
        cb:5e:f4:45:bf:35:ae:91:7c:b9:a7:bf:dc:56:0a:8c:
        45:e9:c6:51:3a:40:2b:91:cb:9a:96:e1:7d:41:f2:c8:
        47:c3:75:a2:d7:72:b9:aa:b6:ec:f8:c2:08:e7:28:1e:
        4b:e4:f8:32:0b:6b:7b:f1:78:5d:37:fa:e6:e6:76:1d:
        0b:fe:de:3a:4b:aa:f2:17:ab:e1:a8:a2:7b:8c:0b:8b:
        3f:33:35:89:c0:e7:1e:45:f3:b2:3e:be:06:e8:1c:c7:
        3f:92:80:ac:75:03:22:b6:69:8f:14:2d:8d:fa:f8:6f:
        cc:22:a1:0a:8c:36:b0:0f:df:2e:91:73:c1:9e:b5:78
    Fingerprint (SHA-256):
        BD:CA:23:62:33:4C:25:4A:FA:20:64:B6:93:6C:D3:30:1F:AA:34:EE:F6:F5:8B:30:2C:66:3E:30:F3:D0:3B:AA
    Fingerprint (SHA1):
        0E:DE:ED:69:E7:A1:DD:35:23:E9:36:3A:E8:EE:CB:D7:77:DB:0A:4C
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2250: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2251: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170361 (0x25711e79)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:41 2016
            Not After : Mon Jun 28 17:26:41 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c7:c0:a6:9b:77:59:48:fd:d3:c3:ba:83:3e:d2:c4:48:
                    48:e9:e0:27:43:e6:8b:df:61:15:81:48:8e:04:71:bc:
                    31:e8:e0:d4:0c:73:05:9d:a0:63:e5:cc:ae:4c:27:01:
                    6f:c1:66:09:78:c7:96:c4:fa:c1:94:a9:eb:43:b5:8f:
                    5a:91:fd:dc:34:fa:93:1e:a8:c7:7b:c0:21:b8:b0:ce:
                    69:47:62:57:c1:1a:ec:10:ca:4a:eb:f4:6a:bc:a9:54:
                    b3:89:6a:a9:14:f5:12:f0:77:51:4d:5d:a1:c5:bd:e4:
                    88:79:e2:db:97:8e:b9:d0:9f:a6:67:76:1f:6d:0d:40:
                    2a:13:2d:eb:62:b4:78:8e:ef:2a:1a:a7:6f:7f:6c:61:
                    32:43:76:7f:c5:7c:cf:ec:c5:28:c8:f7:f1:a4:8a:ef:
                    3f:90:b2:fa:22:17:ca:69:6c:8d:fe:42:3f:0c:e9:4e:
                    f6:49:b5:c8:6b:76:0a:80:f9:51:67:f8:e0:98:b6:03:
                    76:a1:1d:85:92:94:59:89:5d:11:25:a7:9f:eb:a3:2b:
                    05:98:2b:b2:46:e0:ee:ec:27:e6:e9:83:26:e7:34:91:
                    3c:c7:05:d4:47:58:08:21:09:d8:d2:44:33:d3:b7:69:
                    87:e6:0c:0f:0b:b9:b2:cd:43:c6:8e:37:ec:60:e2:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:4f:3d:77:20:42:ec:ce:ae:48:73:18:25:cd:77:af:
        89:e9:0f:71:b6:1f:ae:87:14:f5:5e:f7:a6:14:ad:6d:
        80:6d:1c:2d:38:c8:8d:0f:f7:bb:be:5c:f4:f1:97:d6:
        e6:7f:43:1f:4c:40:be:bd:25:0a:34:70:27:0b:7e:e1:
        1e:4a:32:a9:88:47:aa:bf:69:ff:bb:57:f6:4b:73:c7:
        d8:da:14:05:2e:25:2d:73:d2:70:06:a5:4a:31:bd:e2:
        67:4b:f0:8c:5f:63:e2:6b:e2:41:fe:b5:25:6f:9b:7c:
        0a:c0:8b:d1:5c:91:bb:a5:50:29:d7:89:26:40:a1:b7:
        47:e0:dc:92:90:6e:3f:d5:d3:dd:68:a5:c7:a7:9b:f9:
        4c:6e:4c:9c:8e:3b:2f:47:66:88:2d:60:a4:7d:dc:8f:
        38:f9:23:0c:db:d2:fb:1f:81:b8:a0:68:1f:23:70:72:
        e7:22:1a:d7:cd:cb:3c:b0:b9:4f:2c:e0:0c:78:c5:1f:
        14:a2:ea:24:e2:49:af:be:b6:23:4d:ee:96:f4:5b:17:
        10:2b:29:b6:71:c8:7a:cc:05:cc:e6:37:fc:9e:78:02:
        11:23:b0:1e:85:00:81:c4:20:9d:23:74:f7:50:0d:13:
        d0:48:c7:1f:a7:9b:48:1e:73:ba:21:b4:1e:a7:e9:a0
    Fingerprint (SHA-256):
        47:9D:29:29:4A:E5:F6:A1:1D:CD:81:71:DA:50:05:1A:07:7A:07:C1:70:4E:86:B9:D9:7C:AE:D5:6E:3C:B5:10
    Fingerprint (SHA1):
        D5:7D:CA:0A:9A:7E:69:5C:CB:B1:E0:40:CC:9A:50:1D:EB:98:FD:50
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #2252: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2253: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2254: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170362 (0x25711e7a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:26:45 2016
            Not After : Mon Jun 28 17:26:45 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:d7:80:fb:66:82:8e:69:a1:d9:7d:2a:03:f5:3d:fb:
                    f3:da:ec:2c:db:24:15:62:e5:bb:17:20:60:29:15:60:
                    aa:d9:54:52:0b:10:a5:ef:d6:1d:5e:36:ba:ca:91:18:
                    e7:0b:1f:ee:1c:0e:28:ca:44:7c:2e:78:70:45:af:50:
                    70:b7:ef:13:ca:f4:65:1b:bc:8a:85:b0:fb:89:91:9a:
                    5c:af:b4:57:26:3b:28:ff:32:2a:81:39:2b:85:4a:fa:
                    35:76:33:93:4c:31:b3:31:6f:1c:bd:7c:0a:aa:e9:53:
                    dd:7d:30:74:4e:b5:ae:73:d5:92:d9:0c:7b:21:5f:81:
                    d2:f1:8c:1e:80:68:bd:d5:ad:d3:2a:3f:3f:cc:32:26:
                    5a:8e:d2:95:11:b8:06:ff:75:d5:c9:91:61:cd:51:12:
                    be:55:71:d0:72:ab:3f:6b:17:c4:50:5e:ee:13:48:7a:
                    ee:ae:34:be:25:34:46:e1:c5:f6:36:7a:67:7c:07:8e:
                    fd:8b:38:21:3c:e1:4a:3b:fa:c1:fe:c4:fd:c4:1f:6b:
                    7b:e2:a7:a1:82:cd:d6:51:fe:b1:41:29:0d:22:53:30:
                    ac:76:0b:a8:f8:d2:0d:ba:16:b2:79:2f:f8:2a:5a:2e:
                    4f:96:e3:ec:8f:3d:83:73:73:ea:16:52:df:5c:de:2b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        14:cb:1f:c9:e2:36:94:d5:79:8c:f5:3a:37:58:58:1e:
        a9:f1:e8:78:06:9a:bc:58:46:78:b1:fe:a4:99:cd:f9:
        7a:bc:8e:4c:51:06:3f:2a:3d:38:96:a1:de:6d:cb:5a:
        1c:b3:a1:fe:db:7e:24:96:d9:4f:11:a5:a1:70:6a:09:
        49:52:55:3e:f8:c6:c4:04:bf:cb:f6:f8:c9:e5:57:c6:
        59:cc:2f:3c:bf:10:65:d9:3e:9a:f4:d5:fb:63:ed:7b:
        fb:27:ec:2a:c7:4b:f6:df:6b:33:a1:7b:d9:f5:b7:6f:
        f4:ea:6d:b5:55:65:27:b7:08:45:0a:79:58:e6:25:3e:
        df:63:a4:e3:6d:1d:ff:d4:86:87:38:6c:ee:dc:a9:33:
        cf:3b:a9:0c:e7:62:8b:32:0a:26:7e:3a:0d:39:a2:d3:
        1f:99:ec:f9:55:30:b4:79:e7:ff:34:61:51:f7:6c:de:
        b6:35:96:a4:29:17:13:72:58:ab:74:3c:14:f6:4e:23:
        df:40:51:71:9a:05:78:20:e8:d4:cd:64:d3:ab:f0:e1:
        c8:44:fe:97:5a:77:cc:c8:9a:22:03:2d:01:7d:56:2c:
        40:2a:43:23:86:58:91:c9:0f:3d:af:51:f4:39:e3:d3:
        d4:f1:55:e3:da:ee:09:e7:74:ec:5a:a3:65:7a:16:b4
    Fingerprint (SHA-256):
        17:89:38:82:FA:98:F5:77:58:D1:79:14:56:0A:76:5C:E6:BC:53:D3:E8:95:9F:E8:CF:07:EA:42:C6:7C:70:A2
    Fingerprint (SHA1):
        86:38:C9:E2:23:45:33:99:7A:A6:3B:7F:13:05:6D:EE:76:28:DE:1F
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #2255: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2256: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170365 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2257: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2258: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2259: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2260: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170366   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2261: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2262: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2263: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2264: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170367   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628170144.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2265: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2266: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #2267: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2268: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628170368   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2269: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2270: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #2271: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170365 (0x25711e7d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:03 2016
            Not After : Mon Jun 28 17:27:03 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:c7:36:02:11:71:bd:b2:0b:a3:b6:39:d4:60:7a:22:
                    e5:a7:d9:4d:1b:08:70:b9:32:e1:47:09:1b:db:69:2a:
                    a2:4a:35:17:7a:76:25:50:fa:da:89:5a:22:56:3a:11:
                    75:0b:8a:7b:69:8c:50:cd:57:8c:6e:b6:e2:8f:3f:44:
                    e3:25:38:a7:55:ae:0f:fd:45:a8:44:23:af:da:56:07:
                    7c:87:fb:98:32:93:d9:e0:50:c1:db:6c:9a:29:f9:09:
                    e7:0c:f8:81:aa:93:b1:e0:c5:37:30:2b:e7:2a:96:6c:
                    9d:5b:ed:e1:cf:7b:6f:71:2b:f7:43:57:ce:ee:5f:fb:
                    e4:7e:74:a4:a3:81:0b:64:bc:64:0e:11:a7:1b:c6:27:
                    cb:97:5b:8c:04:9a:42:99:b1:c1:9e:99:2d:3e:51:af:
                    86:cf:39:63:21:83:ac:ee:9e:5c:5a:b8:f3:d8:28:5c:
                    aa:70:d2:48:04:69:61:0d:77:02:2c:7b:7a:06:ff:ba:
                    68:78:35:21:12:86:ed:83:94:d1:81:4b:8b:c7:ee:a9:
                    38:82:1a:db:85:15:17:ce:f3:0d:19:17:5a:c2:78:77:
                    3d:3c:02:a8:82:8c:d9:0d:3c:15:36:45:1f:06:85:59:
                    48:23:c8:13:d6:cd:cc:24:83:80:77:c9:bc:2c:a6:eb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        96:e1:7e:e3:2a:6c:a9:f8:76:4b:38:52:16:22:21:71:
        b5:a2:c0:c1:96:1c:8a:9c:6e:3f:a7:34:9d:78:49:6c:
        b9:7c:b0:9e:4e:11:4e:03:9e:6d:25:c6:b4:27:04:df:
        2f:2c:c7:58:8b:c5:43:21:92:97:b5:c8:c7:2c:cc:2f:
        96:65:ca:2c:bb:cb:d7:8f:06:08:18:84:78:c3:35:85:
        eb:09:53:ba:81:04:dd:e6:8a:3d:1e:4e:7c:a0:1d:df:
        a4:99:15:52:94:db:3c:c0:bf:5c:29:11:1a:74:07:f1:
        df:ab:72:49:7b:c8:a9:cb:0b:d1:6a:6a:9f:4d:48:f5:
        72:fb:5b:fc:2e:6d:1d:0f:b5:e2:c5:6d:54:da:2d:20:
        f6:ec:c2:13:20:d9:b4:a5:c6:19:9a:09:56:06:a7:27:
        a8:7a:3d:b3:a6:cf:97:ff:e6:62:45:b2:f4:e4:54:42:
        1d:f7:e0:b5:06:e0:72:45:b9:ef:96:34:7c:58:37:07:
        a5:93:ba:d5:7f:6a:41:0e:2b:a2:cc:91:36:ad:7c:5f:
        6c:8e:a8:61:b3:f8:94:db:6f:c9:d7:50:09:41:a3:5e:
        c7:07:5a:54:4d:d1:42:82:e0:94:06:1a:d3:5f:e6:bf:
        4a:c9:83:ec:ac:cc:0e:cd:f3:92:4c:9b:0d:dd:32:b1
    Fingerprint (SHA-256):
        9D:15:98:E7:5A:F4:87:A4:0C:D4:87:93:BB:43:A0:44:F8:47:45:13:5F:BC:67:01:21:E3:F9:81:12:85:51:7A
    Fingerprint (SHA1):
        09:26:39:83:8A:19:77:EF:6E:90:D5:80:4C:1F:59:32:6D:9A:27:BC
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2272: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #2273: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170369 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2274: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #2275: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #2276: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170370 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2277: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #2278: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #2279: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2280: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170371 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2281: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2282: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170372 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2283: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2284: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #2285: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2286: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2287: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170373   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628170145.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2288: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2289: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2290: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2291: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170374   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2292: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2293: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #2294: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #2295: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170370 (0x25711e82)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:25 2016
            Not After : Mon Jun 28 17:27:25 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:19:27:97:34:18:e8:a1:ec:94:98:7b:ab:3f:8b:d8:
                    98:ff:ac:90:3b:53:92:a0:a4:49:6f:14:7a:86:c0:81:
                    13:81:04:be:26:81:93:6d:a3:3f:9d:e8:64:2b:a2:f0:
                    cc:8e:19:f8:16:a5:40:49:7e:2e:72:b2:c0:31:40:52:
                    a3:66:ab:6f:3e:8e:ae:fa:15:ac:89:15:21:0a:c6:1d:
                    92:30:e2:01:6b:74:00:3c:dd:ac:be:6d:a9:e9:39:ff:
                    23:64:0e:02:99:bb:d8:1f:b4:18:6a:f7:27:8d:6e:25:
                    5c:37:d7:8c:9c:a4:ba:e6:6c:eb:8e:76:c5:5c:d0:98:
                    9a:59:da:be:01:87:33:d4:38:48:9a:b2:d1:b2:51:70:
                    6f:b7:ac:23:a8:44:9e:11:c3:cf:3f:cf:5b:83:de:20:
                    6c:db:4e:78:49:3b:1f:0c:8a:7a:d5:87:56:34:f2:be:
                    90:8a:0a:a3:7a:b6:42:39:ca:1a:d2:d5:f3:19:fd:27:
                    90:1e:c6:d4:26:c3:3f:0c:19:e6:a2:cc:fe:dd:f9:42:
                    f6:32:ae:4a:bc:44:6a:27:a2:69:b4:33:bd:4f:04:4f:
                    f6:4e:cb:46:02:c1:2e:44:15:52:01:25:94:30:36:42:
                    b7:e6:ce:05:29:ce:48:80:29:e5:e1:74:41:8b:f0:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b1:8a:de:2a:60:01:bb:17:e5:5a:a6:be:81:70:8b:ac:
        de:9c:6b:9f:75:7b:74:0c:55:d5:fa:ab:ac:2c:a9:33:
        be:c6:04:e3:11:8c:16:58:41:b2:94:0c:6a:ee:57:59:
        c4:78:42:d3:0b:58:46:e0:57:dd:d6:be:b3:fb:e7:19:
        4e:8b:77:da:1a:d7:bd:fd:f2:26:5d:78:95:7c:2b:b2:
        0f:b6:f5:dd:4d:da:3d:f1:32:c2:04:5b:0b:27:15:da:
        da:cf:db:83:54:a0:99:c9:4b:c3:a5:ab:a4:86:2c:36:
        45:5b:c9:95:df:b5:e7:48:75:a1:ed:28:5e:8a:44:66:
        a1:01:46:73:bd:e5:6e:70:37:08:93:94:37:00:fa:d7:
        11:50:e1:ec:db:17:aa:10:f6:ef:45:e2:f8:9e:98:8c:
        c4:25:06:2b:19:3c:9c:84:71:c6:db:1f:4e:80:dc:f3:
        49:7d:ec:18:68:38:25:2d:8d:01:3e:b5:91:6c:2c:9e:
        05:46:25:db:45:2a:15:61:0a:10:6d:98:2a:9b:8d:84:
        bf:09:a9:13:5a:e1:87:9e:9e:c1:95:29:39:8f:b7:c5:
        1d:a6:3e:3a:1d:dc:15:18:3d:7a:16:43:1f:5d:d6:ae:
        f9:54:c1:47:e6:ba:4d:48:4f:78:12:3b:14:e7:65:2b
    Fingerprint (SHA-256):
        19:CA:56:69:75:08:60:27:DD:E1:FA:85:3D:2B:A0:99:57:A1:3E:C7:3D:18:33:AD:9D:39:14:44:4C:1E:01:94
    Fingerprint (SHA1):
        8B:D4:71:BD:45:8C:FB:6F:59:0B:D5:95:37:80:CD:34:B5:A6:5D:C6
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2296: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170370 (0x25711e82)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:25 2016
            Not After : Mon Jun 28 17:27:25 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:19:27:97:34:18:e8:a1:ec:94:98:7b:ab:3f:8b:d8:
                    98:ff:ac:90:3b:53:92:a0:a4:49:6f:14:7a:86:c0:81:
                    13:81:04:be:26:81:93:6d:a3:3f:9d:e8:64:2b:a2:f0:
                    cc:8e:19:f8:16:a5:40:49:7e:2e:72:b2:c0:31:40:52:
                    a3:66:ab:6f:3e:8e:ae:fa:15:ac:89:15:21:0a:c6:1d:
                    92:30:e2:01:6b:74:00:3c:dd:ac:be:6d:a9:e9:39:ff:
                    23:64:0e:02:99:bb:d8:1f:b4:18:6a:f7:27:8d:6e:25:
                    5c:37:d7:8c:9c:a4:ba:e6:6c:eb:8e:76:c5:5c:d0:98:
                    9a:59:da:be:01:87:33:d4:38:48:9a:b2:d1:b2:51:70:
                    6f:b7:ac:23:a8:44:9e:11:c3:cf:3f:cf:5b:83:de:20:
                    6c:db:4e:78:49:3b:1f:0c:8a:7a:d5:87:56:34:f2:be:
                    90:8a:0a:a3:7a:b6:42:39:ca:1a:d2:d5:f3:19:fd:27:
                    90:1e:c6:d4:26:c3:3f:0c:19:e6:a2:cc:fe:dd:f9:42:
                    f6:32:ae:4a:bc:44:6a:27:a2:69:b4:33:bd:4f:04:4f:
                    f6:4e:cb:46:02:c1:2e:44:15:52:01:25:94:30:36:42:
                    b7:e6:ce:05:29:ce:48:80:29:e5:e1:74:41:8b:f0:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b1:8a:de:2a:60:01:bb:17:e5:5a:a6:be:81:70:8b:ac:
        de:9c:6b:9f:75:7b:74:0c:55:d5:fa:ab:ac:2c:a9:33:
        be:c6:04:e3:11:8c:16:58:41:b2:94:0c:6a:ee:57:59:
        c4:78:42:d3:0b:58:46:e0:57:dd:d6:be:b3:fb:e7:19:
        4e:8b:77:da:1a:d7:bd:fd:f2:26:5d:78:95:7c:2b:b2:
        0f:b6:f5:dd:4d:da:3d:f1:32:c2:04:5b:0b:27:15:da:
        da:cf:db:83:54:a0:99:c9:4b:c3:a5:ab:a4:86:2c:36:
        45:5b:c9:95:df:b5:e7:48:75:a1:ed:28:5e:8a:44:66:
        a1:01:46:73:bd:e5:6e:70:37:08:93:94:37:00:fa:d7:
        11:50:e1:ec:db:17:aa:10:f6:ef:45:e2:f8:9e:98:8c:
        c4:25:06:2b:19:3c:9c:84:71:c6:db:1f:4e:80:dc:f3:
        49:7d:ec:18:68:38:25:2d:8d:01:3e:b5:91:6c:2c:9e:
        05:46:25:db:45:2a:15:61:0a:10:6d:98:2a:9b:8d:84:
        bf:09:a9:13:5a:e1:87:9e:9e:c1:95:29:39:8f:b7:c5:
        1d:a6:3e:3a:1d:dc:15:18:3d:7a:16:43:1f:5d:d6:ae:
        f9:54:c1:47:e6:ba:4d:48:4f:78:12:3b:14:e7:65:2b
    Fingerprint (SHA-256):
        19:CA:56:69:75:08:60:27:DD:E1:FA:85:3D:2B:A0:99:57:A1:3E:C7:3D:18:33:AD:9D:39:14:44:4C:1E:01:94
    Fingerprint (SHA1):
        8B:D4:71:BD:45:8C:FB:6F:59:0B:D5:95:37:80:CD:34:B5:A6:5D:C6
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2297: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #2298: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170375 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2299: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #2300: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #2301: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170376 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2302: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #2303: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #2304: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2305: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628170377 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2306: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2307: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628170378 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2308: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2309: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #2310: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2311: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2312: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170379   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628170146.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2313: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2314: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2315: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2316: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170380   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2317: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2318: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2319: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2320: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628170381   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628170147.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2321: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2322: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2323: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2324: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170382   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2325: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2326: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #2327: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #2328: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170376 (0x25711e88)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:53 2016
            Not After : Mon Jun 28 17:27:53 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:da:20:b5:b7:f1:5f:59:33:25:26:11:70:4a:d7:53:
                    71:a3:a6:b7:94:d5:b1:b8:67:fa:75:cd:5e:3d:97:d1:
                    b2:8f:90:54:43:0b:87:e4:73:1f:11:7f:e7:44:ec:c5:
                    e1:f0:f6:2a:19:4d:65:dc:b0:7e:ae:01:61:67:55:ba:
                    8f:2b:aa:44:7d:42:1a:4f:07:e4:e3:bc:a3:e7:24:82:
                    e9:8a:5a:21:4d:df:8d:c5:21:13:f0:c0:50:4d:92:89:
                    34:27:80:4c:d3:ad:7f:43:5c:24:cb:4a:b3:84:07:35:
                    0a:84:43:ed:cc:74:83:13:65:28:ca:39:64:01:c4:64:
                    49:be:f3:66:64:82:ee:ee:ff:63:73:d0:37:47:14:eb:
                    b0:19:f0:d1:65:ac:13:31:a6:82:26:7e:77:08:25:7c:
                    74:94:18:91:f9:7d:cf:0f:3d:3e:58:d6:45:61:f1:48:
                    13:cd:15:f8:72:d0:35:f6:06:f3:7c:ca:f2:08:e1:6b:
                    69:1d:65:57:42:86:9d:00:92:8f:25:c5:b9:7b:2c:0b:
                    21:65:20:5c:69:6b:5f:5d:3d:43:4e:83:19:fa:3f:1d:
                    41:fa:39:d4:fd:b6:43:e7:36:e0:2a:40:25:8c:82:10:
                    07:05:ec:b5:5d:fe:53:a4:61:0a:0a:1a:12:76:5a:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        60:0a:06:d1:31:12:e1:77:2a:f2:4f:02:6f:fe:36:c3:
        60:4f:e3:0f:ae:e0:aa:2a:62:bd:68:45:60:20:ec:77:
        85:03:06:0e:62:16:30:95:7f:ad:bc:a9:41:80:d2:e0:
        4c:c3:cb:d3:09:41:a5:42:ce:46:5a:3f:73:a4:59:de:
        6b:5a:77:4f:61:e1:ec:17:65:21:e5:eb:b0:a4:21:e5:
        ba:4a:dd:a9:59:7f:00:ca:46:65:95:69:17:9d:a5:96:
        9f:ed:9a:d6:7a:64:8e:b1:a5:a1:b4:22:e3:a8:1b:b9:
        4b:a4:84:8b:ff:ff:71:93:b9:50:20:74:02:77:0f:c9:
        64:77:ae:b8:56:fc:55:ed:ed:32:19:f1:e7:eb:b4:42:
        45:09:e2:37:14:55:9f:4b:64:02:e2:36:76:09:dd:3f:
        e7:2b:cb:c3:cf:c6:b4:81:f1:49:fb:a6:13:69:23:69:
        01:a0:3e:e5:a2:eb:61:a9:77:cd:19:dd:b5:6e:30:7f:
        48:4d:c4:69:dd:46:d5:8b:e0:d2:0a:8b:9f:f3:c0:05:
        2b:b8:7d:61:1d:39:99:a1:97:3b:be:f9:55:30:c1:75:
        1e:55:8c:aa:45:d2:2b:50:b1:9d:3a:4b:e7:e9:61:d5:
        08:ed:78:ec:b6:29:5f:14:3c:e2:3e:2f:52:de:42:da
    Fingerprint (SHA-256):
        2B:8A:15:3A:9B:60:E5:86:48:FA:7F:83:F8:9E:C6:AC:04:BB:99:40:CA:66:83:67:F9:DC:61:2B:E1:2D:8C:74
    Fingerprint (SHA1):
        02:FC:92:A9:CC:8E:D2:DD:D6:09:E4:FF:DD:B2:35:26:57:55:34:72
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2329: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170376 (0x25711e88)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:53 2016
            Not After : Mon Jun 28 17:27:53 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:da:20:b5:b7:f1:5f:59:33:25:26:11:70:4a:d7:53:
                    71:a3:a6:b7:94:d5:b1:b8:67:fa:75:cd:5e:3d:97:d1:
                    b2:8f:90:54:43:0b:87:e4:73:1f:11:7f:e7:44:ec:c5:
                    e1:f0:f6:2a:19:4d:65:dc:b0:7e:ae:01:61:67:55:ba:
                    8f:2b:aa:44:7d:42:1a:4f:07:e4:e3:bc:a3:e7:24:82:
                    e9:8a:5a:21:4d:df:8d:c5:21:13:f0:c0:50:4d:92:89:
                    34:27:80:4c:d3:ad:7f:43:5c:24:cb:4a:b3:84:07:35:
                    0a:84:43:ed:cc:74:83:13:65:28:ca:39:64:01:c4:64:
                    49:be:f3:66:64:82:ee:ee:ff:63:73:d0:37:47:14:eb:
                    b0:19:f0:d1:65:ac:13:31:a6:82:26:7e:77:08:25:7c:
                    74:94:18:91:f9:7d:cf:0f:3d:3e:58:d6:45:61:f1:48:
                    13:cd:15:f8:72:d0:35:f6:06:f3:7c:ca:f2:08:e1:6b:
                    69:1d:65:57:42:86:9d:00:92:8f:25:c5:b9:7b:2c:0b:
                    21:65:20:5c:69:6b:5f:5d:3d:43:4e:83:19:fa:3f:1d:
                    41:fa:39:d4:fd:b6:43:e7:36:e0:2a:40:25:8c:82:10:
                    07:05:ec:b5:5d:fe:53:a4:61:0a:0a:1a:12:76:5a:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        60:0a:06:d1:31:12:e1:77:2a:f2:4f:02:6f:fe:36:c3:
        60:4f:e3:0f:ae:e0:aa:2a:62:bd:68:45:60:20:ec:77:
        85:03:06:0e:62:16:30:95:7f:ad:bc:a9:41:80:d2:e0:
        4c:c3:cb:d3:09:41:a5:42:ce:46:5a:3f:73:a4:59:de:
        6b:5a:77:4f:61:e1:ec:17:65:21:e5:eb:b0:a4:21:e5:
        ba:4a:dd:a9:59:7f:00:ca:46:65:95:69:17:9d:a5:96:
        9f:ed:9a:d6:7a:64:8e:b1:a5:a1:b4:22:e3:a8:1b:b9:
        4b:a4:84:8b:ff:ff:71:93:b9:50:20:74:02:77:0f:c9:
        64:77:ae:b8:56:fc:55:ed:ed:32:19:f1:e7:eb:b4:42:
        45:09:e2:37:14:55:9f:4b:64:02:e2:36:76:09:dd:3f:
        e7:2b:cb:c3:cf:c6:b4:81:f1:49:fb:a6:13:69:23:69:
        01:a0:3e:e5:a2:eb:61:a9:77:cd:19:dd:b5:6e:30:7f:
        48:4d:c4:69:dd:46:d5:8b:e0:d2:0a:8b:9f:f3:c0:05:
        2b:b8:7d:61:1d:39:99:a1:97:3b:be:f9:55:30:c1:75:
        1e:55:8c:aa:45:d2:2b:50:b1:9d:3a:4b:e7:e9:61:d5:
        08:ed:78:ec:b6:29:5f:14:3c:e2:3e:2f:52:de:42:da
    Fingerprint (SHA-256):
        2B:8A:15:3A:9B:60:E5:86:48:FA:7F:83:F8:9E:C6:AC:04:BB:99:40:CA:66:83:67:F9:DC:61:2B:E1:2D:8C:74
    Fingerprint (SHA1):
        02:FC:92:A9:CC:8E:D2:DD:D6:09:E4:FF:DD:B2:35:26:57:55:34:72
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2330: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #2331: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170375 (0x25711e87)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:51 2016
            Not After : Mon Jun 28 17:27:51 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    97:a7:b8:32:6c:05:3a:58:c1:56:79:85:f9:35:cd:98:
                    93:63:18:ff:ce:e0:cc:a3:2b:5d:00:13:a6:0d:75:a7:
                    29:23:3f:c0:dd:2b:e8:36:fe:9b:1e:5d:82:53:35:93:
                    eb:ce:51:e8:83:1e:db:f9:d1:2b:1a:90:69:57:be:be:
                    4a:74:31:f9:50:28:1e:8d:ad:01:5c:af:ba:05:fe:18:
                    0a:db:b3:b5:0e:77:bc:b1:07:70:18:2e:e0:a1:ee:0b:
                    dc:5f:2b:89:c1:d9:50:ec:ef:76:ce:36:4a:5e:53:1c:
                    b9:77:84:da:5e:8c:fe:55:3d:85:29:53:94:4e:8d:06:
                    29:9a:93:77:70:65:d8:df:a6:22:17:40:0c:97:7a:66:
                    41:5c:ca:4c:dc:5b:05:4a:65:8f:51:97:73:66:9a:5a:
                    f4:5a:eb:ef:56:65:ea:d0:a5:df:4a:e1:90:18:67:de:
                    e2:43:e9:1c:4a:ef:95:1b:82:12:08:93:69:12:fb:ff:
                    00:d0:ca:4d:66:18:8b:60:e7:09:37:1d:c5:03:bc:eb:
                    12:ca:b3:a9:48:3a:2a:b8:da:c1:74:94:53:42:9f:91:
                    cc:6f:fb:83:5c:b4:42:4a:7f:37:0e:fd:00:4e:26:e9:
                    db:26:b8:81:91:18:50:1f:28:d9:ec:89:09:e5:16:3f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        24:49:fe:af:0e:b4:e2:0e:d6:f5:83:94:f1:72:84:5a:
        3f:fa:40:9f:59:da:75:42:24:41:5e:8f:4d:13:09:85:
        4d:2d:0c:cb:44:49:25:0f:25:3b:0f:70:62:ca:22:5d:
        2f:8a:f1:27:7c:2f:9f:35:9a:4e:64:a9:e7:28:2f:d7:
        a5:69:82:ed:7a:c6:13:7e:b2:52:48:10:e2:75:c4:88:
        fc:c3:5d:8e:cc:6d:63:52:5c:bc:9e:a9:fb:b5:c7:02:
        f0:76:ad:8f:c1:0c:dd:4c:e3:b2:b3:b6:5f:ea:64:78:
        51:82:aa:2f:eb:ea:f9:f3:ab:f0:23:2e:aa:1e:34:77:
        78:3c:10:38:2e:12:d0:19:32:a3:18:b9:97:d8:67:4d:
        7d:94:8a:f8:b3:54:1c:ad:0f:4d:3c:7c:4c:62:1a:9e:
        cd:2b:41:6a:55:7c:29:0f:c5:ec:dc:4a:01:f6:fe:a5:
        cf:2a:4a:33:64:6a:10:77:86:f4:2d:89:dd:3a:b8:0e:
        7b:ff:a4:dd:bd:d2:0d:82:42:9d:cb:1c:e3:84:2f:fb:
        f7:da:fb:33:8e:c3:1d:8c:24:4e:ab:2d:b5:12:f8:67:
        f7:43:5c:71:cd:8e:26:12:e8:88:f2:c8:71:96:a7:9b:
        13:f9:89:5d:44:39:11:07:37:be:38:3c:56:b0:75:69
    Fingerprint (SHA-256):
        89:BE:89:49:C1:E7:30:EC:CC:B9:75:14:58:FE:0C:B9:1A:D9:E8:12:B4:74:ED:02:C2:6B:01:1F:79:59:EE:E8
    Fingerprint (SHA1):
        EF:53:A1:31:62:04:44:B3:A7:4C:F2:86:AE:1F:86:F9:85:BB:0A:69
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2332: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170376 (0x25711e88)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:53 2016
            Not After : Mon Jun 28 17:27:53 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:da:20:b5:b7:f1:5f:59:33:25:26:11:70:4a:d7:53:
                    71:a3:a6:b7:94:d5:b1:b8:67:fa:75:cd:5e:3d:97:d1:
                    b2:8f:90:54:43:0b:87:e4:73:1f:11:7f:e7:44:ec:c5:
                    e1:f0:f6:2a:19:4d:65:dc:b0:7e:ae:01:61:67:55:ba:
                    8f:2b:aa:44:7d:42:1a:4f:07:e4:e3:bc:a3:e7:24:82:
                    e9:8a:5a:21:4d:df:8d:c5:21:13:f0:c0:50:4d:92:89:
                    34:27:80:4c:d3:ad:7f:43:5c:24:cb:4a:b3:84:07:35:
                    0a:84:43:ed:cc:74:83:13:65:28:ca:39:64:01:c4:64:
                    49:be:f3:66:64:82:ee:ee:ff:63:73:d0:37:47:14:eb:
                    b0:19:f0:d1:65:ac:13:31:a6:82:26:7e:77:08:25:7c:
                    74:94:18:91:f9:7d:cf:0f:3d:3e:58:d6:45:61:f1:48:
                    13:cd:15:f8:72:d0:35:f6:06:f3:7c:ca:f2:08:e1:6b:
                    69:1d:65:57:42:86:9d:00:92:8f:25:c5:b9:7b:2c:0b:
                    21:65:20:5c:69:6b:5f:5d:3d:43:4e:83:19:fa:3f:1d:
                    41:fa:39:d4:fd:b6:43:e7:36:e0:2a:40:25:8c:82:10:
                    07:05:ec:b5:5d:fe:53:a4:61:0a:0a:1a:12:76:5a:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        60:0a:06:d1:31:12:e1:77:2a:f2:4f:02:6f:fe:36:c3:
        60:4f:e3:0f:ae:e0:aa:2a:62:bd:68:45:60:20:ec:77:
        85:03:06:0e:62:16:30:95:7f:ad:bc:a9:41:80:d2:e0:
        4c:c3:cb:d3:09:41:a5:42:ce:46:5a:3f:73:a4:59:de:
        6b:5a:77:4f:61:e1:ec:17:65:21:e5:eb:b0:a4:21:e5:
        ba:4a:dd:a9:59:7f:00:ca:46:65:95:69:17:9d:a5:96:
        9f:ed:9a:d6:7a:64:8e:b1:a5:a1:b4:22:e3:a8:1b:b9:
        4b:a4:84:8b:ff:ff:71:93:b9:50:20:74:02:77:0f:c9:
        64:77:ae:b8:56:fc:55:ed:ed:32:19:f1:e7:eb:b4:42:
        45:09:e2:37:14:55:9f:4b:64:02:e2:36:76:09:dd:3f:
        e7:2b:cb:c3:cf:c6:b4:81:f1:49:fb:a6:13:69:23:69:
        01:a0:3e:e5:a2:eb:61:a9:77:cd:19:dd:b5:6e:30:7f:
        48:4d:c4:69:dd:46:d5:8b:e0:d2:0a:8b:9f:f3:c0:05:
        2b:b8:7d:61:1d:39:99:a1:97:3b:be:f9:55:30:c1:75:
        1e:55:8c:aa:45:d2:2b:50:b1:9d:3a:4b:e7:e9:61:d5:
        08:ed:78:ec:b6:29:5f:14:3c:e2:3e:2f:52:de:42:da
    Fingerprint (SHA-256):
        2B:8A:15:3A:9B:60:E5:86:48:FA:7F:83:F8:9E:C6:AC:04:BB:99:40:CA:66:83:67:F9:DC:61:2B:E1:2D:8C:74
    Fingerprint (SHA1):
        02:FC:92:A9:CC:8E:D2:DD:D6:09:E4:FF:DD:B2:35:26:57:55:34:72
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2333: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170376 (0x25711e88)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:27:53 2016
            Not After : Mon Jun 28 17:27:53 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:da:20:b5:b7:f1:5f:59:33:25:26:11:70:4a:d7:53:
                    71:a3:a6:b7:94:d5:b1:b8:67:fa:75:cd:5e:3d:97:d1:
                    b2:8f:90:54:43:0b:87:e4:73:1f:11:7f:e7:44:ec:c5:
                    e1:f0:f6:2a:19:4d:65:dc:b0:7e:ae:01:61:67:55:ba:
                    8f:2b:aa:44:7d:42:1a:4f:07:e4:e3:bc:a3:e7:24:82:
                    e9:8a:5a:21:4d:df:8d:c5:21:13:f0:c0:50:4d:92:89:
                    34:27:80:4c:d3:ad:7f:43:5c:24:cb:4a:b3:84:07:35:
                    0a:84:43:ed:cc:74:83:13:65:28:ca:39:64:01:c4:64:
                    49:be:f3:66:64:82:ee:ee:ff:63:73:d0:37:47:14:eb:
                    b0:19:f0:d1:65:ac:13:31:a6:82:26:7e:77:08:25:7c:
                    74:94:18:91:f9:7d:cf:0f:3d:3e:58:d6:45:61:f1:48:
                    13:cd:15:f8:72:d0:35:f6:06:f3:7c:ca:f2:08:e1:6b:
                    69:1d:65:57:42:86:9d:00:92:8f:25:c5:b9:7b:2c:0b:
                    21:65:20:5c:69:6b:5f:5d:3d:43:4e:83:19:fa:3f:1d:
                    41:fa:39:d4:fd:b6:43:e7:36:e0:2a:40:25:8c:82:10:
                    07:05:ec:b5:5d:fe:53:a4:61:0a:0a:1a:12:76:5a:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        60:0a:06:d1:31:12:e1:77:2a:f2:4f:02:6f:fe:36:c3:
        60:4f:e3:0f:ae:e0:aa:2a:62:bd:68:45:60:20:ec:77:
        85:03:06:0e:62:16:30:95:7f:ad:bc:a9:41:80:d2:e0:
        4c:c3:cb:d3:09:41:a5:42:ce:46:5a:3f:73:a4:59:de:
        6b:5a:77:4f:61:e1:ec:17:65:21:e5:eb:b0:a4:21:e5:
        ba:4a:dd:a9:59:7f:00:ca:46:65:95:69:17:9d:a5:96:
        9f:ed:9a:d6:7a:64:8e:b1:a5:a1:b4:22:e3:a8:1b:b9:
        4b:a4:84:8b:ff:ff:71:93:b9:50:20:74:02:77:0f:c9:
        64:77:ae:b8:56:fc:55:ed:ed:32:19:f1:e7:eb:b4:42:
        45:09:e2:37:14:55:9f:4b:64:02:e2:36:76:09:dd:3f:
        e7:2b:cb:c3:cf:c6:b4:81:f1:49:fb:a6:13:69:23:69:
        01:a0:3e:e5:a2:eb:61:a9:77:cd:19:dd:b5:6e:30:7f:
        48:4d:c4:69:dd:46:d5:8b:e0:d2:0a:8b:9f:f3:c0:05:
        2b:b8:7d:61:1d:39:99:a1:97:3b:be:f9:55:30:c1:75:
        1e:55:8c:aa:45:d2:2b:50:b1:9d:3a:4b:e7:e9:61:d5:
        08:ed:78:ec:b6:29:5f:14:3c:e2:3e:2f:52:de:42:da
    Fingerprint (SHA-256):
        2B:8A:15:3A:9B:60:E5:86:48:FA:7F:83:F8:9E:C6:AC:04:BB:99:40:CA:66:83:67:F9:DC:61:2B:E1:2D:8C:74
    Fingerprint (SHA1):
        02:FC:92:A9:CC:8E:D2:DD:D6:09:E4:FF:DD:B2:35:26:57:55:34:72
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #2334: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #2335: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170383 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2336: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #2337: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #2338: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170384 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2339: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #2340: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #2341: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2342: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628170385   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2343: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2344: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #2345: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2346: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628170386   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2347: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2348: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #2349: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2350: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628170387 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #2351: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2352: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628170388 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #2353: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2354: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #2355: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2356: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2357: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628170389   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2358: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2359: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2360: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2361: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628170390   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2362: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2363: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2364: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2365: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170391   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2366: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2367: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2368: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2369: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170392   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2370: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2371: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2372: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170383 (0x25711e8f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:28:37 2016
            Not After : Mon Jun 28 17:28:37 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:bd:4a:3a:4d:c3:80:4d:39:2a:89:42:63:f0:27:d6:
                    5e:95:d7:62:47:11:61:91:7f:51:8c:05:a6:c7:30:0d:
                    17:5e:46:65:13:a3:21:68:21:44:27:3e:6b:c4:0c:0b:
                    7c:c8:46:74:8a:79:7b:c7:e5:6b:74:9a:c0:4f:be:fe:
                    99:9f:23:a2:fd:71:e0:5b:b9:f9:d5:66:46:3c:66:e4:
                    62:55:bc:c6:48:52:36:a8:2b:1a:e4:14:e3:35:99:29:
                    68:83:23:a5:06:64:31:26:da:a0:66:62:56:58:62:c6:
                    1c:a3:09:5b:4b:4f:d7:42:85:a8:d5:8c:cc:38:30:73:
                    c9:4c:cf:17:39:4c:46:c2:2e:08:6f:8f:7c:9e:c2:8b:
                    4b:c3:67:a5:d2:85:ab:5a:97:d5:5f:d6:10:7d:0a:af:
                    2a:92:2e:2e:2d:7f:a6:b4:81:83:d5:b0:a7:e2:70:85:
                    e3:d8:35:8d:4a:88:bb:2f:4f:94:e5:68:d2:63:b2:54:
                    21:2d:98:36:98:49:88:4b:51:a4:13:a9:d3:59:31:40:
                    09:6e:19:10:1b:9f:4b:43:e7:82:66:5e:f0:5f:ef:19:
                    ef:2a:d9:2c:05:0e:1d:9d:57:94:d7:1f:94:f9:7d:13:
                    95:42:c7:6a:92:9f:d3:b0:80:13:1e:21:fb:a7:f5:dd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        71:ed:ae:69:84:1f:e3:bf:8f:2a:ad:47:cf:ec:0d:bf:
        68:a0:69:d6:0d:47:7f:f2:e7:b1:92:43:c4:91:8f:4b:
        f6:e7:0e:2c:e7:fb:e6:1d:06:b8:5c:c8:bc:6e:ae:6d:
        0e:16:be:1b:9f:22:06:43:e0:a1:2e:93:6e:2a:7c:95:
        76:40:95:1a:c2:b3:a8:9b:17:18:bc:a4:15:d0:ef:1a:
        f5:52:ac:4c:9c:a0:49:c6:93:43:12:09:8c:e8:4a:b3:
        df:e0:ca:3f:94:1c:80:de:2f:f9:f9:65:71:a1:91:c5:
        90:10:3b:cf:cf:63:ac:85:56:3f:c4:b0:98:ed:d4:b2:
        be:14:ed:92:69:ed:d4:fe:26:44:a6:3f:63:e0:f2:f1:
        c7:93:2f:16:b5:f0:55:b5:47:12:07:5b:c7:4e:34:a3:
        ab:1e:38:4a:6b:26:5b:4d:f8:1e:08:1b:58:03:bb:3c:
        b0:22:b3:a9:c4:46:bd:59:08:0c:f6:e9:cf:ca:0b:a8:
        dd:d3:8a:aa:91:fe:fb:69:0f:11:12:1f:67:fa:bd:03:
        19:76:57:b6:83:e2:7b:60:a7:b5:37:e1:67:9f:2c:fd:
        4c:92:41:25:00:19:05:3c:a4:76:0b:22:7a:21:5f:69:
        1c:f9:46:1f:aa:db:30:5e:75:52:6c:31:83:0f:94:88
    Fingerprint (SHA-256):
        37:C5:F0:67:16:0B:AE:3C:99:41:8F:7E:F9:D8:12:D2:20:6E:43:A0:41:A2:D2:8C:90:EB:37:32:66:21:2D:06
    Fingerprint (SHA1):
        F3:CB:C3:19:2D:0A:3D:CC:8A:80:4C:BD:AA:BE:83:B9:AA:8D:FC:9E
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #2373: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2374: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2375: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2376: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2377: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2378: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2379: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2380: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2381: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170384 (0x25711e90)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:28:43 2016
            Not After : Mon Jun 28 17:28:43 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e3:89:0d:98:99:cc:43:a1:dd:7e:ae:66:fd:84:99:5d:
                    bd:14:0f:48:ed:e7:29:e7:d0:2c:30:e2:96:b2:e7:62:
                    60:77:2f:27:f1:dd:27:0f:36:7d:b6:9f:c4:69:29:ef:
                    9a:e0:1c:17:50:eb:39:e4:f0:c7:a5:9f:60:75:ff:1d:
                    4b:62:c0:38:b4:0b:52:0e:33:46:83:6e:62:8e:91:99:
                    ed:54:4e:32:6c:6e:21:bf:f5:36:20:37:96:ca:7f:8c:
                    cf:e8:2e:96:56:f2:54:4a:df:fa:cf:52:dd:cb:bd:ed:
                    b5:f5:da:22:ad:2b:f2:d5:fa:cc:c1:3c:fb:93:ae:49:
                    fe:a8:e2:d3:4c:94:19:b5:82:52:09:72:5f:73:84:e6:
                    86:52:3b:c9:12:97:c6:92:c3:35:14:5c:66:9f:a2:36:
                    90:3c:46:a8:84:14:25:56:4e:25:b1:51:be:9c:5a:9c:
                    8e:1e:37:05:fa:04:b3:1d:50:16:cf:71:93:ba:15:bf:
                    ff:e1:e5:89:c2:ff:75:f6:1a:9a:f4:a4:01:e7:c8:df:
                    a9:d4:cd:f5:14:9e:e4:c4:ad:1e:05:3c:d3:b3:67:51:
                    0f:93:35:8f:99:de:2f:4a:26:c9:44:6f:6f:4f:b6:fc:
                    24:c8:9b:18:86:b4:b4:15:1b:bd:b4:95:47:48:9e:7f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        60:35:79:58:bf:07:fc:58:e6:a6:4c:00:11:21:9b:57:
        48:cd:13:77:b7:a0:ff:40:b5:1f:cd:30:89:23:96:e2:
        62:6a:14:23:c3:0a:e4:8b:ba:08:2f:72:b2:43:c5:3b:
        3d:9d:5b:ed:2e:c5:2c:39:ee:d8:df:bb:fa:1a:e2:dc:
        4d:ce:2c:32:86:1d:f5:22:52:17:84:c2:07:9a:96:ff:
        c2:ef:0a:5e:93:39:6d:83:99:47:69:1d:e4:28:d0:c6:
        45:1d:bc:4e:16:0d:d3:bc:02:a5:4d:75:b0:2a:83:9d:
        63:0d:71:65:b9:06:a2:06:16:77:88:cc:75:b6:c5:96:
        61:94:d9:71:77:b1:8f:bd:29:dc:3a:53:e3:1b:5b:c6:
        22:41:54:74:60:31:c0:2d:15:d6:49:7f:86:a9:05:c8:
        91:e7:66:38:ca:39:d8:43:54:61:32:1c:15:0a:b6:c7:
        51:5a:99:35:4d:b9:b1:bf:b6:88:d8:53:2a:f1:b8:66:
        c6:a3:a8:ef:c3:78:28:5f:44:d7:24:58:bd:0c:5e:37:
        b3:dc:5c:e3:de:4f:f0:df:e9:c8:0e:11:7f:2f:64:0f:
        45:87:09:2c:24:06:e4:f7:39:05:fa:4d:b6:69:ac:9e:
        e7:8c:0c:41:54:d8:a2:1c:dc:22:09:4a:27:4a:e9:28
    Fingerprint (SHA-256):
        C0:57:81:BC:CA:8B:9F:81:DF:DF:75:6E:C7:B5:29:9F:96:A0:78:27:01:47:C2:E9:CE:98:48:48:06:2B:F6:85
    Fingerprint (SHA1):
        72:98:0E:8B:D2:06:AE:ED:8B:81:7E:D3:49:B7:8C:B3:15:AE:F7:58
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #2382: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2383: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2384: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2385: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2386: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #2387: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2388: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #2389: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #2390: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #2391: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #2392: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #2393: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #2394: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #2395: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2396: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2397: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #2398: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #2399: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2400: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170393 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2401: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2402: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2403: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2404: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628170394   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2405: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2406: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2407: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2408: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628170395   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2409: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2410: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2411: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2412: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628170396   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2413: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2414: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2415: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2416: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628170397   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2417: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2418: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #2419: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2420: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628170398   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2421: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2422: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #2423: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2424: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628170399   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2425: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2426: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #2427: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2428: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628170400   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2429: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2430: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #2431: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2432: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628170401   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2433: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2434: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2435: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170393 (0x25711e99)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:29:50 2016
            Not After : Mon Jun 28 17:29:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    97:1c:64:6a:1b:c5:12:9e:56:1c:08:ea:82:64:a9:40:
                    1a:d2:a2:bf:8a:43:96:69:9c:43:49:37:a8:d0:4d:2e:
                    f8:a0:09:1b:70:fc:a9:37:ea:52:4a:53:7f:2a:9a:cb:
                    5b:a2:6d:c5:ba:65:04:b5:a4:52:b8:43:50:82:df:01:
                    45:9c:42:92:8a:40:e8:e4:82:dc:77:5b:b2:f7:86:0b:
                    a7:99:cf:22:a4:ad:be:60:60:d3:43:90:01:cb:09:26:
                    b9:8d:c0:dc:ae:c6:6f:34:18:d2:ea:f5:db:7a:d3:f5:
                    27:7e:55:02:25:36:ba:1b:bf:ab:60:d8:84:ee:1d:05:
                    09:39:47:02:17:0f:a5:9e:0d:9a:a5:4f:2d:34:cf:88:
                    92:8f:40:7a:92:fd:72:89:f5:03:3e:46:a8:05:68:c5:
                    22:76:15:24:28:f8:65:ad:1b:91:c2:68:87:4f:21:e1:
                    0c:d4:ad:73:e8:89:8e:90:a5:c1:f0:9d:90:7a:3c:74:
                    24:0d:45:5c:2c:d1:4b:6f:10:2e:ee:3d:89:10:f0:f9:
                    80:3b:bf:4f:c4:f9:71:4e:a2:a7:03:ee:81:2a:d2:56:
                    72:1b:a9:88:d8:e1:e6:71:b9:9e:2c:41:ce:f1:d9:f1:
                    16:07:fd:f9:6a:56:77:e4:57:85:d6:e2:4c:2b:41:d3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:61:8b:c9:f9:e6:0d:1a:66:c4:89:d1:42:
        2e:13:0f:24:41:8f:93:12:9b:f9:75:2e:2e:5e:a6:fe:
        02:1d:00:cd:f1:b7:16:10:ad:76:c3:79:f5:72:0a:c0:
        c4:ef:29:24:03:93:83:63:b4:e0:11:fa:7a:49:d7
    Fingerprint (SHA-256):
        72:38:3E:73:95:88:70:A2:38:DF:AD:90:1F:84:51:2A:6D:97:B9:D4:EC:ED:DF:D5:31:5B:B2:D6:D9:AB:7A:83
    Fingerprint (SHA1):
        F5:31:C6:46:59:DD:56:77:6D:42:5B:8D:93:DA:AB:6F:FB:49:ED:DF
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2436: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170393 (0x25711e99)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:29:50 2016
            Not After : Mon Jun 28 17:29:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    97:1c:64:6a:1b:c5:12:9e:56:1c:08:ea:82:64:a9:40:
                    1a:d2:a2:bf:8a:43:96:69:9c:43:49:37:a8:d0:4d:2e:
                    f8:a0:09:1b:70:fc:a9:37:ea:52:4a:53:7f:2a:9a:cb:
                    5b:a2:6d:c5:ba:65:04:b5:a4:52:b8:43:50:82:df:01:
                    45:9c:42:92:8a:40:e8:e4:82:dc:77:5b:b2:f7:86:0b:
                    a7:99:cf:22:a4:ad:be:60:60:d3:43:90:01:cb:09:26:
                    b9:8d:c0:dc:ae:c6:6f:34:18:d2:ea:f5:db:7a:d3:f5:
                    27:7e:55:02:25:36:ba:1b:bf:ab:60:d8:84:ee:1d:05:
                    09:39:47:02:17:0f:a5:9e:0d:9a:a5:4f:2d:34:cf:88:
                    92:8f:40:7a:92:fd:72:89:f5:03:3e:46:a8:05:68:c5:
                    22:76:15:24:28:f8:65:ad:1b:91:c2:68:87:4f:21:e1:
                    0c:d4:ad:73:e8:89:8e:90:a5:c1:f0:9d:90:7a:3c:74:
                    24:0d:45:5c:2c:d1:4b:6f:10:2e:ee:3d:89:10:f0:f9:
                    80:3b:bf:4f:c4:f9:71:4e:a2:a7:03:ee:81:2a:d2:56:
                    72:1b:a9:88:d8:e1:e6:71:b9:9e:2c:41:ce:f1:d9:f1:
                    16:07:fd:f9:6a:56:77:e4:57:85:d6:e2:4c:2b:41:d3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:61:8b:c9:f9:e6:0d:1a:66:c4:89:d1:42:
        2e:13:0f:24:41:8f:93:12:9b:f9:75:2e:2e:5e:a6:fe:
        02:1d:00:cd:f1:b7:16:10:ad:76:c3:79:f5:72:0a:c0:
        c4:ef:29:24:03:93:83:63:b4:e0:11:fa:7a:49:d7
    Fingerprint (SHA-256):
        72:38:3E:73:95:88:70:A2:38:DF:AD:90:1F:84:51:2A:6D:97:B9:D4:EC:ED:DF:D5:31:5B:B2:D6:D9:AB:7A:83
    Fingerprint (SHA1):
        F5:31:C6:46:59:DD:56:77:6D:42:5B:8D:93:DA:AB:6F:FB:49:ED:DF
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #2437: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170393 (0x25711e99)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:29:50 2016
            Not After : Mon Jun 28 17:29:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    97:1c:64:6a:1b:c5:12:9e:56:1c:08:ea:82:64:a9:40:
                    1a:d2:a2:bf:8a:43:96:69:9c:43:49:37:a8:d0:4d:2e:
                    f8:a0:09:1b:70:fc:a9:37:ea:52:4a:53:7f:2a:9a:cb:
                    5b:a2:6d:c5:ba:65:04:b5:a4:52:b8:43:50:82:df:01:
                    45:9c:42:92:8a:40:e8:e4:82:dc:77:5b:b2:f7:86:0b:
                    a7:99:cf:22:a4:ad:be:60:60:d3:43:90:01:cb:09:26:
                    b9:8d:c0:dc:ae:c6:6f:34:18:d2:ea:f5:db:7a:d3:f5:
                    27:7e:55:02:25:36:ba:1b:bf:ab:60:d8:84:ee:1d:05:
                    09:39:47:02:17:0f:a5:9e:0d:9a:a5:4f:2d:34:cf:88:
                    92:8f:40:7a:92:fd:72:89:f5:03:3e:46:a8:05:68:c5:
                    22:76:15:24:28:f8:65:ad:1b:91:c2:68:87:4f:21:e1:
                    0c:d4:ad:73:e8:89:8e:90:a5:c1:f0:9d:90:7a:3c:74:
                    24:0d:45:5c:2c:d1:4b:6f:10:2e:ee:3d:89:10:f0:f9:
                    80:3b:bf:4f:c4:f9:71:4e:a2:a7:03:ee:81:2a:d2:56:
                    72:1b:a9:88:d8:e1:e6:71:b9:9e:2c:41:ce:f1:d9:f1:
                    16:07:fd:f9:6a:56:77:e4:57:85:d6:e2:4c:2b:41:d3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:61:8b:c9:f9:e6:0d:1a:66:c4:89:d1:42:
        2e:13:0f:24:41:8f:93:12:9b:f9:75:2e:2e:5e:a6:fe:
        02:1d:00:cd:f1:b7:16:10:ad:76:c3:79:f5:72:0a:c0:
        c4:ef:29:24:03:93:83:63:b4:e0:11:fa:7a:49:d7
    Fingerprint (SHA-256):
        72:38:3E:73:95:88:70:A2:38:DF:AD:90:1F:84:51:2A:6D:97:B9:D4:EC:ED:DF:D5:31:5B:B2:D6:D9:AB:7A:83
    Fingerprint (SHA1):
        F5:31:C6:46:59:DD:56:77:6D:42:5B:8D:93:DA:AB:6F:FB:49:ED:DF
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #2438: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170393 (0x25711e99)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:29:50 2016
            Not After : Mon Jun 28 17:29:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    97:1c:64:6a:1b:c5:12:9e:56:1c:08:ea:82:64:a9:40:
                    1a:d2:a2:bf:8a:43:96:69:9c:43:49:37:a8:d0:4d:2e:
                    f8:a0:09:1b:70:fc:a9:37:ea:52:4a:53:7f:2a:9a:cb:
                    5b:a2:6d:c5:ba:65:04:b5:a4:52:b8:43:50:82:df:01:
                    45:9c:42:92:8a:40:e8:e4:82:dc:77:5b:b2:f7:86:0b:
                    a7:99:cf:22:a4:ad:be:60:60:d3:43:90:01:cb:09:26:
                    b9:8d:c0:dc:ae:c6:6f:34:18:d2:ea:f5:db:7a:d3:f5:
                    27:7e:55:02:25:36:ba:1b:bf:ab:60:d8:84:ee:1d:05:
                    09:39:47:02:17:0f:a5:9e:0d:9a:a5:4f:2d:34:cf:88:
                    92:8f:40:7a:92:fd:72:89:f5:03:3e:46:a8:05:68:c5:
                    22:76:15:24:28:f8:65:ad:1b:91:c2:68:87:4f:21:e1:
                    0c:d4:ad:73:e8:89:8e:90:a5:c1:f0:9d:90:7a:3c:74:
                    24:0d:45:5c:2c:d1:4b:6f:10:2e:ee:3d:89:10:f0:f9:
                    80:3b:bf:4f:c4:f9:71:4e:a2:a7:03:ee:81:2a:d2:56:
                    72:1b:a9:88:d8:e1:e6:71:b9:9e:2c:41:ce:f1:d9:f1:
                    16:07:fd:f9:6a:56:77:e4:57:85:d6:e2:4c:2b:41:d3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:61:8b:c9:f9:e6:0d:1a:66:c4:89:d1:42:
        2e:13:0f:24:41:8f:93:12:9b:f9:75:2e:2e:5e:a6:fe:
        02:1d:00:cd:f1:b7:16:10:ad:76:c3:79:f5:72:0a:c0:
        c4:ef:29:24:03:93:83:63:b4:e0:11:fa:7a:49:d7
    Fingerprint (SHA-256):
        72:38:3E:73:95:88:70:A2:38:DF:AD:90:1F:84:51:2A:6D:97:B9:D4:EC:ED:DF:D5:31:5B:B2:D6:D9:AB:7A:83
    Fingerprint (SHA1):
        F5:31:C6:46:59:DD:56:77:6D:42:5B:8D:93:DA:AB:6F:FB:49:ED:DF
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #2439: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2440: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2441: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2442: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #2443: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2444: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2445: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2446: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2447: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2448: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2449: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2450: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #2451: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2452: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2453: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2454: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #2455: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2456: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2457: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2458: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2459: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2460: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2461: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2462: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #2463: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2464: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2465: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2466: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628173041Z
nextupdate=20170628173041Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:30:41 2016
    Next Update: Wed Jun 28 17:30:41 2017
    CRL Extensions:
chains.sh: #2467: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628173042Z
nextupdate=20170628173042Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:30:42 2016
    Next Update: Wed Jun 28 17:30:42 2017
    CRL Extensions:
chains.sh: #2468: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628173042Z
nextupdate=20170628173042Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:30:42 2016
    Next Update: Wed Jun 28 17:30:42 2017
    CRL Extensions:
chains.sh: #2469: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628173042Z
nextupdate=20170628173042Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:30:42 2016
    Next Update: Wed Jun 28 17:30:42 2017
    CRL Extensions:
chains.sh: #2470: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628173043Z
addcert 14 20160628173043Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:30:43 2016
    Next Update: Wed Jun 28 17:30:42 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 17:30:43 2016
    CRL Extensions:
chains.sh: #2471: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628173044Z
addcert 15 20160628173044Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:30:44 2016
    Next Update: Wed Jun 28 17:30:42 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 17:30:44 2016
    CRL Extensions:
chains.sh: #2472: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2473: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2474: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #2475: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #2476: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #2477: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #2478: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #2479: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #2480: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #2481: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:30:13 2016
            Not After : Mon Jun 28 17:30:13 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:6c:7a:74:f6:24:66:87:74:7d:f7:49:64:89:d8:58:
                    9c:dd:21:c6:82:95:9b:f8:e0:30:82:92:7d:e3:3c:43:
                    16:67:21:0d:1e:0a:d2:8a:9f:49:4c:6c:89:e7:2f:e5:
                    05:93:84:a9:4a:8d:b0:e2:a2:35:ed:73:85:b4:8c:98:
                    6d:aa:52:c4:dc:44:26:52:33:ba:09:2b:ea:da:34:26:
                    1e:0b:30:2e:49:58:d1:36:dd:f1:09:27:62:18:bd:9a:
                    cd:62:35:7e:23:65:5f:1d:94:25:22:0f:13:fd:4a:99:
                    05:56:04:1f:d7:f0:2d:7d:e4:ac:af:18:e0:bf:d7:d9:
                    df:0d:db:57:78:c7:ef:cd:91:97:ad:09:15:f2:73:ea:
                    8b:f7:a9:73:7c:ff:44:b8:a9:81:cc:51:6c:4e:ec:b7:
                    18:fd:8b:cd:3d:d7:42:41:b0:1b:49:22:d1:a9:c4:c5:
                    15:96:14:70:84:c1:da:ac:46:21:0e:68:9f:72:cd:31:
                    b1:60:4c:3a:1c:ec:bb:b1:40:b4:50:a9:62:3a:a0:40:
                    59:da:82:8b:34:40:60:53:dc:6c:b3:e0:12:40:68:a3:
                    88:c0:87:7f:a0:4f:0a:0e:41:55:aa:2b:6e:f1:a1:14:
                    04:f9:0c:e1:d1:61:53:67:ba:3d:cb:f2:35:bc:9d:9b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9b:01:b3:8d:b2:8c:33:51:bc:e0:a1:af:40:83:f9:cc:
        a3:46:4b:9a:34:0e:af:23:cd:38:2d:11:6f:8c:ee:95:
        f2:e0:e6:32:4f:3b:02:34:27:5f:7e:6a:f1:60:0e:c9:
        18:f7:ef:ae:17:3b:46:ba:30:08:8f:80:29:7e:29:ac:
        89:fc:da:72:d4:d4:c0:29:0d:01:c6:d5:a3:c3:8f:99:
        d1:3f:b1:39:b8:c2:36:4e:60:33:e4:f8:38:2a:04:e5:
        2a:d0:e2:68:2a:b8:6e:a2:b2:1f:d8:54:41:e5:4d:8b:
        bf:28:b0:86:f9:5c:28:91:59:56:3e:d9:a8:f2:45:01:
        e9:9b:6c:4a:98:ce:76:c0:6e:df:7e:14:72:3f:34:09:
        b0:af:2e:16:e9:8c:ea:55:26:c2:f0:a6:b6:5c:cd:c1:
        e0:fd:83:12:25:be:90:c9:8a:6a:6e:dc:5c:77:52:c4:
        55:7b:d4:fb:76:1e:24:ad:cf:87:80:b0:d7:f0:f4:70:
        84:ba:0b:35:33:f9:68:5c:64:98:d3:1e:95:5b:c8:07:
        b1:4e:db:b9:de:05:89:c4:6e:bc:b6:8d:b3:29:07:f2:
        4a:45:98:88:c4:9f:13:63:a3:c9:c9:e2:fa:ad:5f:79:
        c5:3b:b9:45:bb:92:6d:da:65:59:8d:19:8b:b0:c0:bd
    Fingerprint (SHA-256):
        A1:F8:55:65:86:8D:07:87:8E:A1:1B:33:30:8E:B2:9F:AA:CE:76:9C:8D:72:26:C5:E3:B9:43:C2:05:81:AB:4E
    Fingerprint (SHA1):
        FC:78:74:63:76:0A:E6:59:52:DD:E8:88:96:8F:83:F6:36:18:E7:02
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #2482: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #2483: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:30:13 2016
            Not After : Mon Jun 28 17:30:13 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:6c:7a:74:f6:24:66:87:74:7d:f7:49:64:89:d8:58:
                    9c:dd:21:c6:82:95:9b:f8:e0:30:82:92:7d:e3:3c:43:
                    16:67:21:0d:1e:0a:d2:8a:9f:49:4c:6c:89:e7:2f:e5:
                    05:93:84:a9:4a:8d:b0:e2:a2:35:ed:73:85:b4:8c:98:
                    6d:aa:52:c4:dc:44:26:52:33:ba:09:2b:ea:da:34:26:
                    1e:0b:30:2e:49:58:d1:36:dd:f1:09:27:62:18:bd:9a:
                    cd:62:35:7e:23:65:5f:1d:94:25:22:0f:13:fd:4a:99:
                    05:56:04:1f:d7:f0:2d:7d:e4:ac:af:18:e0:bf:d7:d9:
                    df:0d:db:57:78:c7:ef:cd:91:97:ad:09:15:f2:73:ea:
                    8b:f7:a9:73:7c:ff:44:b8:a9:81:cc:51:6c:4e:ec:b7:
                    18:fd:8b:cd:3d:d7:42:41:b0:1b:49:22:d1:a9:c4:c5:
                    15:96:14:70:84:c1:da:ac:46:21:0e:68:9f:72:cd:31:
                    b1:60:4c:3a:1c:ec:bb:b1:40:b4:50:a9:62:3a:a0:40:
                    59:da:82:8b:34:40:60:53:dc:6c:b3:e0:12:40:68:a3:
                    88:c0:87:7f:a0:4f:0a:0e:41:55:aa:2b:6e:f1:a1:14:
                    04:f9:0c:e1:d1:61:53:67:ba:3d:cb:f2:35:bc:9d:9b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9b:01:b3:8d:b2:8c:33:51:bc:e0:a1:af:40:83:f9:cc:
        a3:46:4b:9a:34:0e:af:23:cd:38:2d:11:6f:8c:ee:95:
        f2:e0:e6:32:4f:3b:02:34:27:5f:7e:6a:f1:60:0e:c9:
        18:f7:ef:ae:17:3b:46:ba:30:08:8f:80:29:7e:29:ac:
        89:fc:da:72:d4:d4:c0:29:0d:01:c6:d5:a3:c3:8f:99:
        d1:3f:b1:39:b8:c2:36:4e:60:33:e4:f8:38:2a:04:e5:
        2a:d0:e2:68:2a:b8:6e:a2:b2:1f:d8:54:41:e5:4d:8b:
        bf:28:b0:86:f9:5c:28:91:59:56:3e:d9:a8:f2:45:01:
        e9:9b:6c:4a:98:ce:76:c0:6e:df:7e:14:72:3f:34:09:
        b0:af:2e:16:e9:8c:ea:55:26:c2:f0:a6:b6:5c:cd:c1:
        e0:fd:83:12:25:be:90:c9:8a:6a:6e:dc:5c:77:52:c4:
        55:7b:d4:fb:76:1e:24:ad:cf:87:80:b0:d7:f0:f4:70:
        84:ba:0b:35:33:f9:68:5c:64:98:d3:1e:95:5b:c8:07:
        b1:4e:db:b9:de:05:89:c4:6e:bc:b6:8d:b3:29:07:f2:
        4a:45:98:88:c4:9f:13:63:a3:c9:c9:e2:fa:ad:5f:79:
        c5:3b:b9:45:bb:92:6d:da:65:59:8d:19:8b:b0:c0:bd
    Fingerprint (SHA-256):
        A1:F8:55:65:86:8D:07:87:8E:A1:1B:33:30:8E:B2:9F:AA:CE:76:9C:8D:72:26:C5:E3:B9:43:C2:05:81:AB:4E
    Fingerprint (SHA1):
        FC:78:74:63:76:0A:E6:59:52:DD:E8:88:96:8F:83:F6:36:18:E7:02
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #2484: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #2485: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #2486: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170402 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2487: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #2488: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #2489: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2490: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628170403   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2491: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2492: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2493: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170174.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2494: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170148.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2495: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2496: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #2497: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170174.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2498: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628170404   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2499: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2500: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2501: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170174.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2502: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170149.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2503: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2504: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #2505: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2506: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628170405   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2507: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2508: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2509: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170174.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2510: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170150.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2511: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2512: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2513: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628170174.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #2514: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628170151.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #2515: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2516: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628173122Z
nextupdate=20170628173122Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:31:22 2016
    Next Update: Wed Jun 28 17:31:22 2017
    CRL Extensions:
chains.sh: #2517: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628173123Z
nextupdate=20170628173123Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:31:23 2016
    Next Update: Wed Jun 28 17:31:23 2017
    CRL Extensions:
chains.sh: #2518: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628173123Z
nextupdate=20170628173123Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:31:23 2016
    Next Update: Wed Jun 28 17:31:23 2017
    CRL Extensions:
chains.sh: #2519: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628173123Z
nextupdate=20170628173123Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:31:23 2016
    Next Update: Wed Jun 28 17:31:23 2017
    CRL Extensions:
chains.sh: #2520: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628173124Z
addcert 20 20160628173124Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:31:24 2016
    Next Update: Wed Jun 28 17:31:23 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:31:24 2016
    CRL Extensions:
chains.sh: #2521: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628173125Z
addcert 40 20160628173125Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:31:25 2016
    Next Update: Wed Jun 28 17:31:23 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:31:24 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 17:31:25 2016
    CRL Extensions:
chains.sh: #2522: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #2523: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2524: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #2525: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170402 (0x25711ea2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:30:52 2016
            Not After : Mon Jun 28 17:30:52 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d6:23:92:4c:d7:ad:81:63:2f:6e:99:47:01:02:75:
                    47:5d:f6:ea:49:ca:35:28:2e:e6:ba:4a:4e:4a:8e:f3:
                    ef:77:31:81:8d:2c:67:85:72:35:36:21:79:2e:0b:41:
                    1a:7a:cf:93:36:df:54:13:2e:2a:08:40:f4:0b:89:a7:
                    3e:bf:99:d7:71:a1:c8:ef:ab:4a:b5:2b:52:cb:ba:65:
                    45:ba:71:07:fd:ad:18:cb:f9:7d:fb:78:7b:5a:b4:c0:
                    11:ff:aa:1d:e3:de:cc:f7:bf:ec:17:3d:f3:64:76:c7:
                    c8:a7:21:ff:33:7c:3e:de:a2:67:8e:c1:bf:3a:f2:2b:
                    41:88:76:f3:c4:7f:ac:27:44:27:04:3e:3c:50:74:02:
                    54:c1:79:6e:08:4a:d9:bc:ad:c8:fd:ee:4c:e5:a7:08:
                    a0:0d:78:e6:f1:fb:44:16:b7:24:3a:b9:36:f5:16:9a:
                    f3:13:02:07:38:48:57:c9:19:3a:76:82:2f:e0:08:59:
                    77:ce:d1:d1:cb:83:01:96:aa:fb:68:cd:fb:a2:dc:aa:
                    a0:f0:79:94:ef:ed:bf:74:b0:eb:ea:1a:cc:bc:e5:be:
                    b8:32:ad:95:11:61:fb:31:78:e0:b3:be:20:6a:cf:76:
                    5a:da:65:f5:f0:a9:7c:0b:cf:5b:13:d0:f3:f8:5c:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:9c:f2:0a:68:3a:a5:95:ab:c0:6c:82:23:b8:95:9b:
        e3:4b:52:5d:3d:5b:34:74:12:12:fb:1b:d8:d7:e7:19:
        6a:85:b8:25:0a:e1:a1:0e:03:a9:1b:a3:b4:ac:ac:54:
        ab:5a:74:8f:cf:2b:3d:64:75:14:95:3d:4d:3a:78:09:
        b9:70:0a:d6:3b:15:6a:63:02:63:9f:f4:92:74:ac:0e:
        e3:5e:25:9a:cd:07:60:13:74:50:ea:4a:88:da:1a:c6:
        62:ba:41:76:32:ce:11:10:d2:00:c9:f5:79:d3:04:b6:
        fc:c0:12:4a:1a:5c:87:33:f3:24:aa:84:23:9a:e6:9a:
        69:0f:64:92:4d:02:78:c4:e9:e0:f6:dc:d3:b3:56:65:
        b8:1d:2a:1d:f4:b7:ab:68:6c:99:e8:91:08:41:eb:de:
        31:b4:c6:dd:2f:20:ef:3e:46:cc:33:66:d3:76:48:30:
        3f:e2:c9:3b:19:e5:9d:56:52:b3:23:b0:4c:22:97:7f:
        f4:4f:55:8e:a3:02:16:52:c2:cb:49:87:30:25:8a:02:
        75:a4:18:c5:bf:a8:60:f5:4d:6e:92:9c:f0:0e:86:b3:
        3d:b9:e6:93:96:43:72:e1:1a:f2:af:d9:f3:f6:a5:c0:
        c7:20:1c:cb:c8:9b:04:e2:73:8f:ee:5e:a0:e0:06:73
    Fingerprint (SHA-256):
        47:4F:E3:F3:EB:60:A7:FC:A5:A5:7F:DA:B5:B2:7A:71:B9:C2:82:70:09:1D:6F:5A:03:BD:84:55:22:11:86:3B
    Fingerprint (SHA1):
        2D:C4:63:B1:42:C2:67:FE:24:E3:84:F0:2D:D7:60:F0:B9:1B:CF:72
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #2526: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #2527: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170402 (0x25711ea2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:30:52 2016
            Not After : Mon Jun 28 17:30:52 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d6:23:92:4c:d7:ad:81:63:2f:6e:99:47:01:02:75:
                    47:5d:f6:ea:49:ca:35:28:2e:e6:ba:4a:4e:4a:8e:f3:
                    ef:77:31:81:8d:2c:67:85:72:35:36:21:79:2e:0b:41:
                    1a:7a:cf:93:36:df:54:13:2e:2a:08:40:f4:0b:89:a7:
                    3e:bf:99:d7:71:a1:c8:ef:ab:4a:b5:2b:52:cb:ba:65:
                    45:ba:71:07:fd:ad:18:cb:f9:7d:fb:78:7b:5a:b4:c0:
                    11:ff:aa:1d:e3:de:cc:f7:bf:ec:17:3d:f3:64:76:c7:
                    c8:a7:21:ff:33:7c:3e:de:a2:67:8e:c1:bf:3a:f2:2b:
                    41:88:76:f3:c4:7f:ac:27:44:27:04:3e:3c:50:74:02:
                    54:c1:79:6e:08:4a:d9:bc:ad:c8:fd:ee:4c:e5:a7:08:
                    a0:0d:78:e6:f1:fb:44:16:b7:24:3a:b9:36:f5:16:9a:
                    f3:13:02:07:38:48:57:c9:19:3a:76:82:2f:e0:08:59:
                    77:ce:d1:d1:cb:83:01:96:aa:fb:68:cd:fb:a2:dc:aa:
                    a0:f0:79:94:ef:ed:bf:74:b0:eb:ea:1a:cc:bc:e5:be:
                    b8:32:ad:95:11:61:fb:31:78:e0:b3:be:20:6a:cf:76:
                    5a:da:65:f5:f0:a9:7c:0b:cf:5b:13:d0:f3:f8:5c:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:9c:f2:0a:68:3a:a5:95:ab:c0:6c:82:23:b8:95:9b:
        e3:4b:52:5d:3d:5b:34:74:12:12:fb:1b:d8:d7:e7:19:
        6a:85:b8:25:0a:e1:a1:0e:03:a9:1b:a3:b4:ac:ac:54:
        ab:5a:74:8f:cf:2b:3d:64:75:14:95:3d:4d:3a:78:09:
        b9:70:0a:d6:3b:15:6a:63:02:63:9f:f4:92:74:ac:0e:
        e3:5e:25:9a:cd:07:60:13:74:50:ea:4a:88:da:1a:c6:
        62:ba:41:76:32:ce:11:10:d2:00:c9:f5:79:d3:04:b6:
        fc:c0:12:4a:1a:5c:87:33:f3:24:aa:84:23:9a:e6:9a:
        69:0f:64:92:4d:02:78:c4:e9:e0:f6:dc:d3:b3:56:65:
        b8:1d:2a:1d:f4:b7:ab:68:6c:99:e8:91:08:41:eb:de:
        31:b4:c6:dd:2f:20:ef:3e:46:cc:33:66:d3:76:48:30:
        3f:e2:c9:3b:19:e5:9d:56:52:b3:23:b0:4c:22:97:7f:
        f4:4f:55:8e:a3:02:16:52:c2:cb:49:87:30:25:8a:02:
        75:a4:18:c5:bf:a8:60:f5:4d:6e:92:9c:f0:0e:86:b3:
        3d:b9:e6:93:96:43:72:e1:1a:f2:af:d9:f3:f6:a5:c0:
        c7:20:1c:cb:c8:9b:04:e2:73:8f:ee:5e:a0:e0:06:73
    Fingerprint (SHA-256):
        47:4F:E3:F3:EB:60:A7:FC:A5:A5:7F:DA:B5:B2:7A:71:B9:C2:82:70:09:1D:6F:5A:03:BD:84:55:22:11:86:3B
    Fingerprint (SHA1):
        2D:C4:63:B1:42:C2:67:FE:24:E3:84:F0:2D:D7:60:F0:B9:1B:CF:72
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #2528: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #2529: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #2530: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170406 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2531: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #2532: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #2533: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2534: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628170407   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2535: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2536: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #2537: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2538: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628170408   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2539: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2540: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #2541: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2542: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628170409   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2543: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2544: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #2545: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -m 628170410 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #2546: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #2547: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #2548: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #2549: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628170411   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2550: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2551: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #2552: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #2553: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628170412   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cu_data
=== Certutil input data ===
===
chains.sh: #2554: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #2555: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #2556: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #2557: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #2558: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170406 (0x25711ea6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:29 2016
            Not After : Mon Jun 28 17:31:29 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:28:e1:39:d8:09:0e:10:d6:86:15:79:6c:75:e4:13:
                    04:d2:2f:2e:2e:21:8f:fe:a8:ab:7b:05:52:e2:4e:0a:
                    cd:7e:42:42:d8:ed:22:df:40:1d:98:47:01:58:63:f2:
                    42:9e:c5:e5:b1:0b:79:4a:28:33:49:67:8d:29:a8:85:
                    e4:f4:0a:77:f8:56:16:15:71:7a:10:0a:06:38:e1:77:
                    39:da:56:d8:86:9a:ea:f1:f7:ba:c2:c8:f0:4c:6d:aa:
                    82:63:52:ad:0b:fb:51:24:07:77:1e:51:c6:9e:2d:21:
                    ad:3d:54:f7:9a:00:c1:a3:63:23:f7:51:0a:c7:27:f0:
                    73:90:73:ae:6b:21:e7:7d:cf:bb:35:07:7f:7b:f0:8b:
                    cd:df:e9:52:ae:97:e0:a2:a8:3e:83:82:77:40:2b:09:
                    e8:c3:fb:19:a6:f2:9a:7a:fa:ec:57:13:15:0f:44:89:
                    4d:99:1d:63:a5:63:ec:fc:bc:d0:32:da:c4:3c:08:84:
                    3c:e9:19:39:5b:b1:92:b0:4f:67:ad:81:26:82:f9:8f:
                    8f:76:13:4b:7f:86:ab:7e:3d:6f:a7:15:95:15:6f:20:
                    31:b2:f5:b2:76:c9:63:38:64:21:4b:e5:1a:d2:f3:00:
                    14:78:86:7d:fb:b8:84:01:da:9f:48:a4:0b:0a:d9:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:ef:57:65:60:1c:a6:20:d7:be:16:39:e9:8b:10:b4:
        42:bf:b7:1f:c5:79:44:4b:24:58:c4:4d:92:37:b9:41:
        d4:0b:98:c7:42:22:29:4d:46:f0:66:02:2f:f4:07:0c:
        6a:0d:df:10:12:29:b2:ad:58:e4:4c:1d:06:f2:81:0d:
        83:9b:8c:86:33:4f:e0:f5:c8:db:10:45:a3:07:a8:03:
        8e:7a:78:ea:ab:4c:95:ac:94:0b:da:5f:13:35:4c:01:
        b9:6c:e0:2a:0d:49:8e:34:51:14:cb:cb:4e:51:59:5e:
        8d:74:86:98:52:77:75:17:94:1e:08:6e:50:ce:d0:cd:
        e4:e0:ec:43:c7:29:fa:48:43:6f:2f:7b:5e:80:23:06:
        4b:f6:1f:da:d9:fe:20:55:7a:b8:79:a6:1f:09:02:06:
        66:e6:e4:01:92:fd:98:c3:3c:f4:d2:20:3e:5b:a3:60:
        61:4d:56:46:d2:98:42:4b:5f:61:a7:26:97:af:a6:81:
        18:8b:93:19:2d:49:34:d1:c9:9c:0f:5d:ec:0d:c1:32:
        66:6b:b9:39:15:ff:76:17:46:4c:ba:98:8a:87:39:7e:
        f4:ed:15:ff:0c:c8:88:ec:eb:84:06:6a:4f:63:03:49:
        37:29:fb:08:5e:28:b9:61:11:41:c6:aa:7d:56:e4:6f
    Fingerprint (SHA-256):
        16:B8:B5:50:D9:2A:C7:60:FD:D2:C7:70:E0:76:43:1F:E5:A4:4A:0D:4D:CF:1B:FE:E4:41:E2:1B:F7:87:3F:7A
    Fingerprint (SHA1):
        2E:F1:95:01:D7:FB:58:30:DF:42:1D:28:A9:66:5B:7D:1B:FB:C5:6E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2559: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170408 (0x25711ea8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:35 2016
            Not After : Mon Jun 28 17:31:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    de:47:ae:e1:0b:5d:0a:d0:03:02:4b:32:f6:6f:25:b7:
                    98:96:be:51:19:65:aa:c7:2d:5d:3d:52:d5:7e:d5:75:
                    83:bf:b8:bf:7f:4a:77:a1:0b:89:26:cc:05:41:cf:f1:
                    be:56:30:db:ce:d0:f9:9a:de:16:64:55:d5:85:b5:f3:
                    33:24:a9:ce:b9:37:f3:a3:51:f0:90:f7:08:c3:39:56:
                    80:40:cb:69:c2:16:a8:03:8f:2c:fa:29:40:80:a0:23:
                    c4:2c:71:b0:62:df:4b:7a:79:a3:3e:6a:06:89:a2:bc:
                    30:f5:41:0c:df:31:89:5c:69:0e:0f:2d:1e:e3:f3:bf:
                    ab:23:b5:3d:25:d3:f8:98:28:ce:90:c3:5d:05:65:94:
                    1a:b8:d6:d9:99:4b:d4:9c:40:87:76:26:2d:b6:f9:ea:
                    d5:01:85:a5:ee:db:f0:8c:d7:29:c2:d6:47:29:86:80:
                    e6:40:af:3f:ca:a8:d2:ef:f6:56:33:49:b4:a0:17:44:
                    c4:60:15:90:f3:f1:92:21:b7:01:0b:1e:4d:54:64:2c:
                    67:2d:66:7f:4b:bc:80:29:55:e1:bb:d0:fe:c9:c4:c0:
                    0f:5d:b2:e0:47:99:49:1c:c7:0f:e0:04:ff:e9:b8:68:
                    c3:0f:47:78:07:02:c0:09:0f:fb:b3:68:fc:38:b1:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:07:ce:01:cb:e2:6c:34:52:ca:75:4f:6f:d8:d2:8a:
        1e:59:7a:b9:06:97:3d:1d:52:06:93:05:79:c6:cd:47:
        85:3b:ed:9d:fe:5f:d8:0d:9d:9e:e9:44:f5:3c:cf:ae:
        13:48:bb:f2:62:54:70:24:0f:60:c6:d8:1f:0a:33:76:
        87:60:fc:d3:86:ad:bf:fc:72:77:25:9a:8b:db:f2:d6:
        b3:51:58:f0:df:83:00:f3:6d:2d:5e:0d:c9:83:c4:18:
        3e:32:72:44:8b:b7:39:22:9e:06:42:85:4d:b2:ea:c2:
        cb:fc:99:b3:14:4f:c6:b2:b3:f4:48:bc:43:25:c8:bf:
        d2:5f:f1:68:a6:31:45:54:c5:ba:82:af:2d:27:d5:c4:
        08:fe:e6:bc:3d:86:cd:0f:31:a2:0d:00:1b:e0:5f:27:
        64:76:a6:07:d1:88:d7:1a:70:85:e8:cb:e3:1f:a3:4b:
        60:32:d1:fc:19:7b:86:02:32:fb:e0:60:8c:fd:6b:96:
        83:29:1c:67:87:55:09:00:ee:30:6d:3d:3e:b8:45:92:
        e5:aa:5b:9c:6e:c0:ae:0d:dd:e4:6e:44:cb:d6:8f:68:
        3b:24:f2:61:8b:8a:bf:0c:e1:51:45:14:a4:04:c0:30:
        a4:a3:5b:0a:6b:0a:c7:c0:57:3d:b9:1e:91:90:5d:58
    Fingerprint (SHA-256):
        9A:24:B6:91:C1:F0:4B:BA:E7:A1:0A:4E:52:50:4A:E1:C0:9F:6B:3D:80:27:EE:E8:91:09:63:BF:29:A5:CA:9B
    Fingerprint (SHA1):
        9E:EF:C1:D9:FF:03:12:4B:16:07:BE:C8:77:CF:07:76:B6:1F:E9:66
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2560: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170406 (0x25711ea6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:29 2016
            Not After : Mon Jun 28 17:31:29 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:28:e1:39:d8:09:0e:10:d6:86:15:79:6c:75:e4:13:
                    04:d2:2f:2e:2e:21:8f:fe:a8:ab:7b:05:52:e2:4e:0a:
                    cd:7e:42:42:d8:ed:22:df:40:1d:98:47:01:58:63:f2:
                    42:9e:c5:e5:b1:0b:79:4a:28:33:49:67:8d:29:a8:85:
                    e4:f4:0a:77:f8:56:16:15:71:7a:10:0a:06:38:e1:77:
                    39:da:56:d8:86:9a:ea:f1:f7:ba:c2:c8:f0:4c:6d:aa:
                    82:63:52:ad:0b:fb:51:24:07:77:1e:51:c6:9e:2d:21:
                    ad:3d:54:f7:9a:00:c1:a3:63:23:f7:51:0a:c7:27:f0:
                    73:90:73:ae:6b:21:e7:7d:cf:bb:35:07:7f:7b:f0:8b:
                    cd:df:e9:52:ae:97:e0:a2:a8:3e:83:82:77:40:2b:09:
                    e8:c3:fb:19:a6:f2:9a:7a:fa:ec:57:13:15:0f:44:89:
                    4d:99:1d:63:a5:63:ec:fc:bc:d0:32:da:c4:3c:08:84:
                    3c:e9:19:39:5b:b1:92:b0:4f:67:ad:81:26:82:f9:8f:
                    8f:76:13:4b:7f:86:ab:7e:3d:6f:a7:15:95:15:6f:20:
                    31:b2:f5:b2:76:c9:63:38:64:21:4b:e5:1a:d2:f3:00:
                    14:78:86:7d:fb:b8:84:01:da:9f:48:a4:0b:0a:d9:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:ef:57:65:60:1c:a6:20:d7:be:16:39:e9:8b:10:b4:
        42:bf:b7:1f:c5:79:44:4b:24:58:c4:4d:92:37:b9:41:
        d4:0b:98:c7:42:22:29:4d:46:f0:66:02:2f:f4:07:0c:
        6a:0d:df:10:12:29:b2:ad:58:e4:4c:1d:06:f2:81:0d:
        83:9b:8c:86:33:4f:e0:f5:c8:db:10:45:a3:07:a8:03:
        8e:7a:78:ea:ab:4c:95:ac:94:0b:da:5f:13:35:4c:01:
        b9:6c:e0:2a:0d:49:8e:34:51:14:cb:cb:4e:51:59:5e:
        8d:74:86:98:52:77:75:17:94:1e:08:6e:50:ce:d0:cd:
        e4:e0:ec:43:c7:29:fa:48:43:6f:2f:7b:5e:80:23:06:
        4b:f6:1f:da:d9:fe:20:55:7a:b8:79:a6:1f:09:02:06:
        66:e6:e4:01:92:fd:98:c3:3c:f4:d2:20:3e:5b:a3:60:
        61:4d:56:46:d2:98:42:4b:5f:61:a7:26:97:af:a6:81:
        18:8b:93:19:2d:49:34:d1:c9:9c:0f:5d:ec:0d:c1:32:
        66:6b:b9:39:15:ff:76:17:46:4c:ba:98:8a:87:39:7e:
        f4:ed:15:ff:0c:c8:88:ec:eb:84:06:6a:4f:63:03:49:
        37:29:fb:08:5e:28:b9:61:11:41:c6:aa:7d:56:e4:6f
    Fingerprint (SHA-256):
        16:B8:B5:50:D9:2A:C7:60:FD:D2:C7:70:E0:76:43:1F:E5:A4:4A:0D:4D:CF:1B:FE:E4:41:E2:1B:F7:87:3F:7A
    Fingerprint (SHA1):
        2E:F1:95:01:D7:FB:58:30:DF:42:1D:28:A9:66:5B:7D:1B:FB:C5:6E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2561: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #2562: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170406 (0x25711ea6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:29 2016
            Not After : Mon Jun 28 17:31:29 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:28:e1:39:d8:09:0e:10:d6:86:15:79:6c:75:e4:13:
                    04:d2:2f:2e:2e:21:8f:fe:a8:ab:7b:05:52:e2:4e:0a:
                    cd:7e:42:42:d8:ed:22:df:40:1d:98:47:01:58:63:f2:
                    42:9e:c5:e5:b1:0b:79:4a:28:33:49:67:8d:29:a8:85:
                    e4:f4:0a:77:f8:56:16:15:71:7a:10:0a:06:38:e1:77:
                    39:da:56:d8:86:9a:ea:f1:f7:ba:c2:c8:f0:4c:6d:aa:
                    82:63:52:ad:0b:fb:51:24:07:77:1e:51:c6:9e:2d:21:
                    ad:3d:54:f7:9a:00:c1:a3:63:23:f7:51:0a:c7:27:f0:
                    73:90:73:ae:6b:21:e7:7d:cf:bb:35:07:7f:7b:f0:8b:
                    cd:df:e9:52:ae:97:e0:a2:a8:3e:83:82:77:40:2b:09:
                    e8:c3:fb:19:a6:f2:9a:7a:fa:ec:57:13:15:0f:44:89:
                    4d:99:1d:63:a5:63:ec:fc:bc:d0:32:da:c4:3c:08:84:
                    3c:e9:19:39:5b:b1:92:b0:4f:67:ad:81:26:82:f9:8f:
                    8f:76:13:4b:7f:86:ab:7e:3d:6f:a7:15:95:15:6f:20:
                    31:b2:f5:b2:76:c9:63:38:64:21:4b:e5:1a:d2:f3:00:
                    14:78:86:7d:fb:b8:84:01:da:9f:48:a4:0b:0a:d9:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:ef:57:65:60:1c:a6:20:d7:be:16:39:e9:8b:10:b4:
        42:bf:b7:1f:c5:79:44:4b:24:58:c4:4d:92:37:b9:41:
        d4:0b:98:c7:42:22:29:4d:46:f0:66:02:2f:f4:07:0c:
        6a:0d:df:10:12:29:b2:ad:58:e4:4c:1d:06:f2:81:0d:
        83:9b:8c:86:33:4f:e0:f5:c8:db:10:45:a3:07:a8:03:
        8e:7a:78:ea:ab:4c:95:ac:94:0b:da:5f:13:35:4c:01:
        b9:6c:e0:2a:0d:49:8e:34:51:14:cb:cb:4e:51:59:5e:
        8d:74:86:98:52:77:75:17:94:1e:08:6e:50:ce:d0:cd:
        e4:e0:ec:43:c7:29:fa:48:43:6f:2f:7b:5e:80:23:06:
        4b:f6:1f:da:d9:fe:20:55:7a:b8:79:a6:1f:09:02:06:
        66:e6:e4:01:92:fd:98:c3:3c:f4:d2:20:3e:5b:a3:60:
        61:4d:56:46:d2:98:42:4b:5f:61:a7:26:97:af:a6:81:
        18:8b:93:19:2d:49:34:d1:c9:9c:0f:5d:ec:0d:c1:32:
        66:6b:b9:39:15:ff:76:17:46:4c:ba:98:8a:87:39:7e:
        f4:ed:15:ff:0c:c8:88:ec:eb:84:06:6a:4f:63:03:49:
        37:29:fb:08:5e:28:b9:61:11:41:c6:aa:7d:56:e4:6f
    Fingerprint (SHA-256):
        16:B8:B5:50:D9:2A:C7:60:FD:D2:C7:70:E0:76:43:1F:E5:A4:4A:0D:4D:CF:1B:FE:E4:41:E2:1B:F7:87:3F:7A
    Fingerprint (SHA1):
        2E:F1:95:01:D7:FB:58:30:DF:42:1D:28:A9:66:5B:7D:1B:FB:C5:6E
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2563: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170408 (0x25711ea8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:35 2016
            Not After : Mon Jun 28 17:31:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    de:47:ae:e1:0b:5d:0a:d0:03:02:4b:32:f6:6f:25:b7:
                    98:96:be:51:19:65:aa:c7:2d:5d:3d:52:d5:7e:d5:75:
                    83:bf:b8:bf:7f:4a:77:a1:0b:89:26:cc:05:41:cf:f1:
                    be:56:30:db:ce:d0:f9:9a:de:16:64:55:d5:85:b5:f3:
                    33:24:a9:ce:b9:37:f3:a3:51:f0:90:f7:08:c3:39:56:
                    80:40:cb:69:c2:16:a8:03:8f:2c:fa:29:40:80:a0:23:
                    c4:2c:71:b0:62:df:4b:7a:79:a3:3e:6a:06:89:a2:bc:
                    30:f5:41:0c:df:31:89:5c:69:0e:0f:2d:1e:e3:f3:bf:
                    ab:23:b5:3d:25:d3:f8:98:28:ce:90:c3:5d:05:65:94:
                    1a:b8:d6:d9:99:4b:d4:9c:40:87:76:26:2d:b6:f9:ea:
                    d5:01:85:a5:ee:db:f0:8c:d7:29:c2:d6:47:29:86:80:
                    e6:40:af:3f:ca:a8:d2:ef:f6:56:33:49:b4:a0:17:44:
                    c4:60:15:90:f3:f1:92:21:b7:01:0b:1e:4d:54:64:2c:
                    67:2d:66:7f:4b:bc:80:29:55:e1:bb:d0:fe:c9:c4:c0:
                    0f:5d:b2:e0:47:99:49:1c:c7:0f:e0:04:ff:e9:b8:68:
                    c3:0f:47:78:07:02:c0:09:0f:fb:b3:68:fc:38:b1:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:07:ce:01:cb:e2:6c:34:52:ca:75:4f:6f:d8:d2:8a:
        1e:59:7a:b9:06:97:3d:1d:52:06:93:05:79:c6:cd:47:
        85:3b:ed:9d:fe:5f:d8:0d:9d:9e:e9:44:f5:3c:cf:ae:
        13:48:bb:f2:62:54:70:24:0f:60:c6:d8:1f:0a:33:76:
        87:60:fc:d3:86:ad:bf:fc:72:77:25:9a:8b:db:f2:d6:
        b3:51:58:f0:df:83:00:f3:6d:2d:5e:0d:c9:83:c4:18:
        3e:32:72:44:8b:b7:39:22:9e:06:42:85:4d:b2:ea:c2:
        cb:fc:99:b3:14:4f:c6:b2:b3:f4:48:bc:43:25:c8:bf:
        d2:5f:f1:68:a6:31:45:54:c5:ba:82:af:2d:27:d5:c4:
        08:fe:e6:bc:3d:86:cd:0f:31:a2:0d:00:1b:e0:5f:27:
        64:76:a6:07:d1:88:d7:1a:70:85:e8:cb:e3:1f:a3:4b:
        60:32:d1:fc:19:7b:86:02:32:fb:e0:60:8c:fd:6b:96:
        83:29:1c:67:87:55:09:00:ee:30:6d:3d:3e:b8:45:92:
        e5:aa:5b:9c:6e:c0:ae:0d:dd:e4:6e:44:cb:d6:8f:68:
        3b:24:f2:61:8b:8a:bf:0c:e1:51:45:14:a4:04:c0:30:
        a4:a3:5b:0a:6b:0a:c7:c0:57:3d:b9:1e:91:90:5d:58
    Fingerprint (SHA-256):
        9A:24:B6:91:C1:F0:4B:BA:E7:A1:0A:4E:52:50:4A:E1:C0:9F:6B:3D:80:27:EE:E8:91:09:63:BF:29:A5:CA:9B
    Fingerprint (SHA1):
        9E:EF:C1:D9:FF:03:12:4B:16:07:BE:C8:77:CF:07:76:B6:1F:E9:66
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2564: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #2565: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #2566: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #2567: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170406 (0x25711ea6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:29 2016
            Not After : Mon Jun 28 17:31:29 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:28:e1:39:d8:09:0e:10:d6:86:15:79:6c:75:e4:13:
                    04:d2:2f:2e:2e:21:8f:fe:a8:ab:7b:05:52:e2:4e:0a:
                    cd:7e:42:42:d8:ed:22:df:40:1d:98:47:01:58:63:f2:
                    42:9e:c5:e5:b1:0b:79:4a:28:33:49:67:8d:29:a8:85:
                    e4:f4:0a:77:f8:56:16:15:71:7a:10:0a:06:38:e1:77:
                    39:da:56:d8:86:9a:ea:f1:f7:ba:c2:c8:f0:4c:6d:aa:
                    82:63:52:ad:0b:fb:51:24:07:77:1e:51:c6:9e:2d:21:
                    ad:3d:54:f7:9a:00:c1:a3:63:23:f7:51:0a:c7:27:f0:
                    73:90:73:ae:6b:21:e7:7d:cf:bb:35:07:7f:7b:f0:8b:
                    cd:df:e9:52:ae:97:e0:a2:a8:3e:83:82:77:40:2b:09:
                    e8:c3:fb:19:a6:f2:9a:7a:fa:ec:57:13:15:0f:44:89:
                    4d:99:1d:63:a5:63:ec:fc:bc:d0:32:da:c4:3c:08:84:
                    3c:e9:19:39:5b:b1:92:b0:4f:67:ad:81:26:82:f9:8f:
                    8f:76:13:4b:7f:86:ab:7e:3d:6f:a7:15:95:15:6f:20:
                    31:b2:f5:b2:76:c9:63:38:64:21:4b:e5:1a:d2:f3:00:
                    14:78:86:7d:fb:b8:84:01:da:9f:48:a4:0b:0a:d9:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:ef:57:65:60:1c:a6:20:d7:be:16:39:e9:8b:10:b4:
        42:bf:b7:1f:c5:79:44:4b:24:58:c4:4d:92:37:b9:41:
        d4:0b:98:c7:42:22:29:4d:46:f0:66:02:2f:f4:07:0c:
        6a:0d:df:10:12:29:b2:ad:58:e4:4c:1d:06:f2:81:0d:
        83:9b:8c:86:33:4f:e0:f5:c8:db:10:45:a3:07:a8:03:
        8e:7a:78:ea:ab:4c:95:ac:94:0b:da:5f:13:35:4c:01:
        b9:6c:e0:2a:0d:49:8e:34:51:14:cb:cb:4e:51:59:5e:
        8d:74:86:98:52:77:75:17:94:1e:08:6e:50:ce:d0:cd:
        e4:e0:ec:43:c7:29:fa:48:43:6f:2f:7b:5e:80:23:06:
        4b:f6:1f:da:d9:fe:20:55:7a:b8:79:a6:1f:09:02:06:
        66:e6:e4:01:92:fd:98:c3:3c:f4:d2:20:3e:5b:a3:60:
        61:4d:56:46:d2:98:42:4b:5f:61:a7:26:97:af:a6:81:
        18:8b:93:19:2d:49:34:d1:c9:9c:0f:5d:ec:0d:c1:32:
        66:6b:b9:39:15:ff:76:17:46:4c:ba:98:8a:87:39:7e:
        f4:ed:15:ff:0c:c8:88:ec:eb:84:06:6a:4f:63:03:49:
        37:29:fb:08:5e:28:b9:61:11:41:c6:aa:7d:56:e4:6f
    Fingerprint (SHA-256):
        16:B8:B5:50:D9:2A:C7:60:FD:D2:C7:70:E0:76:43:1F:E5:A4:4A:0D:4D:CF:1B:FE:E4:41:E2:1B:F7:87:3F:7A
    Fingerprint (SHA1):
        2E:F1:95:01:D7:FB:58:30:DF:42:1D:28:A9:66:5B:7D:1B:FB:C5:6E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2568: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170410 (0x25711eaa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:47 2016
            Not After : Mon Jun 28 17:31:47 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a8:bf:6f:36:41:be:9c:50:3d:10:98:d9:04:ed:cb:c3:
                    35:a3:b1:2e:e5:93:2d:f0:65:e6:21:67:e2:0d:7a:70:
                    23:ea:9f:d1:1f:a4:58:2e:43:96:94:dd:96:13:8b:19:
                    33:96:4f:0f:38:c9:67:77:58:97:1a:2d:13:df:b5:9e:
                    0c:23:10:23:98:10:8a:9c:b1:78:9f:b3:1b:e4:7c:74:
                    6f:44:d6:b0:03:bb:ee:d5:42:f1:ff:6e:69:16:d7:0e:
                    9c:40:2e:31:78:58:e1:03:e1:8f:5b:74:7a:82:fc:bb:
                    e7:27:28:97:7b:e8:23:f5:36:e0:b6:01:2a:cf:1a:02:
                    80:6f:32:c7:30:7d:36:87:4b:e1:88:7a:50:d7:cc:4b:
                    1c:e0:cd:ea:ae:76:21:ef:fc:09:cd:dc:c3:e8:83:4a:
                    e8:6d:68:17:44:d0:c1:51:4f:70:31:c1:14:a0:ee:5e:
                    e6:0b:39:7d:79:fd:58:b8:bc:be:6f:51:9c:4a:2a:93:
                    c9:40:57:8b:16:7d:39:d6:00:b0:81:91:f0:a3:13:c9:
                    a6:1d:cc:38:95:51:cf:29:63:8a:d3:e1:e5:08:98:ab:
                    18:2d:56:f4:a3:4b:bc:29:8b:ee:6a:cd:b1:0f:01:e8:
                    e5:5e:89:81:91:19:5a:c8:be:87:68:51:0d:23:88:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        38:96:08:06:54:9c:39:c7:25:dd:67:06:87:79:a7:ee:
        aa:80:ab:ae:fe:72:a7:d3:0c:df:2c:b0:2b:3b:ed:21:
        66:3d:66:2f:06:f4:4b:5c:f2:c5:c5:ed:78:ff:c6:69:
        b3:d1:00:84:cc:10:f7:7f:bb:d2:2d:37:fc:9a:6f:54:
        2b:be:2b:76:4a:b6:e0:d3:56:12:4c:c6:15:af:3c:27:
        86:fe:73:ba:e7:b9:c5:de:9f:88:46:83:64:a9:9e:ba:
        64:98:3b:0a:37:99:de:b3:b1:9d:c4:ee:a8:ac:7f:c4:
        a1:b5:31:d2:5c:24:56:a5:eb:36:db:fc:8a:79:17:99:
        35:25:70:0d:19:9a:a9:63:95:79:d0:2e:cb:0f:1d:39:
        78:a3:a7:da:45:04:fa:04:d4:52:da:d7:33:b4:b3:ca:
        33:a5:6e:6d:f5:09:47:46:31:7d:49:f9:b5:4f:e6:39:
        69:91:1a:be:5c:c3:6f:c7:79:18:19:a1:2f:51:c3:c6:
        48:2f:94:f4:3d:29:6d:36:72:8f:77:9f:18:44:82:c0:
        99:1d:c2:9c:ac:1b:9a:76:44:f8:be:7f:b4:f9:39:1a:
        89:b1:76:10:97:6e:77:77:60:92:31:84:a1:94:8d:5c:
        53:59:20:18:58:6f:8b:20:f6:e1:21:c0:17:1a:66:47
    Fingerprint (SHA-256):
        A2:FE:65:88:E7:2E:EA:9A:3E:84:96:FA:56:DB:D1:A3:90:B5:5B:50:19:A5:B4:A1:35:3A:FA:22:DE:2E:D4:19
    Fingerprint (SHA1):
        68:CD:D7:6A:4B:85:2A:DB:DB:95:9F:79:14:08:7D:24:F1:9B:90:61
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #2569: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170406 (0x25711ea6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:29 2016
            Not After : Mon Jun 28 17:31:29 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:28:e1:39:d8:09:0e:10:d6:86:15:79:6c:75:e4:13:
                    04:d2:2f:2e:2e:21:8f:fe:a8:ab:7b:05:52:e2:4e:0a:
                    cd:7e:42:42:d8:ed:22:df:40:1d:98:47:01:58:63:f2:
                    42:9e:c5:e5:b1:0b:79:4a:28:33:49:67:8d:29:a8:85:
                    e4:f4:0a:77:f8:56:16:15:71:7a:10:0a:06:38:e1:77:
                    39:da:56:d8:86:9a:ea:f1:f7:ba:c2:c8:f0:4c:6d:aa:
                    82:63:52:ad:0b:fb:51:24:07:77:1e:51:c6:9e:2d:21:
                    ad:3d:54:f7:9a:00:c1:a3:63:23:f7:51:0a:c7:27:f0:
                    73:90:73:ae:6b:21:e7:7d:cf:bb:35:07:7f:7b:f0:8b:
                    cd:df:e9:52:ae:97:e0:a2:a8:3e:83:82:77:40:2b:09:
                    e8:c3:fb:19:a6:f2:9a:7a:fa:ec:57:13:15:0f:44:89:
                    4d:99:1d:63:a5:63:ec:fc:bc:d0:32:da:c4:3c:08:84:
                    3c:e9:19:39:5b:b1:92:b0:4f:67:ad:81:26:82:f9:8f:
                    8f:76:13:4b:7f:86:ab:7e:3d:6f:a7:15:95:15:6f:20:
                    31:b2:f5:b2:76:c9:63:38:64:21:4b:e5:1a:d2:f3:00:
                    14:78:86:7d:fb:b8:84:01:da:9f:48:a4:0b:0a:d9:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:ef:57:65:60:1c:a6:20:d7:be:16:39:e9:8b:10:b4:
        42:bf:b7:1f:c5:79:44:4b:24:58:c4:4d:92:37:b9:41:
        d4:0b:98:c7:42:22:29:4d:46:f0:66:02:2f:f4:07:0c:
        6a:0d:df:10:12:29:b2:ad:58:e4:4c:1d:06:f2:81:0d:
        83:9b:8c:86:33:4f:e0:f5:c8:db:10:45:a3:07:a8:03:
        8e:7a:78:ea:ab:4c:95:ac:94:0b:da:5f:13:35:4c:01:
        b9:6c:e0:2a:0d:49:8e:34:51:14:cb:cb:4e:51:59:5e:
        8d:74:86:98:52:77:75:17:94:1e:08:6e:50:ce:d0:cd:
        e4:e0:ec:43:c7:29:fa:48:43:6f:2f:7b:5e:80:23:06:
        4b:f6:1f:da:d9:fe:20:55:7a:b8:79:a6:1f:09:02:06:
        66:e6:e4:01:92:fd:98:c3:3c:f4:d2:20:3e:5b:a3:60:
        61:4d:56:46:d2:98:42:4b:5f:61:a7:26:97:af:a6:81:
        18:8b:93:19:2d:49:34:d1:c9:9c:0f:5d:ec:0d:c1:32:
        66:6b:b9:39:15:ff:76:17:46:4c:ba:98:8a:87:39:7e:
        f4:ed:15:ff:0c:c8:88:ec:eb:84:06:6a:4f:63:03:49:
        37:29:fb:08:5e:28:b9:61:11:41:c6:aa:7d:56:e4:6f
    Fingerprint (SHA-256):
        16:B8:B5:50:D9:2A:C7:60:FD:D2:C7:70:E0:76:43:1F:E5:A4:4A:0D:4D:CF:1B:FE:E4:41:E2:1B:F7:87:3F:7A
    Fingerprint (SHA1):
        2E:F1:95:01:D7:FB:58:30:DF:42:1D:28:A9:66:5B:7D:1B:FB:C5:6E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #2570: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #2571: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #2572: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #2573: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #2574: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #2575: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628170411 (0x25711eab)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:31:53 2016
            Not After : Mon Jun 28 17:31:53 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:8c:59:5c:7b:7b:38:f7:d4:90:d3:54:f3:7e:c6:29:
                    6a:2b:30:69:45:a3:aa:af:14:72:f5:59:99:66:fd:d2:
                    cf:90:0f:24:bb:a3:66:f8:46:df:2e:1a:9f:ef:9f:aa:
                    c5:50:e0:15:ad:34:eb:9b:b8:c9:dc:ce:26:9d:64:a4:
                    c4:b8:05:4c:1c:94:8b:bd:da:45:2b:0c:be:55:98:7b:
                    fa:96:5b:1d:eb:c4:8a:17:e9:c6:f8:eb:af:3e:ac:4c:
                    fa:f9:75:1d:95:db:77:75:9a:46:a7:9c:8c:ac:f3:3d:
                    b1:56:42:98:4a:60:65:bc:73:c1:14:7a:a6:0c:62:0b:
                    ca:bb:ff:a5:03:47:77:67:bf:76:f5:94:f8:33:a9:9d:
                    95:7f:54:a2:73:5e:84:b6:5e:c8:f9:1c:c8:30:06:57:
                    5b:a1:24:5f:e6:e3:1a:06:56:d8:a0:bc:d6:22:9b:30:
                    68:90:37:f0:15:94:79:5b:b7:ff:72:a0:9f:ca:f5:c3:
                    0b:a3:85:e4:6f:93:c8:71:c8:db:c0:1e:a1:d3:3f:ed:
                    7c:57:ad:59:73:30:4a:e1:9b:79:bb:ee:11:71:e4:cf:
                    d2:59:b8:7b:86:3d:32:47:d2:73:1d:b0:15:8c:45:0a:
                    d7:62:86:eb:4e:db:9e:3d:e0:00:f3:fd:4e:36:6f:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        99:55:8f:98:83:2e:7b:db:c7:1c:30:16:7a:61:3e:a9:
        47:0f:a4:0b:38:19:4a:b4:a8:13:00:ef:f8:93:06:53:
        98:8c:f1:06:57:8c:35:b2:56:9f:64:29:47:cd:6b:08:
        f9:e3:92:04:05:4d:ca:75:71:6a:14:de:25:19:7a:af:
        ba:e6:2d:a6:05:d0:94:23:86:e1:46:05:da:9d:c3:83:
        75:ed:29:bf:8e:36:16:ad:bf:8f:ce:76:d0:60:98:92:
        d4:b7:59:70:a1:91:ff:a5:40:7e:4c:fb:82:66:bf:b6:
        97:2f:e6:82:d7:b3:e2:e7:a4:88:10:29:39:30:2e:e2:
        da:1f:da:55:83:5a:07:11:25:30:c0:7e:34:5a:5a:4a:
        46:03:9c:af:00:82:c5:27:5d:71:0d:00:74:79:6c:97:
        08:41:74:6a:02:a9:68:ce:6c:94:aa:e4:5a:c1:95:22:
        fc:1b:3d:6b:8b:f7:cf:34:0f:c4:91:2b:8c:56:1a:7c:
        fa:36:cc:dc:a0:d8:70:63:a7:24:a0:46:df:85:37:82:
        3e:e7:10:1e:1c:24:ed:82:d8:9f:87:cb:2f:6a:84:41:
        e8:43:6b:a7:e5:1b:95:ef:42:b8:f0:96:1f:af:f8:35:
        5e:81:98:98:41:61:23:11:d9:ea:23:1a:4d:33:ee:9b
    Fingerprint (SHA-256):
        A8:A0:6F:57:D5:CA:72:98:D6:77:93:66:09:CF:0F:01:9B:EF:A8:5F:78:BA:12:A4:3C:13:86:47:4F:E9:8F:D6
    Fingerprint (SHA1):
        A6:E3:2B:D3:41:8D:1E:6D:F8:71:56:31:EB:DF:7C:43:20:ED:F9:23
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #2576: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #2577: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #2578: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #2579: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #2580: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #2581: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2582: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2583: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #2584: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2585: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2586: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2587: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2588: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #2589: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2590: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #2591: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2592: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #2593: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2594: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #2595: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2596: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #2597: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #2598: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #2599: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 9169 at Tue Jun 28 17:32:05 UTC 2016
kill -USR1 9169
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 9169 killed at Tue Jun 28 17:32:05 UTC 2016
TIMESTAMP chains END: Tue Jun 28 17:32:05 UTC 2016
Running tests for ec
TIMESTAMP ec BEGIN: Tue Jun 28 17:32:05 UTC 2016
Running ec tests for ecperf
TIMESTAMP ecperf BEGIN: Tue Jun 28 17:32:05 UTC 2016
ecperf.sh: ecperf test ===============================
./ecperf.sh: line 44: ecperf: command not found
ecperf.sh: #2600: ec(perf) test - PASSED
chmod: missing operand after 'a+rw'
Try 'chmod --help' for more information.
TIMESTAMP ecperf END: Tue Jun 28 17:32:05 UTC 2016
TIMESTAMP ec END: Tue Jun 28 17:32:05 UTC 2016
Running tests for gtests
TIMESTAMP gtests BEGIN: Tue Jun 28 17:32:05 UTC 2016
gtests: der_gtest pk11_gtest util_gtest
gtests.sh: der_gtest ===============================
[==========] Running 11 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 11 tests from DERIntegerDecodingTest
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus126
[       OK ] DERIntegerDecodingTest.DecodeLongMinus126 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong130
[       OK ] DERIntegerDecodingTest.DecodeLong130 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong0
[       OK ] DERIntegerDecodingTest.DecodeLong0 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong1
[       OK ] DERIntegerDecodingTest.DecodeLong1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMax
[       OK ] DERIntegerDecodingTest.DecodeLongMax (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMin
[       OK ] DERIntegerDecodingTest.DecodeLongMin (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinPlus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxPlus1 (0 ms)
[----------] 11 tests from DERIntegerDecodingTest (0 ms total)
[----------] Global test environment tear-down
[==========] 11 tests from 1 test case ran. (0 ms total)
[  PASSED  ] 11 tests.
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/der_gtest/report.xml
gtests.sh: #2601: der_gtest run successfully  - PASSED
gtests.sh: pk11_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk11_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pk11_gtest/report.xml
gtests.sh: #2613: pk11_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pk11_gtest/report.xml: No such file or directory
gtests.sh: util_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/util_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/util_gtest/report.xml
gtests.sh: #2614: util_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/util_gtest/report.xml: No such file or directory
TIMESTAMP gtests END: Tue Jun 28 17:32:06 UTC 2016
Running tests for ssl_gtests
TIMESTAMP ssl_gtests BEGIN: Tue Jun 28 17:32:06 UTC 2016
ssl_gtest.sh: SSL Gtests ===============================
ssl_gtest.sh: #2615: create ssl_gtest database  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2616: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2617: create certificate: sign kex - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2618: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2619: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2620: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2621: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #2622: create certificate: sign  - PASSED
ssl_gtest.sh: #2623: Skipping ssl_gtest (not built) - UNKNOWN
TIMESTAMP ssl_gtests END: Tue Jun 28 17:32:10 UTC 2016
ssl_gtests.sh: Testing with PKIX ===============================
Running tests for libpkix
TIMESTAMP libpkix BEGIN: Tue Jun 28 17:32:10 UTC 2016
TIMESTAMP libpkix END: Tue Jun 28 17:32:10 UTC 2016
Running tests for cert
TIMESTAMP cert BEGIN: Tue Jun 28 17:32:10 UTC 2016
cert.sh: Certutil and Crlutil Tests with ECC ===============================
cert.sh: #2624: Looking for root certs module. - PASSED
cert.sh: Creating a CA Certificate TestCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -f ../tests.pw
cert.sh: #2625: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2626: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert TestCA  --------------------------
certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2627: Creating CA Cert TestCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -o root.cert
cert.sh: #2628: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -f ../tests.pw
cert.sh: #2629: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2630: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert serverCA  --------------------------
certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2631: Creating CA Cert serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -o root.cert
cert.sh: #2632: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating CA Cert chain-1-serverCA  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2633: Creating CA Cert chain-1-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -o root.cert
cert.sh: #2634: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating CA Cert chain-2-serverCA  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2635: Creating CA Cert chain-2-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -o root.cert
cert.sh: #2636: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -f ../tests.pw
cert.sh: #2637: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2638: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert clientCA  --------------------------
certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2639: Creating CA Cert clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -o root.cert
cert.sh: #2640: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating CA Cert chain-1-clientCA  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2641: Creating CA Cert chain-1-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -o root.cert
cert.sh: #2642: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating CA Cert chain-2-clientCA  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2643: Creating CA Cert chain-2-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -o root.cert
cert.sh: #2644: Exporting Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate TestCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA
cert.sh: Creating DSA CA Cert TestCA-dsa  --------------------------
certutil -s "CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-dsa -k dsa -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2645: Creating DSA CA Cert TestCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n TestCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2646: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating DSA CA Cert serverCA-dsa  --------------------------
certutil -s "CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-dsa -k dsa -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2647: Creating DSA CA Cert serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2648: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating DSA CA Cert chain-1-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-dsa -k dsa -t u,u,u -v 600 -c serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2649: Creating DSA CA Cert chain-1-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2650: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating DSA CA Cert chain-2-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2651: Creating DSA CA Cert chain-2-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2652: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating DSA CA Cert clientCA-dsa  --------------------------
certutil -s "CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-dsa -k dsa -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2653: Creating DSA CA Cert clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2654: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating DSA CA Cert chain-1-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-dsa -k dsa -t u,u,u -v 600 -c clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2655: Creating DSA CA Cert chain-1-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2656: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating DSA CA Cert chain-2-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2657: Creating DSA CA Cert chain-2-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #2658: Exporting DSA Root Cert - PASSED
cert.sh: Creating an EC CA Certificate TestCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA
cert.sh: Creating EC CA Cert TestCA-ec  --------------------------
certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2659: Creating EC CA Cert TestCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n TestCA-ec -r -d . -o ecroot.cert
cert.sh: #2660: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating EC CA Cert serverCA-ec  --------------------------
certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2661: Creating EC CA Cert serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n serverCA-ec -r -d . -o ecroot.cert
cert.sh: #2662: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating EC CA Cert chain-1-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2663: Creating EC CA Cert chain-1-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #2664: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA
cert.sh: Creating EC CA Cert chain-2-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2665: Creating EC CA Cert chain-2-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #2666: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating EC CA Cert clientCA-ec  --------------------------
certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2667: Creating EC CA Cert clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n clientCA-ec -r -d . -o ecroot.cert
cert.sh: #2668: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating EC CA Cert chain-1-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2669: Creating EC CA Cert chain-1-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #2670: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA
cert.sh: Creating EC CA Cert chain-2-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2671: Creating EC CA Cert chain-2-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #2672: Exporting EC Root Cert - PASSED
cert.sh: Creating Certificates, issued by the last ===============
     of a chain of CA's which are not in the same database============
Server Cert
cert.sh: Initializing localhost.localdomain's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw
cert.sh: #2673: Initializing localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2674: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2675: Generate Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw
cert.sh: #2676: Sign localhost.localdomain's Request (ext) - PASSED
cert.sh: Import localhost.localdomain's Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2677: Import localhost.localdomain's Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert
cert.sh: #2678: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2679: Generate DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA-dsa -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw
cert.sh: #2680: Sign localhost.localdomain's DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2681: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA-dsa.ca.cert
cert.sh: #2682: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2683: Generate mixed DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 202 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw
cert.sh: #2684: Sign localhost.localdomain's mixed DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2685: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2686: Generate EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw
cert.sh: #2687: Sign localhost.localdomain's EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2688: Import localhost.localdomain's EC Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert
cert.sh: #2689: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2690: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw
cert.sh: #2691: Sign localhost.localdomain's mixed EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2692: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) - PASSED
Importing all the server's own CA chain into the servers DB
cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2693: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2694: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-2-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2695: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2696: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2697: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert
cert.sh: #2698: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert
cert.sh: #2699: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA-dsa.ca.cert
cert.sh: #2700: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/chain-1-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2701: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
Client Cert
cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw
cert.sh: #2702: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2703: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2704: Generate Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw
cert.sh: #2705: Sign ExtendedSSLUser's Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2706: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA.ca.cert
cert.sh: #2707: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2708: Generate DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA-dsa -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-dsa.cert -f ../tests.pw
cert.sh: #2709: Sign ExtendedSSLUser's DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2710: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA-dsa.ca.cert
cert.sh: #2711: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2712: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 302 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-dsamixed.cert -f ../tests.pw
cert.sh: #2713: Sign ExtendedSSLUser's mixed DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2714: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2715: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw
cert.sh: #2716: Sign ExtendedSSLUser's EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2717: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA/serverCA-ec.ca.cert
cert.sh: #2718: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2719: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw
cert.sh: #2720: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2721: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED
Importing all the client's own CA chain into the servers DB
cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2722: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2723: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2724: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2725: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA-dsa.ca.cert
cert.sh: #2726: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-1-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2727: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA.ca.cert
cert.sh: #2728: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/chain-2-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2729: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/clientCA/clientCA-ec.ca.cert
cert.sh: #2730: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh SUCCESS: EXT passed
cert.sh: Creating Client CA Issued Certificates ===============
cert.sh: Initializing TestUser's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw
cert.sh: #2731: Initializing TestUser's Cert DB - PASSED
cert.sh: Loading root cert module to TestUser's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2732: Loading root cert module to TestUser's Cert DB - PASSED
cert.sh: Import Root CA for TestUser --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA.ca.cert
cert.sh: #2733: Import Root CA for TestUser - PASSED
cert.sh: Import DSA Root CA for TestUser --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2734: Import DSA Root CA for TestUser - PASSED
cert.sh: Import EC Root CA for TestUser --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -i ../CA/TestCA-ec.ca.cert
cert.sh: #2735: Import EC Root CA for TestUser - PASSED
cert.sh: Generate Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2736: Generate Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's Request --------------------------
certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw 
cert.sh: #2737: Sign TestUser's Request - PASSED
cert.sh: Import TestUser's Cert --------------------------
certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2738: Import TestUser's Cert - PASSED
cert.sh SUCCESS: TestUser's Cert Created
cert.sh: Generate DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2739: Generate DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 70 -v 60 -d ../CA -i req -o TestUser-dsa.cert -f ../tests.pw 
cert.sh: #2740: Sign TestUser's DSA Request - PASSED
cert.sh: Import TestUser's DSA Cert --------------------------
certutil -A -n TestUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2741: Import TestUser's DSA Cert - PASSED
cert.sh SUCCESS: TestUser's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2742: Generate mixed DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20070 -v 60 -d ../CA -i req -o TestUser-dsamixed.cert -f ../tests.pw 
cert.sh: #2743: Sign TestUser's DSA Request with RSA - PASSED
cert.sh: Import TestUser's mixed DSA Cert --------------------------
certutil -A -n TestUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2744: Import TestUser's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2745: Generate EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request --------------------------
certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw 
cert.sh: #2746: Sign TestUser's EC Request - PASSED
cert.sh: Import TestUser's EC Cert --------------------------
certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2747: Import TestUser's EC Cert - PASSED
cert.sh SUCCESS: TestUser's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2748: Generate mixed EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw 
cert.sh: #2749: Sign TestUser's EC Request with RSA - PASSED
cert.sh: Import TestUser's mixed EC Cert --------------------------
certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2750: Import TestUser's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain ------------------------------------
cert.sh: Initializing localhost.localdomain's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw
cert.sh: #2751: Initializing localhost.localdomain's Cert DB - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2752: Loading root cert module to localhost.localdomain's Cert DB - PASSED
cert.sh: Import Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA.ca.cert
cert.sh: #2753: Import Root CA for localhost.localdomain - PASSED
cert.sh: Import DSA Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2754: Import DSA Root CA for localhost.localdomain - PASSED
cert.sh: Import EC Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -i ../CA/TestCA-ec.ca.cert
cert.sh: #2755: Import EC Root CA for localhost.localdomain - PASSED
cert.sh: Generate Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2756: Generate Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's Request --------------------------
certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw 
cert.sh: #2757: Sign localhost.localdomain's Request - PASSED
cert.sh: Import localhost.localdomain's Cert --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2758: Import localhost.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2759: Generate DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #2760: Sign localhost.localdomain's DSA Request - PASSED
cert.sh: Import localhost.localdomain's DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2761: Import localhost.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2762: Generate mixed DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20100 -v 60 -d ../CA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #2763: Sign localhost.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2764: Import localhost.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2765: Generate EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw 
cert.sh: #2766: Sign localhost.localdomain's EC Request - PASSED
cert.sh: Import localhost.localdomain's EC Cert --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2767: Import localhost.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2768: Generate mixed EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #2769: Sign localhost.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2770: Import localhost.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain-sni --------------------------------
cert.sh: Generate Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2771: Generate Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's Request --------------------------
certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw 
cert.sh: #2772: Sign localhost-sni.localdomain's Request - PASSED
cert.sh: Import localhost-sni.localdomain's Cert --------------------------
certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2773: Import localhost-sni.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2774: Generate DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #2775: Sign localhost-sni.localdomain's DSA Request - PASSED
cert.sh: Import localhost-sni.localdomain's DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2776: Import localhost-sni.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2777: Generate mixed DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #2778: Sign localhost-sni.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2779: Import localhost-sni.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2780: Generate EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw 
cert.sh: #2781: Sign localhost-sni.localdomain's EC Request - PASSED
cert.sh: Import localhost-sni.localdomain's EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2782: Import localhost-sni.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2783: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #2784: Sign localhost-sni.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2785: Import localhost-sni.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created
cert.sh: Modify trust attributes of Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw
cert.sh: #2786: Modify trust attributes of Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of DSA Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-dsa -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw
cert.sh: #2787: Modify trust attributes of DSA Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server -f ../tests.pw
cert.sh: #2788: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED
cert.sh SUCCESS: SSL passed
cert.sh: Creating database for OCSP stapling tests  ===============
cp -r /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/server /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/stapling
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA
pk12util: PKCS12 EXPORT SUCCESSFUL
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling
pk12util: PKCS12 IMPORT SUCCESSFUL
cert.sh: Creating Client CA Issued Certificates ==============
cert.sh: Initializing Alice's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw
cert.sh: #2789: Initializing Alice's Cert DB - PASSED
cert.sh: Loading root cert module to Alice's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2790: Loading root cert module to Alice's Cert DB - PASSED
cert.sh: Import Root CA for Alice --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA.ca.cert
cert.sh: #2791: Import Root CA for Alice - PASSED
cert.sh: Import DSA Root CA for Alice --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2792: Import DSA Root CA for Alice - PASSED
cert.sh: Import EC Root CA for Alice --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -i ../CA/TestCA-ec.ca.cert
cert.sh: #2793: Import EC Root CA for Alice - PASSED
cert.sh: Generate Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2794: Generate Cert Request for Alice - PASSED
cert.sh: Sign Alice's Request --------------------------
certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw 
cert.sh: #2795: Sign Alice's Request - PASSED
cert.sh: Import Alice's Cert --------------------------
certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2796: Import Alice's Cert - PASSED
cert.sh SUCCESS: Alice's Cert Created
cert.sh: Generate DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2797: Generate DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 30 -v 60 -d ../CA -i req -o Alice-dsa.cert -f ../tests.pw 
cert.sh: #2798: Sign Alice's DSA Request - PASSED
cert.sh: Import Alice's DSA Cert --------------------------
certutil -A -n Alice-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2799: Import Alice's DSA Cert - PASSED
cert.sh SUCCESS: Alice's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2800: Generate mixed DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20030 -v 60 -d ../CA -i req -o Alice-dsamixed.cert -f ../tests.pw 
cert.sh: #2801: Sign Alice's DSA Request with RSA - PASSED
cert.sh: Import Alice's mixed DSA Cert --------------------------
certutil -A -n Alice-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2802: Import Alice's mixed DSA Cert - PASSED
cert.sh SUCCESS: Alice's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2803: Generate EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request --------------------------
certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw 
cert.sh: #2804: Sign Alice's EC Request - PASSED
cert.sh: Import Alice's EC Cert --------------------------
certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2805: Import Alice's EC Cert - PASSED
cert.sh SUCCESS: Alice's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2806: Generate mixed EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw 
cert.sh: #2807: Sign Alice's EC Request with RSA - PASSED
cert.sh: Import Alice's mixed EC Cert --------------------------
certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/alicedir -f ../tests.pw -i Alice-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2808: Import Alice's mixed EC Cert - PASSED
cert.sh SUCCESS: Alice's mixed EC Cert Created
cert.sh: Initializing Bob's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw
cert.sh: #2809: Initializing Bob's Cert DB - PASSED
cert.sh: Loading root cert module to Bob's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2810: Loading root cert module to Bob's Cert DB - PASSED
cert.sh: Import Root CA for Bob --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA.ca.cert
cert.sh: #2811: Import Root CA for Bob - PASSED
cert.sh: Import DSA Root CA for Bob --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2812: Import DSA Root CA for Bob - PASSED
cert.sh: Import EC Root CA for Bob --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -i ../CA/TestCA-ec.ca.cert
cert.sh: #2813: Import EC Root CA for Bob - PASSED
cert.sh: Generate Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2814: Generate Cert Request for Bob - PASSED
cert.sh: Sign Bob's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw 
cert.sh: #2815: Sign Bob's Request - PASSED
cert.sh: Import Bob's Cert --------------------------
certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2816: Import Bob's Cert - PASSED
cert.sh SUCCESS: Bob's Cert Created
cert.sh: Generate DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2817: Generate DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o Bob-dsa.cert -f ../tests.pw 
cert.sh: #2818: Sign Bob's DSA Request - PASSED
cert.sh: Import Bob's DSA Cert --------------------------
certutil -A -n Bob-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2819: Import Bob's DSA Cert - PASSED
cert.sh SUCCESS: Bob's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2820: Generate mixed DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o Bob-dsamixed.cert -f ../tests.pw 
cert.sh: #2821: Sign Bob's DSA Request with RSA - PASSED
cert.sh: Import Bob's mixed DSA Cert --------------------------
certutil -A -n Bob-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2822: Import Bob's mixed DSA Cert - PASSED
cert.sh SUCCESS: Bob's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2823: Generate EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw 
cert.sh: #2824: Sign Bob's EC Request - PASSED
cert.sh: Import Bob's EC Cert --------------------------
certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2825: Import Bob's EC Cert - PASSED
cert.sh SUCCESS: Bob's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2826: Generate mixed EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw 
cert.sh: #2827: Sign Bob's EC Request with RSA - PASSED
cert.sh: Import Bob's mixed EC Cert --------------------------
certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/bobdir -f ../tests.pw -i Bob-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2828: Import Bob's mixed EC Cert - PASSED
cert.sh SUCCESS: Bob's mixed EC Cert Created
cert.sh: Creating Dave's Certificate -------------------------
cert.sh: Initializing Dave's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw
cert.sh: #2829: Initializing Dave's Cert DB - PASSED
cert.sh: Loading root cert module to Dave's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2830: Loading root cert module to Dave's Cert DB - PASSED
cert.sh: Import Root CA for Dave --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA.ca.cert
cert.sh: #2831: Import Root CA for Dave - PASSED
cert.sh: Import DSA Root CA for Dave --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2832: Import DSA Root CA for Dave - PASSED
cert.sh: Import EC Root CA for Dave --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -i ../CA/TestCA-ec.ca.cert
cert.sh: #2833: Import EC Root CA for Dave - PASSED
cert.sh: Generate Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2834: Generate Cert Request for Dave - PASSED
cert.sh: Sign Dave's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw 
cert.sh: #2835: Sign Dave's Request - PASSED
cert.sh: Import Dave's Cert --------------------------
certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2836: Import Dave's Cert - PASSED
cert.sh SUCCESS: Dave's Cert Created
cert.sh: Generate DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2837: Generate DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o Dave-dsa.cert -f ../tests.pw 
cert.sh: #2838: Sign Dave's DSA Request - PASSED
cert.sh: Import Dave's DSA Cert --------------------------
certutil -A -n Dave-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2839: Import Dave's DSA Cert - PASSED
cert.sh SUCCESS: Dave's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2840: Generate mixed DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o Dave-dsamixed.cert -f ../tests.pw 
cert.sh: #2841: Sign Dave's DSA Request with RSA - PASSED
cert.sh: Import Dave's mixed DSA Cert --------------------------
certutil -A -n Dave-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2842: Import Dave's mixed DSA Cert - PASSED
cert.sh SUCCESS: Dave's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2843: Generate EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw 
cert.sh: #2844: Sign Dave's EC Request - PASSED
cert.sh: Import Dave's EC Cert --------------------------
certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2845: Import Dave's EC Cert - PASSED
cert.sh SUCCESS: Dave's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2846: Generate mixed EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw 
cert.sh: #2847: Sign Dave's EC Request with RSA - PASSED
cert.sh: Import Dave's mixed EC Cert --------------------------
certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dave -f ../tests.pw -i Dave-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2848: Import Dave's mixed EC Cert - PASSED
cert.sh SUCCESS: Dave's mixed EC Cert Created
cert.sh: Creating multiEmail's Certificate --------------------
cert.sh: Initializing Eve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw
cert.sh: #2849: Initializing Eve's Cert DB - PASSED
cert.sh: Loading root cert module to Eve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2850: Loading root cert module to Eve's Cert DB - PASSED
cert.sh: Import Root CA for Eve --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA.ca.cert
cert.sh: #2851: Import Root CA for Eve - PASSED
cert.sh: Import DSA Root CA for Eve --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2852: Import DSA Root CA for Eve - PASSED
cert.sh: Import EC Root CA for Eve --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -i ../CA/TestCA-ec.ca.cert
cert.sh: #2853: Import EC Root CA for Eve - PASSED
cert.sh: Generate Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2854: Generate Cert Request for Eve - PASSED
cert.sh: Sign Eve's Request --------------------------
certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #2855: Sign Eve's Request - PASSED
cert.sh: Import Eve's Cert --------------------------
certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2856: Import Eve's Cert - PASSED
cert.sh SUCCESS: Eve's Cert Created
cert.sh: Generate DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2857: Generate DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 60 -v 60 -d ../CA -i req -o Eve-dsa.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #2858: Sign Eve's DSA Request - PASSED
cert.sh: Import Eve's DSA Cert --------------------------
certutil -A -n Eve-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2859: Import Eve's DSA Cert - PASSED
cert.sh SUCCESS: Eve's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2860: Generate mixed DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20060 -v 60 -d ../CA -i req -o Eve-dsamixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #2861: Sign Eve's DSA Request with RSA - PASSED
cert.sh: Import Eve's mixed DSA Cert --------------------------
certutil -A -n Eve-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2862: Import Eve's mixed DSA Cert - PASSED
cert.sh SUCCESS: Eve's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2863: Generate EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request --------------------------
certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #2864: Sign Eve's EC Request - PASSED
cert.sh: Import Eve's EC Cert --------------------------
certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2865: Import Eve's EC Cert - PASSED
cert.sh SUCCESS: Eve's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2866: Generate mixed EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #2867: Sign Eve's EC Request with RSA - PASSED
cert.sh: Import Eve's mixed EC Cert --------------------------
certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eve -f ../tests.pw -i Eve-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2868: Import Eve's mixed EC Cert - PASSED
cert.sh SUCCESS: Eve's mixed EC Cert Created
cert.sh: Importing Certificates ==============================
cert.sh: Import Bob's cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert
cert.sh: #2869: Import Bob's cert into Alice's db - PASSED
cert.sh: Import Dave's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #2870: Import Dave's cert into Alice's DB - PASSED
cert.sh: Import Dave's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #2871: Import Dave's cert into Bob's DB - PASSED
cert.sh: Import Eve's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #2872: Import Eve's cert into Alice's DB - PASSED
cert.sh: Import Eve's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #2873: Import Eve's cert into Bob's DB - PASSED
cert.sh: Importing EC Certificates ==============================
cert.sh: Import Bob's EC cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert
cert.sh: #2874: Import Bob's EC cert into Alice's db - PASSED
cert.sh: Import Dave's EC cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #2875: Import Dave's EC cert into Alice's DB - PASSED
cert.sh: Import Dave's EC cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #2876: Import Dave's EC cert into Bob's DB - PASSED
cert.sh SUCCESS: SMIME passed
cert.sh: Creating FIPS 140 DSA Certificates ==============
cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw
cert.sh: #2877: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED
cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2878: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED
cert.sh: Enable FIPS mode on database -----------------------
modutil -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips -fips true 
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
FIPS mode enabled.
cert.sh: #2879: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED
cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate --------------------------
certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2880: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED
cert.sh SUCCESS: FIPS passed
cert.sh: Creating Server CA Issued Certificate for 
             EC Curves Test Certificates ------------------------------------
cert.sh: Initializing EC Curve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw
cert.sh: #2881: Initializing EC Curve's Cert DB - PASSED
cert.sh: Loading root cert module to EC Curve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2882: Loading root cert module to EC Curve's Cert DB - PASSED
cert.sh: Import EC Root CA for EC Curves Test Certificates --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -i ../CA/TestCA-ec.ca.cert
cert.sh: #2883: Import EC Root CA for EC Curves Test Certificates - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp256 --------------------------
certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2884: Generate EC Cert Request for Curve-nistp256 - PASSED
cert.sh: Sign Curve-nistp256's EC Request --------------------------
certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw 
cert.sh: #2885: Sign Curve-nistp256's EC Request - PASSED
cert.sh: Import Curve-nistp256's EC Cert --------------------------
certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2886: Import Curve-nistp256's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp384 --------------------------
certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2887: Generate EC Cert Request for Curve-nistp384 - PASSED
cert.sh: Sign Curve-nistp384's EC Request --------------------------
certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw 
cert.sh: #2888: Sign Curve-nistp384's EC Request - PASSED
cert.sh: Import Curve-nistp384's EC Cert --------------------------
certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2889: Import Curve-nistp384's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp521 --------------------------
certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2890: Generate EC Cert Request for Curve-nistp521 - PASSED
cert.sh: Sign Curve-nistp521's EC Request --------------------------
certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw 
cert.sh: #2891: Sign Curve-nistp521's EC Request - PASSED
cert.sh: Import Curve-nistp521's EC Cert --------------------------
certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2892: Import Curve-nistp521's EC Cert - PASSED
cert.sh: Initializing TestExt's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw
cert.sh: #2893: Initializing TestExt's Cert DB - PASSED
cert.sh: Loading root cert module to TestExt's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2894: Loading root cert module to TestExt's Cert DB - PASSED
cert.sh: Import Root CA for TestExt --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA.ca.cert
cert.sh: #2895: Import Root CA for TestExt - PASSED
cert.sh: Import DSA Root CA for TestExt --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2896: Import DSA Root CA for TestExt - PASSED
cert.sh: Import EC Root CA for TestExt --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -i ../CA/TestCA-ec.ca.cert
cert.sh: #2897: Import EC Root CA for TestExt - PASSED
cert.sh: Generate Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2898: Generate Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's Request --------------------------
certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw 
cert.sh: #2899: Sign TestExt's Request - PASSED
cert.sh: Import TestExt's Cert --------------------------
certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2900: Import TestExt's Cert - PASSED
cert.sh SUCCESS: TestExt's Cert Created
cert.sh: Generate DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2901: Generate DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 90 -v 60 -d ../CA -i req -o TestExt-dsa.cert -f ../tests.pw 
cert.sh: #2902: Sign TestExt's DSA Request - PASSED
cert.sh: Import TestExt's DSA Cert --------------------------
certutil -A -n TestExt-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2903: Import TestExt's DSA Cert - PASSED
cert.sh SUCCESS: TestExt's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2904: Generate mixed DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20090 -v 60 -d ../CA -i req -o TestExt-dsamixed.cert -f ../tests.pw 
cert.sh: #2905: Sign TestExt's DSA Request with RSA - PASSED
cert.sh: Import TestExt's mixed DSA Cert --------------------------
certutil -A -n TestExt-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2906: Import TestExt's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestExt's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2907: Generate EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request --------------------------
certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw 
cert.sh: #2908: Sign TestExt's EC Request - PASSED
cert.sh: Import TestExt's EC Cert --------------------------
certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2909: Import TestExt's EC Cert - PASSED
cert.sh SUCCESS: TestExt's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2910: Generate mixed EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw 
cert.sh: #2911: Sign TestExt's EC Request with RSA - PASSED
cert.sh: Import TestExt's mixed EC Cert --------------------------
certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2912: Import TestExt's mixed EC Cert - PASSED
cert.sh SUCCESS: TestExt's mixed EC Cert Created
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:70
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:34:18 2016
            Not After : Wed Sep 28 17:34:18 2016
        Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:01:c4:3d:e6:be:20:cc:74:70:b1:3c:eb:09:5d:d5:
                    2e:9d:51:5b:cd:86:a3:7e:f4:f4:b5:75:b3:01:99:3c:
                    3d:99:8f:9e:61:d8:7e:14:76:8c:14:71:a8:b0:2d:f8:
                    0e:8b:12:a0:e8:4d:08:30:df:86:1d:b1:e7:50:e5:2f:
                    af:b0:4d:3d:cd:31:7a:ba:27:c8:43:57:51:ba:d9:f5:
                    33:e5:2e:97:fd:5d:af:6d:e2:21:11:bc:b2:28:fe:2f:
                    05:fe:83:fb:2a:86:f7:19:13:f4:ef:51:5f:92:22:52:
                    9a:3c:59:f1:1f:d9:93:6d:47:a9:1b:7b:86:ed:dd:c2:
                    95:21:b1:93:7f:cb:ea:35:c1:d7:b8:48:b9:31:9d:78:
                    47:c6:30:e6:a8:e4:1b:8f:f9:0e:6f:4d:85:89:90:77:
                    e1:08:e1:b9:92:d2:8a:7f:f0:d5:17:eb:91:29:9b:89:
                    e0:b6:81:45:c2:4f:0b:b5:7a:ee:f8:66:35:6b:b9:eb:
                    39:90:13:37:d4:45:99:ec:91:dc:8c:6a:52:3d:19:47:
                    ac:c3:51:b4:da:e9:16:d8:45:1d:b8:39:b0:cc:fc:55:
                    e8:e3:cc:2f:eb:51:56:ba:a3:3b:d7:a2:60:a1:ec:1c:
                    9a:d1:50:1f:7d:70:c5:2d:48:24:c6:9d:c7:a4:10:61
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c7:8c:6b:df:76:41:f5:ba:d8:13:28:74:c4:88:62:ef:
        15:15:14:05:df:04:05:54:a2:51:93:b3:9b:6c:d1:fa:
        20:b0:9b:cd:28:d0:61:c9:c9:15:3c:f9:85:b0:ca:4b:
        02:8a:8e:12:30:a2:d1:7c:3b:1f:eb:f8:aa:e3:99:28:
        45:92:a4:bf:3b:3a:db:8e:6f:91:f3:53:96:5a:0d:e0:
        9f:a0:c9:1d:74:3d:63:d0:de:c9:b4:f1:db:60:a8:94:
        ab:e3:e2:7c:a1:a9:34:85:0c:a4:26:7a:5c:0f:8e:d4:
        d2:7d:31:02:39:2a:d1:cb:ad:5b:8c:73:ac:8b:e6:f3:
        b3:74:3d:7f:b5:98:e9:b3:0c:b9:35:e8:37:86:d9:0e:
        6f:f2:c3:02:30:bb:0b:5f:9b:9f:a7:b1:31:78:b7:e4:
        58:7a:8c:aa:10:b1:a5:77:8a:d1:e3:ac:f3:8a:c0:a7:
        5f:92:a6:d1:a6:87:21:b5:a2:5d:39:6d:02:38:24:29:
        57:7e:1d:2e:dd:ce:20:3f:e5:f8:3e:15:d8:6d:66:e3:
        f0:13:02:05:94:2f:78:0f:2c:8f:ab:e5:79:2d:a7:51:
        33:3d:45:78:6d:92:d5:ce:64:73:43:97:b2:77:13:d5:
        b3:60:22:03:f6:37:73:e9:be:44:f6:89:28:9a:2d:29
    Fingerprint (SHA-256):
        F7:1D:D6:A5:F9:AA:49:0D:3D:C9:54:6A:9A:B4:33:63:D8:DE:B8:BC:39:FA:C7:3F:E1:51:41:AC:C5:D0:2C:DF
    Fingerprint (SHA1):
        F4:FF:8A:BC:DC:4B:19:EC:FA:27:FF:CF:35:4A:51:8B:4C:B6:76:20
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2913: Certificate Key Usage Extension (1) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:7d
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:34:24 2016
            Not After : Wed Sep 28 17:34:24 2016
        Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d2:da:9b:50:cb:49:5e:fd:f0:c2:43:75:a8:4f:52:db:
                    26:6b:69:a0:cb:01:cc:e2:82:d2:79:62:d3:9d:f7:99:
                    dc:df:b9:ce:9e:99:c8:bb:3f:80:e2:e5:b5:4e:ad:17:
                    dc:54:84:fc:54:cd:2c:8a:55:e5:41:47:b1:98:f3:43:
                    ca:ea:c1:b4:86:84:09:a8:43:b7:3a:42:f4:ad:18:97:
                    47:b0:41:eb:a6:b7:db:7e:b1:52:07:f4:1a:53:6b:32:
                    0d:ba:31:b9:e8:c8:e6:5c:39:eb:01:8b:99:b9:11:fe:
                    c4:15:3e:72:1c:b4:6a:7c:b8:a6:a8:8e:3e:47:84:8e:
                    00:2e:ab:8f:1b:16:69:42:b8:bc:5f:69:26:d7:cb:18:
                    10:3c:fe:6a:c5:70:ce:f4:f3:cd:76:17:f8:3b:e7:f6:
                    1b:05:43:9e:d1:e8:45:57:45:16:54:68:d4:30:b8:d4:
                    e2:eb:fa:b6:ba:72:ed:44:fe:11:31:80:60:ab:df:66:
                    7b:28:8e:34:c9:e3:9b:f3:6c:2b:94:24:bc:03:ce:c2:
                    05:1b:ec:95:21:65:17:09:12:68:ad:40:f3:e6:d0:ba:
                    3d:f7:85:8f:56:0b:ca:34:82:ba:fe:9c:eb:ad:a8:7f:
                    b1:0a:83:09:89:e3:fb:70:7d:f3:03:9d:51:96:68:f1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        13:a3:7e:21:ba:c4:b7:62:25:71:6e:08:00:c3:a9:b0:
        03:a4:dc:7b:94:05:d2:57:1c:20:01:53:13:ef:99:47:
        e0:d5:35:a6:55:73:2d:f0:14:41:5c:56:2a:9f:fb:85:
        b7:f3:e3:10:8f:99:ff:7d:92:57:34:3b:d8:37:1b:f2:
        b8:bf:21:2b:f2:a9:58:10:ce:43:44:86:d8:9e:d7:53:
        c5:7c:4b:90:2b:01:0e:99:17:3a:c6:3a:7a:80:ab:e2:
        d9:b7:ab:22:7c:c9:38:46:98:eb:d2:34:72:0e:53:81:
        cb:c2:59:86:3b:0b:28:32:ed:88:88:a0:f1:57:4b:4c:
        2a:c7:cb:23:5c:6c:4d:3e:43:a5:ae:4a:e4:2a:c2:87:
        a9:77:e4:b3:50:10:e8:a9:b1:91:23:fe:82:d0:96:9c:
        82:b6:39:1a:c7:9f:f8:a6:9b:39:f6:4d:ea:9a:20:2b:
        87:39:d8:21:8b:28:58:02:48:61:69:f1:df:23:dc:64:
        b6:5d:a7:7e:76:f2:df:dc:0d:36:44:91:dc:71:a3:c4:
        39:99:59:de:51:4f:32:c3:14:56:a9:e1:60:8d:97:4a:
        51:f3:0c:ec:84:e5:06:a6:9e:0a:d8:4e:df:6b:17:c7:
        4d:3a:be:43:b2:44:0a:17:9e:41:06:73:39:c0:91:54
    Fingerprint (SHA-256):
        AC:49:8C:85:63:06:12:A1:EA:38:C1:DF:19:3A:A5:E7:C3:E6:C8:74:42:96:94:89:A9:E7:A7:D9:3E:AB:8F:26
    Fingerprint (SHA1):
        B4:8F:F1:59:84:8E:C1:35:16:B0:53:3B:CB:76:E6:57:89:5D:20:91
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2914: Certificate Key Usage Extension (2) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
y
-1
n
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:88
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:34:26 2016
            Not After : Wed Sep 28 17:34:26 2016
        Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d2:cc:de:95:74:2f:f8:98:55:1f:68:da:95:6f:05:7e:
                    de:80:ab:9d:9f:61:52:45:d6:48:33:f9:fd:a4:b6:5f:
                    3c:64:9e:b3:7d:e8:e2:23:33:94:03:35:ca:22:d8:27:
                    0d:54:30:ef:ab:29:76:10:e3:fd:4e:ed:c4:b8:5c:f6:
                    46:28:df:4d:60:59:a0:dc:1d:94:50:cc:32:d3:90:bd:
                    d0:ca:2c:b8:5d:e7:26:a0:55:0a:2d:53:06:5c:8d:bf:
                    62:f3:12:da:79:19:11:fa:4e:9a:5e:bc:bb:1a:23:6d:
                    41:16:f9:b6:9f:f7:94:4e:40:f3:ae:85:3e:40:81:8d:
                    40:3d:cc:cb:5c:f4:35:ff:e7:87:dd:a7:27:2e:ca:93:
                    1d:2b:8f:4a:0c:5d:e6:ce:a5:ab:48:20:c8:62:96:aa:
                    c2:2d:b4:7b:42:86:78:6d:ca:3a:8c:d6:19:a8:ce:0b:
                    b1:42:4a:4e:e9:15:70:dd:3b:58:b5:b3:3b:33:09:4c:
                    0e:4e:72:1e:af:1b:5e:29:bb:85:42:58:0d:d8:21:12:
                    4f:33:a2:42:72:9e:e6:f9:0b:6e:d4:39:39:e3:af:c7:
                    0e:d5:29:8a:2c:1e:d4:ce:25:83:2e:af:88:b7:69:36:
                    a9:ae:5b:aa:9a:ce:3f:94:f6:18:b4:d8:58:f7:f5:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        73:10:d9:2b:ed:8e:49:d7:f0:e7:5f:c5:48:55:b6:78:
        46:f3:a1:dd:3c:3f:ac:d1:de:da:80:97:64:3c:24:6f:
        f4:3a:7c:e0:24:94:1c:fe:10:f0:5e:60:9c:f3:49:37:
        d2:3d:ad:63:93:e1:30:bf:67:d0:e2:9f:55:a8:59:5d:
        04:5d:8c:c8:5d:4c:57:36:f6:b8:30:6c:ba:04:94:a2:
        20:ad:87:a9:bd:2e:46:73:b6:5f:d6:1c:91:ff:a3:af:
        32:35:8d:2b:05:58:b6:86:5a:6c:23:b9:bf:fd:11:11:
        74:37:40:5e:9a:59:e1:72:a5:ad:5b:2b:5e:da:78:d0:
        27:2c:d6:0d:5f:23:9b:dd:b0:36:b9:5f:06:bf:7e:15:
        ae:09:bf:bc:7f:05:30:15:58:90:48:bb:35:de:4c:af:
        70:2e:49:8c:b9:66:9d:05:b9:7c:30:cf:a1:12:2c:4e:
        52:5c:15:6b:96:93:2d:47:45:0d:56:6a:8c:1b:86:b9:
        6a:59:9a:7d:a6:d6:cf:7d:35:bc:06:76:1e:f1:d7:a2:
        07:13:c5:16:bb:30:3b:88:81:b4:8e:35:43:5f:83:70:
        67:86:2e:25:7a:f8:73:09:76:d1:1c:68:92:cf:d1:d5:
        fe:23:7d:36:0b:b6:1e:d2:66:c5:cf:35:04:26:87:3c
    Fingerprint (SHA-256):
        76:3E:1B:DD:8C:39:07:D3:3F:8D:02:B0:DA:19:BF:A3:9B:7E:D1:21:05:99:9D:F8:89:FE:5C:DB:72:14:67:47
    Fingerprint (SHA1):
        40:A0:3A:00:74:C7:BE:61:22:55:F5:97:69:E5:3A:CB:2E:5E:3E:7E
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2915: Certificate Basic Constraints Extension (3) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
n
-1
y
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:8d
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:34:48 2016
            Not After : Wed Sep 28 17:34:48 2016
        Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:38:6e:47:cf:d6:21:1d:70:5e:7f:4c:82:f2:0e:6f:
                    71:aa:f7:65:54:fa:95:90:53:d4:7e:65:17:5c:db:1a:
                    0c:b7:7e:e7:86:44:59:76:08:f8:fb:b4:4e:aa:8d:ad:
                    35:79:d9:e4:56:ac:c4:5b:6b:4e:4f:19:2d:e2:b7:cb:
                    b3:8f:cb:cc:9b:82:1b:10:52:31:03:fc:15:56:00:f5:
                    76:0c:2d:36:e2:63:e9:24:cc:eb:0c:38:c8:86:e2:2f:
                    e0:11:d9:17:1f:b1:31:53:5e:52:5b:77:3a:e9:68:9b:
                    dc:d0:2c:3b:a7:98:2e:07:ac:dc:9d:38:3f:30:c6:13:
                    97:5e:40:43:75:40:9f:b7:27:53:5d:73:68:ad:df:44:
                    26:00:3b:8d:a7:69:78:80:ba:fe:f2:0b:d9:f3:95:32:
                    fd:7d:07:c4:3c:f3:d0:b2:b5:4a:4c:a6:bf:e7:21:cb:
                    b3:35:e4:73:d1:57:30:f4:bb:d6:88:c1:dd:20:c5:65:
                    22:bd:23:59:8a:96:2c:e7:45:36:86:09:b2:58:71:af:
                    32:86:36:82:6e:1f:30:da:af:83:de:23:8c:30:0b:0e:
                    d0:26:c9:9d:09:6c:af:6d:37:0b:45:92:03:b2:94:0a:
                    bc:4c:69:6a:c4:ef:d0:c4:73:10:29:99:a6:ad:20:1f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is not a CA.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        14:b9:7f:3b:71:1d:56:fe:66:ac:d9:e6:32:1b:2c:90:
        4e:d9:0e:bb:6f:c5:bb:7e:17:f0:f3:a0:e1:3c:d7:ab:
        1b:7f:e9:ab:42:43:8f:11:c1:04:a6:30:c0:1b:45:39:
        0e:a0:89:c9:5a:cc:1b:04:97:27:4e:9f:f7:86:fe:eb:
        b3:21:42:7e:66:9a:fa:97:99:13:c1:1e:31:c0:f2:fd:
        63:29:9f:d6:26:73:b8:94:8c:9c:04:48:bb:57:15:76:
        81:e7:37:89:e0:9b:91:34:5e:e4:a2:f3:e4:eb:24:c9:
        40:ab:8a:02:c2:36:99:96:e8:af:30:8b:ef:1c:8f:fb:
        a3:b2:e2:b9:41:a7:65:a6:27:65:6f:ad:75:9a:1e:d0:
        cb:f5:39:a5:c2:4c:1d:30:5b:09:b4:25:2e:ef:16:47:
        d6:de:2c:0c:bc:ae:1d:b9:fe:a3:82:62:39:ee:34:d0:
        fe:00:54:2c:9b:00:cc:39:98:ba:e8:b2:28:b9:99:af:
        ea:a5:02:b0:ab:45:42:52:d8:d2:8d:57:ea:e5:a2:90:
        bb:02:40:98:f0:6d:b6:4a:1f:56:88:66:65:b6:c5:1d:
        15:18:bb:9d:be:63:86:03:01:7c:1f:cb:67:16:88:56:
        e6:82:da:07:11:27:48:68:11:18:ae:7b:82:8a:a4:6c
    Fingerprint (SHA-256):
        1D:3C:08:32:42:34:81:7A:A8:A9:04:5F:99:89:EF:D3:A4:7F:F4:60:92:26:DD:AC:F6:87:0D:62:3A:D5:CD:04
    Fingerprint (SHA1):
        6A:4C:02:57:3C:FD:59:BA:24:C1:06:4E:3A:C0:33:BD:38:AA:DF:FE
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2916: Certificate Basic Constraints Extension (4) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
y
12341235123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt5
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:b6
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:01 2016
            Not After : Wed Sep 28 17:35:01 2016
        Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:7a:8f:7d:b7:e1:5f:73:e2:dc:b8:25:fe:0c:3a:cf:
                    8b:a9:94:f8:ad:c5:3b:24:6f:dd:45:90:55:ab:b4:83:
                    a7:d4:eb:c2:11:04:53:ce:4c:67:d6:89:ec:64:04:d6:
                    d0:c4:d3:85:b6:85:ef:57:9e:d0:9f:d1:f5:2a:b0:5c:
                    20:14:97:1c:a7:c3:b9:35:11:98:e1:67:7a:03:b9:27:
                    24:65:a3:bc:6d:aa:95:fb:fa:79:b9:f8:c1:27:49:d3:
                    7a:ce:90:54:cf:bb:02:ef:69:e9:d4:4d:2c:69:cc:5f:
                    91:91:81:50:3d:b0:83:6f:6c:18:81:11:de:ab:76:f3:
                    5d:ba:fa:22:92:a3:31:90:8c:25:6c:2e:6f:1b:5d:3b:
                    6e:41:46:66:ed:52:07:ca:d9:1e:ca:07:22:df:f1:b5:
                    c3:b8:a1:e0:de:ee:c5:c4:d7:26:99:1f:00:63:0d:9a:
                    d5:85:0f:3c:16:2f:6e:8f:ad:fc:e1:33:62:0a:b5:88:
                    86:00:2e:6a:1d:3d:28:4e:9f:d8:46:b3:e9:8d:45:70:
                    83:67:6a:34:0f:74:f6:2e:29:a0:73:7f:63:b3:51:83:
                    4d:49:4e:a4:c9:08:c1:a0:08:f2:0c:10:77:53:a4:a5:
                    2c:f7:de:bc:b3:c6:04:85:bb:4e:d5:d0:d5:76:2a:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Key ID:
                12341235123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        14:0d:79:02:63:0f:3c:07:46:f4:94:05:87:7c:64:29:
        c8:72:74:ae:ee:39:f7:57:ea:69:d5:fe:d1:31:4b:b3:
        e2:77:34:fa:a4:d9:00:a0:d3:a1:6a:95:37:87:06:c2:
        7a:ee:94:55:51:7e:80:c8:b1:c0:84:70:f8:4f:81:f4:
        01:07:e1:7f:49:0e:c3:db:a1:23:c8:27:6c:79:c0:d2:
        46:b5:a2:4c:3a:e7:5f:c9:a6:6b:c3:36:2a:4f:c8:51:
        e2:1b:8a:19:75:40:c2:54:14:a4:8c:05:88:53:11:84:
        3c:9e:98:45:11:64:20:56:6b:3f:29:be:48:8d:10:cc:
        86:f3:8c:ed:62:7c:dd:30:3f:f9:04:a5:bc:f1:23:8b:
        74:09:2e:e0:23:f9:66:be:c2:4f:b9:33:0d:e6:69:e8:
        fd:ce:ad:50:3f:bc:76:08:22:8f:80:a6:6f:b1:09:d9:
        11:96:04:ac:02:44:46:b7:c0:23:24:90:6c:85:67:c9:
        5c:0d:59:a3:21:b5:5b:eb:57:2e:30:17:17:5b:fc:63:
        f5:12:e4:10:5d:cc:15:37:ef:ae:97:9e:0f:35:6d:8f:
        6d:1c:90:82:fc:d8:32:06:32:e9:9c:6d:b0:63:79:d4:
        3a:06:51:c1:18:7b:36:6f:6f:82:61:55:ca:7c:36:ba
    Fingerprint (SHA-256):
        B7:E0:B7:9A:00:D1:B6:C0:D6:FE:8E:E4:3C:C4:E4:D0:6C:23:A6:F4:96:06:2B:6A:3C:55:9D:C7:5B:11:47:4F
    Fingerprint (SHA1):
        1A:4D:BD:7E:8A:74:D7:49:13:A1:FB:83:D4:0F:DE:E0:10:8E:79:FD
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2917: Certificate Authority Key Identifier Extension (5) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
y
3
test.com
214123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt6
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:d0
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:14 2016
            Not After : Wed Sep 28 17:35:14 2016
        Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:6c:fd:b7:38:b5:ae:ad:6e:da:e7:5e:b7:15:29:e3:
                    12:63:d6:0b:9f:1a:96:fa:9e:76:13:ed:fa:90:36:6b:
                    35:92:ac:fd:43:f7:07:24:5a:b8:a0:c2:97:18:66:83:
                    32:5d:52:00:b6:51:49:f5:de:63:fd:a1:f3:5e:a8:64:
                    a4:50:c1:fa:fc:da:60:38:63:69:d9:a6:c3:f8:48:b4:
                    cb:c4:36:2e:86:b8:01:b0:7c:4b:be:62:23:3e:82:b0:
                    f9:ee:44:bb:5b:2c:05:0b:97:2e:d6:53:60:34:6a:5f:
                    46:28:9d:7b:33:48:51:02:7c:2a:26:d9:86:c4:c8:d5:
                    4c:30:41:00:2c:09:c1:64:ed:2e:29:03:3a:2a:db:b4:
                    0a:34:4d:ef:a7:24:91:7b:01:6f:8a:73:3f:3f:4c:9c:
                    52:8b:cd:34:3c:48:a6:3c:73:f9:15:6d:96:4b:49:f0:
                    33:d6:2e:5e:f8:cb:26:f3:f5:16:02:22:db:14:8d:e5:
                    fc:b9:f4:47:e7:46:2b:b9:8f:88:28:3c:d1:a7:07:cb:
                    79:fa:57:92:a0:73:20:67:ca:fc:30:51:d2:01:2e:b3:
                    cd:19:06:93:4c:59:18:58:2f:d1:c3:fe:49:ff:fc:0b:
                    86:fc:d1:0f:89:c3:ea:cc:3d:8d:3b:fb:39:7f:06:0b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Issuer: 
                DNS name: "test.com"
            Serial Number:
                214123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        73:54:ab:53:0e:c0:46:2d:5b:18:10:1a:31:f6:63:88:
        a6:c5:ae:ad:de:29:d0:b4:d1:dc:ba:42:ee:be:8e:cb:
        04:0b:30:bc:7e:b5:38:05:58:a1:99:5f:f5:ed:15:7c:
        df:b5:8d:12:03:b1:ff:fb:0f:1a:eb:26:9b:68:e9:da:
        4f:c9:9e:82:15:71:fe:3c:0c:4e:37:7e:55:ad:52:f2:
        c0:93:53:24:f5:89:86:49:91:c2:f3:26:d3:70:7a:2c:
        6f:36:23:58:48:b3:b3:e5:57:df:1e:f0:00:da:e8:f9:
        44:7b:16:bf:d2:68:ec:9e:7d:d3:79:6c:c2:d0:26:b7:
        79:a7:3c:94:e0:ec:ef:ca:a3:bd:5f:b6:3a:d6:a8:95:
        c1:6e:cf:73:07:79:ff:4f:4a:44:1d:70:4c:45:87:80:
        0a:62:ef:55:3a:f2:a5:8a:b7:f3:51:05:7d:d1:58:93:
        79:9f:d7:ee:85:99:eb:7b:98:6c:18:f5:b4:6a:29:6d:
        7a:d1:85:66:b2:4f:62:af:8d:3f:4e:88:52:f3:28:d7:
        73:29:e0:f2:69:4d:4e:16:d7:d1:fe:59:80:77:fe:b3:
        40:db:dc:f1:2b:c8:6c:95:87:60:9a:05:50:34:c5:2f:
        fe:58:65:13:c3:b1:2a:4b:84:4e:e3:cb:a4:7a:4b:43
    Fingerprint (SHA-256):
        94:B2:EB:8A:CD:6B:E3:81:0B:74:20:38:09:69:EF:07:D8:E9:6B:B2:22:AB:DB:0C:8B:96:9D:AB:81:ED:DC:7B
    Fingerprint (SHA1):
        22:F3:37:82:70:D8:53:C1:E0:06:CC:5F:81:68:3A:EE:1A:D4:C3:6C
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2918: Certificate Authority Key Identifier Extension (6) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
1
2
rfc822@name.tld
3
test.com
8
1.2.3.4
9
OID.0.2.213
10
0
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt7
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:e8
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:18 2016
            Not After : Wed Sep 28 17:35:18 2016
        Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f6:9e:4b:bb:65:c7:fb:68:ea:78:ce:54:61:11:14:95:
                    e3:08:11:d6:83:ee:b4:3b:a6:b1:e7:10:6b:ac:10:51:
                    98:be:1c:2e:e2:27:91:f2:3d:69:c7:f7:71:2e:a4:f6:
                    0f:b7:dd:63:c2:1e:87:7e:9d:2f:a1:b7:f3:95:01:56:
                    75:b8:39:08:ba:c4:11:44:fc:41:6b:6a:d0:9b:9d:57:
                    1b:85:3c:d8:12:f3:4d:c4:31:f7:3b:f2:fb:10:e0:9c:
                    40:b3:46:de:c8:81:fe:7a:09:43:5c:6d:2f:e2:b0:89:
                    cc:57:88:b4:6c:52:bd:37:e7:dd:2a:0f:12:d6:43:9f:
                    e4:3c:80:97:d5:4f:26:64:d7:ad:bd:5c:24:fb:57:53:
                    86:91:b0:06:91:34:d8:18:36:04:dc:b8:5e:29:13:64:
                    52:e8:ed:17:1d:58:67:e2:5d:24:87:d9:d2:19:1f:ec:
                    30:33:b6:3b:6b:0c:95:6d:78:2a:a7:0f:ba:f6:bd:8a:
                    52:98:30:a7:58:55:e0:5a:6e:01:ef:67:2d:6c:46:42:
                    f0:fb:7e:c5:7b:b4:db:dd:b3:eb:fe:bc:1e:53:cf:4e:
                    59:68:1c:6a:8c:b3:cf:2a:09:f4:d5:ed:51:b6:08:f5:
                    b9:2e:ce:43:35:3b:a5:a0:7f:c4:a2:a2:66:69:87:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RFC822 Name: "rfc822@name.tld"
                DNS name: "test.com"
                IP Address:
                    87:07:31:2e:32:2e:33:2e:34
                Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51
                Reasons:
                    80
                    (7 least significant bits unused)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d3:20:68:36:b8:3c:69:b0:a7:02:a2:62:da:2e:53:d3:
        ea:06:53:dc:f5:ad:27:36:c7:19:45:ed:97:a2:cb:0e:
        50:68:51:fe:b6:90:21:17:f5:aa:80:db:af:62:05:cc:
        8d:17:3e:0d:52:17:23:be:87:f7:63:8f:4a:d5:cd:34:
        06:fc:f9:ee:35:94:4e:ff:64:ed:da:22:ee:94:ea:4f:
        b0:49:34:d0:63:28:17:ac:27:a5:9d:5a:1a:b4:ed:5e:
        72:55:10:b2:70:b6:d6:40:df:11:71:f2:cf:97:a1:00:
        e4:c1:93:8f:f9:c6:c5:52:b4:6e:68:17:0b:6b:39:8d:
        b9:87:cb:e6:80:8c:a7:5b:77:c5:02:4b:aa:ad:c0:0f:
        6a:7f:bd:9b:58:6d:49:5b:1c:41:cf:17:1d:0e:fe:06:
        40:5d:f1:d3:4a:73:97:13:70:cf:bd:c4:02:ca:44:6f:
        6f:06:73:40:21:78:03:9f:54:68:76:b4:c9:70:81:df:
        67:39:45:37:7a:a2:f2:92:08:bc:eb:84:62:d6:0a:b4:
        be:ff:53:97:17:7f:5b:19:5e:b0:fe:7e:1b:f5:ef:94:
        08:b4:ea:06:6d:d9:01:44:26:85:c9:53:a2:d0:9c:fd:
        b9:13:15:38:26:93:91:44:b0:af:2b:1a:40:17:24:b1
    Fingerprint (SHA-256):
        D2:89:9A:E5:6C:02:C8:59:E9:54:1A:B1:7B:CD:8F:0F:15:41:69:5F:E9:BD:70:99:E5:B5:B6:14:F7:EE:95:59
    Fingerprint (SHA1):
        B9:C0:09:36:7D:D0:C8:A1:E4:64:BB:3E:6E:91:E6:84:9D:D6:4E:DB
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2919: CRL Distribution Points Extension (7) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
2
SN=asdfsdf
4
3
test.com
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > Enter the relative name: 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt8
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:f0
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:21 2016
            Not After : Wed Sep 28 17:35:21 2016
        Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:87:2c:ff:48:0c:01:bd:89:96:8b:a9:df:13:27:81:
                    7f:74:fd:6b:78:a9:e0:e6:c6:c7:93:a4:85:1c:47:55:
                    03:a0:5c:ec:30:99:2e:83:03:b8:31:57:a4:0b:b9:d6:
                    f8:bf:fd:be:9d:f6:2d:cd:85:91:2e:09:cb:12:02:da:
                    70:1c:45:66:5f:2d:a7:13:24:5d:9d:82:c1:cd:dc:83:
                    0b:e0:f3:c0:16:0a:be:6c:b4:7e:1f:3a:d9:7e:17:38:
                    4c:4a:bb:b4:1a:4a:86:22:4d:68:cf:a8:7e:a6:49:c7:
                    8e:d6:08:bf:a7:b5:4c:70:ec:dc:12:6f:c1:bc:48:dc:
                    34:48:c9:bd:ad:c0:e1:63:a0:c1:46:56:2f:d1:76:32:
                    23:7d:b5:4f:79:f3:d2:61:0e:1a:c6:8b:c1:b2:81:0d:
                    3f:31:7e:d2:e2:00:a6:79:5f:c5:53:0b:64:bc:90:4f:
                    e9:28:35:7e:6f:7f:72:4c:13:62:5f:e7:ee:4c:dc:55:
                    c9:47:29:1d:90:f1:d9:29:de:64:47:ed:5b:be:80:13:
                    e7:18:62:83:a5:2c:08:48:37:7b:60:5a:c6:ef:79:49:
                    13:ac:67:bd:4b:97:69:4e:f9:e7:87:57:e5:3f:d9:dc:
                    f5:b3:a2:4f:47:e0:ad:0b:2e:c9:5d:e4:45:ec:04:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RDN: "SN=asdfsdf"
                Reasons:
                    08
                    (7 least significant bits unused)
                CRL issuer: 
                    DNS name: "test.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a8:63:f0:4f:b6:67:86:d8:01:94:2b:3e:f1:8f:75:34:
        9d:e7:f1:a5:cd:a0:a4:10:bd:8d:c3:0b:92:1a:77:a5:
        17:3e:fc:13:00:d7:e7:3f:75:23:a5:1d:05:2f:69:c6:
        b3:02:9a:12:ba:40:0d:59:b9:75:c8:87:bc:5a:83:7c:
        1c:32:51:a1:2b:18:d1:fd:cc:e3:fe:51:91:c8:1a:65:
        87:cd:f7:d2:70:a9:bb:95:e0:8f:aa:8e:f4:7d:16:19:
        8c:e3:3b:02:6f:52:b8:c8:f4:89:0a:97:72:fc:2a:94:
        ce:ae:82:64:7d:79:22:a9:e6:f3:91:79:75:9d:3d:3d:
        b7:48:20:86:ec:35:c0:ed:48:ec:ba:95:c2:1c:a3:7c:
        a3:20:2b:c9:a1:e1:a1:52:cc:f0:57:43:c4:70:fe:2b:
        49:93:e5:4f:44:db:73:dc:82:50:4e:fd:d0:db:63:c5:
        cf:f1:8e:ae:69:5c:c3:7e:2e:e5:0e:e0:54:d3:fc:9a:
        36:05:73:33:61:b2:fc:96:b0:e6:0b:cc:91:3f:fe:e6:
        a4:b0:8f:6a:7a:f8:91:f7:b5:b0:ae:5a:99:2d:c6:32:
        12:bc:96:a8:ed:73:72:78:ae:cb:a7:a6:df:4f:4f:53:
        06:b4:bd:49:f8:f4:b4:5f:83:28:94:a6:2c:2f:5c:75
    Fingerprint (SHA-256):
        D6:DC:1D:49:AE:15:07:6C:41:76:6B:23:32:39:EE:6F:3E:1C:F8:4B:56:A6:1C:7F:C4:77:FC:86:47:32:5D:EA
    Fingerprint (SHA1):
        95:E9:A8:77:3D:B0:DD:37:34:CE:59:13:B6:4B:4C:D2:16:C2:FE:4E
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2920: CRL Distribution Points Extension (8) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
0
1
2
10
n
Generating key.  This may take a few moments...
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:f6
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:23 2016
            Not After : Wed Sep 28 17:35:23 2016
        Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:43:64:9f:1e:27:aa:29:1a:5a:40:4e:51:ad:0b:2b:
                    b8:01:e2:e6:2c:57:0b:d4:30:ef:28:2f:59:b4:19:12:
                    9d:1c:6d:50:9f:63:ee:f2:0c:a7:25:71:40:20:8c:8b:
                    e5:fb:2b:f2:30:a7:40:65:15:35:58:cc:ce:c6:7c:06:
                    cb:9e:97:1a:a6:b3:a4:db:05:52:d8:6d:af:c0:84:2e:
                    62:46:f9:dd:7d:21:bd:72:65:cb:e6:72:30:b0:cf:0b:
                    8d:f5:1b:9f:93:57:a5:98:2d:2e:d2:b1:d8:ea:42:8b:
                    b3:4e:f3:c9:2f:0b:47:a8:b5:1f:f3:a2:6d:34:a9:a2:
                    88:c8:77:c5:d5:fd:3b:be:8f:d8:d3:f8:f7:9c:b4:d6:
                    96:91:63:ea:13:ed:ea:bc:cf:01:c7:f3:ab:86:14:dc:
                    c4:ea:ba:b2:f8:26:68:9b:e5:29:a4:09:2c:69:19:5e:
                    82:c7:d3:50:2b:5b:55:de:c8:97:d2:34:d3:cb:52:81:
                    8c:0f:47:ce:88:b2:04:c2:cf:1c:eb:7f:db:e8:10:d4:
                    3f:d4:70:5d:f0:d8:8a:4f:0c:af:98:0f:52:b5:77:b1:
                    48:e6:34:1a:d3:9d:45:c6:45:fb:5f:91:7b:d5:67:85:
                    9c:87:de:3b:23:21:2e:76:b4:04:42:bd:cd:ad:51:e1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL Client,SSL Server,S/MIME>
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        27:4f:53:3a:0e:ee:f8:3c:d0:58:47:3c:84:6d:a0:96:
        75:31:4c:be:4c:d2:2a:9a:58:c1:67:0c:c4:b6:75:3e:
        1b:e5:ad:fd:6a:1b:4d:99:ef:81:04:19:1b:f3:93:f3:
        d2:e1:a6:ef:60:fb:3f:23:cb:f4:36:df:97:ec:e3:20:
        16:6a:c1:63:40:73:7c:64:86:d9:d8:56:e9:4b:cc:ef:
        8a:c1:f2:4f:33:13:b2:d3:d1:6c:e7:ea:00:bb:24:c0:
        27:0b:76:2e:07:f4:f8:1f:02:31:be:20:64:7b:ea:a6:
        eb:35:05:e4:49:ed:fb:9e:cd:87:98:dd:6b:51:80:2c:
        16:c8:56:d2:37:e8:59:be:82:f2:2d:ae:60:55:ff:ac:
        58:99:f0:a9:52:85:6c:cf:d1:ca:b4:9d:68:70:74:4e:
        02:41:ae:ce:d3:1c:28:da:7c:69:4a:49:8f:70:00:72:
        e3:a4:81:ac:46:e5:59:be:cc:3f:fb:f7:6c:ef:c1:88:
        d0:29:57:2e:89:27:2d:bb:e0:80:50:63:4c:b3:0a:c1:
        3e:1f:32:c4:bd:5a:d2:95:b5:6c:3c:d3:85:ec:dd:35:
        d6:8b:c7:91:8d:17:c8:2e:90:f7:14:dd:02:89:8b:f0:
        f8:72:00:18:67:ba:97:5f:5a:3b:c5:0f:c4:43:37:66
    Fingerprint (SHA-256):
        4A:56:D9:70:41:6E:89:0F:70:E6:74:83:82:AB:A3:BB:46:50:82:74:54:44:06:C9:61:C3:18:EC:E2:3B:46:35
    Fingerprint (SHA1):
        D7:AD:FC:2F:8D:53:D1:14:F6:94:1C:E6:74:58:4D:04:F9:B8:44:FF
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2921: Certificate Type Extension (9) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt10
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:41:fa
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:31 2016
            Not After : Wed Sep 28 17:35:31 2016
        Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d9:92:ae:c7:7c:3a:8a:67:7b:2b:01:1c:8d:d3:2b:68:
                    10:b3:fd:9d:cd:df:ca:93:e4:6b:47:85:ed:52:b8:42:
                    be:82:79:a2:ee:e2:3d:ab:12:43:b0:6a:f9:a2:a4:30:
                    ef:f1:35:82:65:94:35:32:29:b1:f4:6c:a1:db:50:4c:
                    4b:29:cc:1b:36:31:78:16:02:0c:94:0e:c7:1c:72:f2:
                    61:c0:46:a3:11:54:11:53:c2:4b:84:ee:b2:d0:65:4c:
                    b4:09:72:21:d2:ca:cc:c4:4c:ab:a4:62:b6:bb:16:d8:
                    dc:07:69:e4:05:ed:8e:af:9d:d2:18:4d:b5:09:b4:d4:
                    ca:16:0f:eb:94:ba:25:78:e4:ad:c9:7d:31:e7:4f:44:
                    dd:f4:d6:46:47:24:87:c7:e7:80:7b:59:a6:f5:56:1f:
                    59:76:ae:65:a1:23:02:ed:62:4e:79:5e:60:8e:b7:94:
                    fa:d9:75:c3:e2:81:54:cc:54:25:7f:2c:a0:aa:22:e4:
                    29:78:cb:ef:da:d2:10:31:1f:ae:ba:bc:c3:35:c9:2e:
                    6d:f5:a9:e7:7d:0d:ca:0f:d0:15:d8:53:9d:10:52:3c:
                    ac:86:e4:94:f6:9f:68:f1:f6:d3:be:ba:ca:43:6f:b0:
                    74:25:30:b4:1a:b7:bb:9a:dc:86:90:49:72:b6:9b:e5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Extended Key Usage
            Critical: True
                TLS Web Server Authentication Certificate
                TLS Web Client Authentication Certificate
                Code Signing Certificate
                E-Mail Protection Certificate
                Time Stamping Certifcate
                OCSP Responder Certificate
                Strong Crypto Export Approved
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        92:f2:d8:06:ef:d2:45:29:56:cd:45:8c:6b:ed:db:02:
        9c:8e:9c:9f:1e:c1:c0:c9:3f:0b:01:78:0c:34:ca:43:
        f6:8a:bd:7c:48:9e:12:21:2f:49:23:23:3f:5d:ab:a3:
        ac:9c:22:73:96:95:5f:c2:20:91:03:ea:18:49:07:e7:
        31:92:2c:b2:39:4a:18:46:d4:ef:e1:93:66:eb:6e:9a:
        f7:db:c9:a0:ed:d1:51:91:5b:93:56:73:14:3c:5b:03:
        e3:80:db:5e:38:a9:35:18:b7:8e:21:de:4c:f4:5a:ab:
        6d:09:aa:67:f2:d3:56:36:34:f9:d9:74:93:ba:46:2e:
        2d:2f:88:90:b8:21:b1:b0:25:e5:89:86:75:5e:bd:76:
        b2:0f:14:3e:99:85:5b:5c:f1:ac:f3:9f:fa:22:60:2b:
        2f:fd:95:ae:34:d3:1a:8d:a1:4d:bc:e6:5f:ae:a4:da:
        b6:34:8b:b7:2f:63:96:10:d7:7b:e6:d4:5b:44:d0:b1:
        84:fb:3e:85:7b:b3:53:52:ce:2b:63:83:86:54:d6:3a:
        95:4b:68:6b:7e:5d:31:68:71:15:5e:c0:e9:7b:28:51:
        5a:85:e5:c0:f7:81:79:15:98:2c:7c:18:f6:51:b7:d1:
        e8:12:53:01:c7:6b:d8:d7:50:50:03:9c:68:5f:54:24
    Fingerprint (SHA-256):
        F4:97:76:16:E7:59:41:E5:9C:80:E7:C2:97:38:FF:36:BD:8A:DA:0C:95:FE:AC:47:7E:3E:E2:40:9A:BA:BE:BA
    Fingerprint (SHA1):
        4A:21:45:9B:AF:2A:3F:0B:AA:76:56:2D:87:F0:CA:05:57:C2:C1:23
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2922: Extended Key Usage Extension (10) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/test.args
certutil options:
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -L -n TestExt11
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:42:0a
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 17:35:38 2016
            Not After : Wed Sep 28 17:35:38 2016
        Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:49:97:41:36:90:1b:80:e5:07:45:9b:d5:7c:55:52:
                    15:05:95:32:e4:4d:32:54:ab:8c:52:23:1a:26:51:77:
                    31:ba:f3:e9:57:d0:c3:b1:b0:54:08:05:14:25:49:3a:
                    b4:16:27:b4:52:cc:14:e7:8d:b4:26:f6:3a:42:6f:3f:
                    3d:90:b4:47:b5:5f:a3:64:b6:47:58:87:0e:0e:27:8e:
                    55:e7:4d:ba:5c:c2:fc:8f:e6:a0:29:1d:f2:04:40:a2:
                    eb:f6:cf:a3:1a:46:de:10:9d:19:82:b1:cc:68:e8:ca:
                    72:6a:d8:47:43:1e:f9:e9:02:f8:50:20:40:f3:4f:ee:
                    37:56:8d:58:c6:4d:da:61:7f:6f:c5:17:c8:d6:0d:98:
                    15:ab:3a:de:e1:cf:72:f7:a5:37:4d:41:ff:ba:4a:8f:
                    f5:c1:f7:4b:b2:2b:75:80:2b:e9:1c:fd:fd:c2:5e:8e:
                    3d:11:c1:32:56:f0:32:55:2a:74:68:ca:d7:68:ea:86:
                    de:2b:ce:72:46:84:4a:a6:1c:6b:fc:1c:59:14:ad:3b:
                    72:28:6e:de:86:92:3c:22:3a:92:84:02:2d:fe:cb:94:
                    83:dc:8d:3d:a5:e6:31:b3:78:6b:9c:1b:2a:38:1d:f4:
                    a1:df:3d:bc:9c:31:3e:a9:cd:77:c9:50:1c:9e:1a:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b1:2f:5f:9f:cf:74:4d:c2:d9:64:4c:5f:9f:1b:9e:1f:
        57:7c:c1:43:42:64:2c:7e:5e:96:26:97:c7:c7:b2:4f:
        58:a9:54:b8:1a:b9:6f:ed:3a:d7:39:70:3c:6c:2e:b1:
        8d:00:1c:6d:28:65:c2:b5:94:13:76:41:b2:a1:ec:0c:
        2e:c7:ff:c2:68:63:73:a9:31:0f:1b:ee:fa:e4:9d:a7:
        4e:fc:07:bc:c9:68:99:d6:a4:ce:74:05:22:74:87:87:
        28:ab:32:a1:a3:68:8e:c9:c6:57:35:c4:1e:af:77:33:
        7f:94:e3:ea:96:75:17:44:db:f8:77:94:2b:e1:a2:41:
        a4:d8:13:2a:75:e1:69:85:30:ba:cd:c3:e1:83:4a:ce:
        e6:c5:2d:ae:06:51:04:09:02:11:cd:bd:a2:46:04:c7:
        c3:05:2b:5c:8b:01:10:9f:24:f8:4a:cc:31:b9:7e:18:
        b2:f6:f1:2e:c2:78:8c:7c:15:df:b7:85:b9:27:85:fc:
        9e:be:e2:d9:3e:c3:26:3b:0f:f1:e6:f7:38:41:9d:da:
        81:6d:e8:a9:01:f2:99:3f:5e:21:4f:89:ac:5e:7a:a5:
        1e:b4:26:a3:75:30:3e:4c:c4:9f:ea:f6:d7:5d:1d:eb:
        26:7c:4d:38:34:42:5e:ec:b9:0e:8e:6d:14:ec:a5:c8
    Fingerprint (SHA-256):
        B7:D0:30:4D:D8:86:01:75:C8:16:9C:B8:2D:56:BD:A8:72:EB:C4:2B:87:12:A3:09:30:E0:9F:51:EE:AD:C4:AF
    Fingerprint (SHA1):
        94:51:6B:2A:4C:9E:88:DE:90:44:07:62:EE:F3:D8:0E:2F:2A:36:A6
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2923: Certificate Key Usage Extension (11) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #2924: create cert with invalid SAN parameter (12) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #2925: create cert with invalid SAN parameter (13) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com
Generating key.  This may take a few moments...
cert.sh: #2926: create cert with valid SAN parameter (14) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:42:23
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 17:35:48 2016
            Not After : Wed Sep 28 17:35:48 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:4a:5e:f9:9b:a8:08:8f:85:4e:ab:57:e5:09:48:71:
                    e9:72:87:cf:5d:56:71:5a:cf:0a:bf:53:49:2f:15:e2:
                    e2:bd:e4:7a:5c:2d:e7:5d:fd:ac:89:1f:b2:35:5d:49:
                    40:5e:35:36:69:00:5b:43:aa:3a:f2:d4:c4:c8:ba:f1:
                    4d:9d:d1:28:12:9d:ba:90:8e:e4:9f:7a:8c:eb:a0:3d:
                    71:ac:13:2b:eb:42:3f:07:64:b5:d8:75:97:4d:fb:3c:
                    b6:27:07:a5:9b:e7:f5:8c:9c:ef:d1:3c:b6:fd:b2:3b:
                    e9:b3:24:cb:12:46:e5:99:78:9c:5f:e9:5d:7f:41:f4:
                    eb:e1:f6:79:a2:51:28:c7:4c:72:16:fd:8c:35:7a:5d:
                    a5:a5:29:8c:38:c7:f5:ab:52:68:4f:f0:d1:07:16:24:
                    50:41:b6:b6:f4:bb:53:67:91:e3:ba:aa:7b:a6:fd:ee:
                    59:03:bc:f3:ac:7f:33:a2:31:79:a4:b1:e9:03:3b:98:
                    4d:5d:13:b9:20:19:ab:a8:4b:5e:74:31:cf:fe:0d:dd:
                    39:9c:72:1e:1e:85:1a:ab:b9:aa:2b:fa:37:46:f0:f9:
                    73:49:34:bb:3c:bb:8f:8f:50:ac:1e:11:ad:b5:34:04:
                    82:84:82:61:00:7b:d2:14:e8:e1:44:93:73:1a:a8:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d8:53:7f:82:ce:7b:14:34:e4:52:16:a5:e9:c1:02:4d:
        f9:3c:73:29:6b:f2:5d:3d:88:4b:5b:51:c6:b5:94:22:
        98:e6:79:8c:e8:0a:b3:8c:3e:48:e1:6e:29:69:fa:02:
        6d:c0:6b:18:93:cd:35:dc:e7:c7:26:f8:a3:fa:f2:1b:
        d7:3d:d5:db:67:ed:4f:9f:ff:de:ee:4a:5d:9e:d1:e9:
        6a:ec:90:c0:8d:4b:dc:0a:ff:f2:44:6d:22:01:14:ad:
        b6:4b:27:6f:97:0e:d6:d6:c2:f0:d5:41:3c:de:bb:68:
        a7:98:12:e1:96:d2:b3:5c:73:63:0a:d4:a6:fd:5e:6e:
        98:03:cd:25:a0:64:00:83:6f:8c:16:1b:73:f1:b9:23:
        e2:96:fd:4d:67:af:a1:72:10:e2:70:46:1b:cc:eb:a6:
        cc:f9:c6:63:95:ca:89:a0:8f:9f:71:30:79:1f:e0:3e:
        1c:ae:11:aa:b3:19:e8:d6:0f:57:0f:39:e0:f9:5c:c0:
        d6:ce:ac:6c:cb:14:88:56:f5:43:5a:33:04:60:34:5e:
        23:39:59:13:8d:2c:29:93:2a:33:8d:80:6a:6f:bc:54:
        82:4f:b4:6a:c7:4d:01:d4:8d:65:be:7d:0d:2f:a0:9d:
        a0:11:7a:a1:0e:21:af:1f:65:6c:39:3a:86:a9:eb:24
    Fingerprint (SHA-256):
        99:3B:9F:09:72:79:5F:5A:47:0E:EC:32:58:EE:4E:C1:13:9F:24:9E:EB:3C:47:DD:2B:E3:E8:E3:FA:BC:17:AD
    Fingerprint (SHA1):
        B5:16:71:B8:3D:B2:02:7D:CB:40:5E:90:07:B0:82:5F:A0:A8:6D:7B
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2927: create cert with valid SAN parameter (15) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17
writing output to /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der
cert.sh: #2928: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der (16) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #2929: create cert with valid SAN parameter (17) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #2930: expect failure to list cert, because we deleted it (18) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success
cert.sh: #2931: create cert with invalid generic ext parameter (19) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success
cert.sh: #2932: create cert with invalid generic ext parameter (20) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der: error 0: Success
cert.sh: #2933: create cert with invalid generic ext parameter (21) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions/sanext.der
Generating key.  This may take a few moments...
cert.sh: #2934: create cert with valid generic ext parameter (22) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:42:58
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 17:36:15 2016
            Not After : Wed Sep 28 17:36:15 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:9f:4c:94:b1:b4:67:31:f4:ff:dc:32:c8:95:0f:a7:
                    0d:ad:07:3a:42:c3:59:4d:43:ec:87:84:b7:7a:f6:e3:
                    e4:f3:f7:c8:ae:b3:a0:3f:25:da:1a:1c:5c:fa:ef:8b:
                    54:13:83:21:33:0f:d9:fb:5d:88:6f:0d:1d:6e:85:76:
                    dc:b6:7f:ec:59:17:a1:15:46:f5:89:b0:25:18:90:ee:
                    09:32:3f:f8:7d:df:a0:5e:d9:58:d1:9e:fd:74:c7:51:
                    a2:df:1a:55:15:59:72:80:44:5c:62:01:e5:f6:64:23:
                    e4:c0:dd:15:f7:86:98:c6:fb:11:6d:55:0a:bd:7d:b2:
                    36:e2:ab:fd:7e:80:f6:c3:2d:4e:f7:6d:84:e7:84:21:
                    a2:78:81:eb:28:55:3d:08:60:ea:bc:5c:f8:2e:2b:4d:
                    ad:1c:ab:bd:84:94:e1:63:30:3f:39:18:f9:87:6a:c8:
                    3a:71:1f:ce:5c:0c:83:dc:3d:af:52:8b:11:77:75:9a:
                    e0:5c:a0:b8:e2:26:45:ed:ea:11:c4:a2:d9:91:fd:d0:
                    c6:b5:d6:7a:1e:66:f6:5f:c9:63:ca:e9:04:44:2f:7d:
                    b5:32:cb:2c:a7:b7:4f:3e:82:b2:95:c4:5b:33:5a:12:
                    51:50:e8:a4:18:fa:a4:a2:99:aa:ab:1f:b2:bc:fb:65
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        85:72:b8:4f:04:5f:0f:80:f6:33:a1:6c:67:d5:a8:f2:
        66:46:df:6c:89:12:23:55:e3:08:99:fb:56:db:f3:61:
        d2:b0:55:8a:6a:0d:b5:00:c8:63:73:7c:12:a4:89:a0:
        a8:f7:0a:c8:56:b3:15:3b:f9:36:2a:cd:b4:ed:c1:46:
        ce:a2:d7:f8:26:23:21:eb:a9:be:2e:cc:d2:2e:d4:1b:
        f9:7a:32:12:22:3d:2b:b8:eb:35:23:b6:5d:17:91:a0:
        5e:41:19:37:a3:00:de:34:51:57:51:2c:74:f6:65:73:
        09:d1:1d:6c:43:18:9d:0a:66:1d:58:bc:58:56:cc:fb:
        ac:81:a7:a0:f2:cf:98:4f:2c:71:e2:8c:bf:6a:aa:09:
        ab:75:98:6d:8b:ff:38:e7:ac:a2:d9:52:88:25:7a:60:
        10:3e:89:47:09:48:e6:77:3b:36:70:ab:ab:28:4d:6b:
        a5:0f:40:e4:98:b3:1d:40:b9:a8:c0:38:b4:7f:9f:fb:
        aa:9e:53:f5:15:4b:3a:da:81:c9:9b:d1:db:29:14:6f:
        93:18:4f:3f:fd:34:99:64:7f:b7:db:bd:8f:51:1b:9a:
        17:1a:e3:cd:01:a3:60:b8:d0:a3:b1:c1:6d:3c:93:f3:
        61:f6:97:98:6c:51:df:d8:51:00:21:db:23:f3:9b:2c
    Fingerprint (SHA-256):
        2F:08:BF:1E:E4:31:FA:D1:9E:32:F9:26:25:23:63:57:94:FF:DD:21:C7:98:2A:81:56:FC:1C:58:0F:18:62:53
    Fingerprint (SHA1):
        EF:DF:10:9C:A5:24:49:B7:50:42:DE:8C:67:DD:17:40:77:8C:58:DE
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #2935: create cert with valid generic ext parameter (23) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #2936: create cert with valid generic ext parameter (24) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #2937: expect failure to list cert, because we deleted it (25) - PASSED
cert.sh: Create A Password Test Cert  ==============
cert.sh: Create A Password Test Ca  --------
cert.sh: Creating a CA Certificate PasswordCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass
cert.sh: Creating CA Cert DB --------------------------
certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw
cert.sh: #2938: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2939: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert PasswordCA  --------------------------
certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #2940: Creating CA Cert PasswordCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -o root.cert
cert.sh: #2941: Exporting Root Cert - PASSED
cert.sh: Changing password on Password Test Cert's Cert DB --------------------------
certutil -W -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -f ../tests.pw -@ ../tests.fipspw
Password changed successfully.
cert.sh: #2942: Changing password on Password Test Cert's Cert DB - PASSED
cert.sh: Generate Certificate for Password Test Cert with new password --------------------------
certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2943: Generate Certificate for Password Test Cert with new password - PASSED
cert.sh SUCCESS: PASSWORD passed
cert.sh: Verify Certificate for Password Test Cert with new password --------------------------
certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/dbpass -f ../tests.fipspw
certutil: certificate is valid
cert.sh: #2944: Verify Certificate for Password Test Cert with new password - PASSED
cert.sh: Creating Distrusted Certificate
cert.sh: Initializing Distrusted's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
cert.sh: #2945: Initializing Distrusted's Cert DB - PASSED
cert.sh: Loading root cert module to Distrusted's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #2946: Loading root cert module to Distrusted's Cert DB - PASSED
cert.sh: Import Root CA for Distrusted --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA.ca.cert
cert.sh: #2947: Import Root CA for Distrusted - PASSED
cert.sh: Import DSA Root CA for Distrusted --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA-dsa.ca.cert
cert.sh: #2948: Import DSA Root CA for Distrusted - PASSED
cert.sh: Import EC Root CA for Distrusted --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -i ../CA/TestCA-ec.ca.cert
cert.sh: #2949: Import EC Root CA for Distrusted - PASSED
cert.sh: Generate Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2950: Generate Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's Request --------------------------
certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw 
cert.sh: #2951: Sign Distrusted's Request - PASSED
cert.sh: Import Distrusted's Cert --------------------------
certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2952: Import Distrusted's Cert - PASSED
cert.sh SUCCESS: Distrusted's Cert Created
cert.sh: Generate DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2953: Generate DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 2000 -v 60 -d ../CA -i req -o Distrusted-dsa.cert -f ../tests.pw 
cert.sh: #2954: Sign Distrusted's DSA Request - PASSED
cert.sh: Import Distrusted's DSA Cert --------------------------
certutil -A -n Distrusted-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2955: Import Distrusted's DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2956: Generate mixed DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 22000 -v 60 -d ../CA -i req -o Distrusted-dsamixed.cert -f ../tests.pw 
cert.sh: #2957: Sign Distrusted's DSA Request with RSA - PASSED
cert.sh: Import Distrusted's mixed DSA Cert --------------------------
certutil -A -n Distrusted-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2958: Import Distrusted's mixed DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2959: Generate EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request --------------------------
certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw 
cert.sh: #2960: Sign Distrusted's EC Request - PASSED
cert.sh: Import Distrusted's EC Cert --------------------------
certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2961: Import Distrusted's EC Cert - PASSED
cert.sh SUCCESS: Distrusted's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2962: Generate mixed EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request with RSA --------------------------
certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw 
cert.sh: #2963: Sign Distrusted's EC Request with RSA - PASSED
cert.sh: Import Distrusted's mixed EC Cert --------------------------
certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i Distrusted-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2964: Import Distrusted's mixed EC Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed EC Cert Created
cert.sh: Mark CERT as unstrusted --------------------------
certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
cert.sh: #2965: Mark CERT as unstrusted - PASSED
cert.sh: Creating Distrusted Intermediate
cert.sh: Creating a CA Certificate DistrustedCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA
cert.sh: Creating CA Cert DistrustedCA  --------------------------
certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Is this a critical extension [y/N]?
cert.sh: #2966: Creating CA Cert DistrustedCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -o root.cert
cert.sh: #2967: Exporting Root Cert - PASSED
cert.sh: Import Distrusted Intermediate --------------------------
certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -i ../CA/DistrustedCA.ca.cert
cert.sh: #2968: Import Distrusted Intermediate - PASSED
cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA --------------------------
certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2969: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED
cp: './req' and '/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA/req' are the same file
cert.sh: Sign LeafChainedToDistrustedCA's Request --------------------------
certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw
cert.sh: #2970: Sign LeafChainedToDistrustedCA's Request - PASSED
cert.sh: Import LeafChainedToDistrustedCA's Cert  -t u,u,u --------------------------
certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2971: Import LeafChainedToDistrustedCA's Cert  -t u,u,u - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server --------------------------
certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2972: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client --------------------------
certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2973: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2974: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient --------------------------
certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2975: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder --------------------------
certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #2976: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #2977: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED
cert.sh: Verify Distrusted Cert for SSL Server --------------------------
certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2978: Verify Distrusted Cert for SSL Server - PASSED
cert.sh: Verify Distrusted Cert for SSL Client --------------------------
certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2979: Verify Distrusted Cert for SSL Client - PASSED
cert.sh: Verify Distrusted Cert for Email signer --------------------------
certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2980: Verify Distrusted Cert for Email signer - PASSED
cert.sh: Verify Distrusted Cert for Email recipient --------------------------
certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2981: Verify Distrusted Cert for Email recipient - PASSED
cert.sh: Verify Distrusted Cert for OCSP responder --------------------------
certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #2982: Verify Distrusted Cert for OCSP responder - PASSED
cert.sh: Verify Distrusted Cert for Object Signer --------------------------
certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #2983: Verify Distrusted Cert for Object Signer - PASSED
cert.sh: OCSP response creation selftest
cert.sh: perform selftest --------------------------
ocspresp /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/serverCA serverCA chain-1-serverCA -f ../tests.pw
cert.sh: #2984: perform selftest - PASSED
cert.sh: Creating Client CA Issued Certificates Range 40 - 52 ===
cert.sh: Generate Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2985: Generate Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw 
cert.sh: #2986: Sign TestUser40's Request - PASSED
cert.sh: Import TestUser40's Cert --------------------------
certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2987: Import TestUser40's Cert - PASSED
cert.sh SUCCESS: TestUser40's Cert Created
cert.sh: Generate DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2988: Generate DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o TestUser40-dsa.cert -f ../tests.pw 
cert.sh: #2989: Sign TestUser40's DSA Request - PASSED
cert.sh: Import TestUser40's DSA Cert --------------------------
certutil -A -n TestUser40-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2990: Import TestUser40's DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2991: Generate mixed DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o TestUser40-dsamixed.cert -f ../tests.pw 
cert.sh: #2992: Sign TestUser40's DSA Request with RSA - PASSED
cert.sh: Import TestUser40's mixed DSA Cert --------------------------
certutil -A -n TestUser40-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2993: Import TestUser40's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2994: Generate EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw 
cert.sh: #2995: Sign TestUser40's EC Request - PASSED
cert.sh: Import TestUser40's EC Cert --------------------------
certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2996: Import TestUser40's EC Cert - PASSED
cert.sh SUCCESS: TestUser40's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #2997: Generate mixed EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw 
cert.sh: #2998: Sign TestUser40's EC Request with RSA - PASSED
cert.sh: Import TestUser40's mixed EC Cert --------------------------
certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser40-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #2999: Import TestUser40's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3000: Generate Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's Request --------------------------
certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw 
cert.sh: #3001: Sign TestUser41's Request - PASSED
cert.sh: Import TestUser41's Cert --------------------------
certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3002: Import TestUser41's Cert - PASSED
cert.sh SUCCESS: TestUser41's Cert Created
cert.sh: Generate DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3003: Generate DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 41 -v 60 -d ../CA -i req -o TestUser41-dsa.cert -f ../tests.pw 
cert.sh: #3004: Sign TestUser41's DSA Request - PASSED
cert.sh: Import TestUser41's DSA Cert --------------------------
certutil -A -n TestUser41-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3005: Import TestUser41's DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3006: Generate mixed DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20041 -v 60 -d ../CA -i req -o TestUser41-dsamixed.cert -f ../tests.pw 
cert.sh: #3007: Sign TestUser41's DSA Request with RSA - PASSED
cert.sh: Import TestUser41's mixed DSA Cert --------------------------
certutil -A -n TestUser41-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3008: Import TestUser41's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3009: Generate EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request --------------------------
certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw 
cert.sh: #3010: Sign TestUser41's EC Request - PASSED
cert.sh: Import TestUser41's EC Cert --------------------------
certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3011: Import TestUser41's EC Cert - PASSED
cert.sh SUCCESS: TestUser41's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3012: Generate mixed EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw 
cert.sh: #3013: Sign TestUser41's EC Request with RSA - PASSED
cert.sh: Import TestUser41's mixed EC Cert --------------------------
certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser41-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3014: Import TestUser41's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3015: Generate Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's Request --------------------------
certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw 
cert.sh: #3016: Sign TestUser42's Request - PASSED
cert.sh: Import TestUser42's Cert --------------------------
certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3017: Import TestUser42's Cert - PASSED
cert.sh SUCCESS: TestUser42's Cert Created
cert.sh: Generate DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3018: Generate DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 42 -v 60 -d ../CA -i req -o TestUser42-dsa.cert -f ../tests.pw 
cert.sh: #3019: Sign TestUser42's DSA Request - PASSED
cert.sh: Import TestUser42's DSA Cert --------------------------
certutil -A -n TestUser42-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3020: Import TestUser42's DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3021: Generate mixed DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20042 -v 60 -d ../CA -i req -o TestUser42-dsamixed.cert -f ../tests.pw 
cert.sh: #3022: Sign TestUser42's DSA Request with RSA - PASSED
cert.sh: Import TestUser42's mixed DSA Cert --------------------------
certutil -A -n TestUser42-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3023: Import TestUser42's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3024: Generate EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request --------------------------
certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw 
cert.sh: #3025: Sign TestUser42's EC Request - PASSED
cert.sh: Import TestUser42's EC Cert --------------------------
certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3026: Import TestUser42's EC Cert - PASSED
cert.sh SUCCESS: TestUser42's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3027: Generate mixed EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw 
cert.sh: #3028: Sign TestUser42's EC Request with RSA - PASSED
cert.sh: Import TestUser42's mixed EC Cert --------------------------
certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser42-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3029: Import TestUser42's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3030: Generate Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's Request --------------------------
certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw 
cert.sh: #3031: Sign TestUser43's Request - PASSED
cert.sh: Import TestUser43's Cert --------------------------
certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3032: Import TestUser43's Cert - PASSED
cert.sh SUCCESS: TestUser43's Cert Created
cert.sh: Generate DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3033: Generate DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 43 -v 60 -d ../CA -i req -o TestUser43-dsa.cert -f ../tests.pw 
cert.sh: #3034: Sign TestUser43's DSA Request - PASSED
cert.sh: Import TestUser43's DSA Cert --------------------------
certutil -A -n TestUser43-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3035: Import TestUser43's DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3036: Generate mixed DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20043 -v 60 -d ../CA -i req -o TestUser43-dsamixed.cert -f ../tests.pw 
cert.sh: #3037: Sign TestUser43's DSA Request with RSA - PASSED
cert.sh: Import TestUser43's mixed DSA Cert --------------------------
certutil -A -n TestUser43-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3038: Import TestUser43's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3039: Generate EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request --------------------------
certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw 
cert.sh: #3040: Sign TestUser43's EC Request - PASSED
cert.sh: Import TestUser43's EC Cert --------------------------
certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3041: Import TestUser43's EC Cert - PASSED
cert.sh SUCCESS: TestUser43's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3042: Generate mixed EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw 
cert.sh: #3043: Sign TestUser43's EC Request with RSA - PASSED
cert.sh: Import TestUser43's mixed EC Cert --------------------------
certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser43-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3044: Import TestUser43's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3045: Generate Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's Request --------------------------
certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw 
cert.sh: #3046: Sign TestUser44's Request - PASSED
cert.sh: Import TestUser44's Cert --------------------------
certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3047: Import TestUser44's Cert - PASSED
cert.sh SUCCESS: TestUser44's Cert Created
cert.sh: Generate DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3048: Generate DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 44 -v 60 -d ../CA -i req -o TestUser44-dsa.cert -f ../tests.pw 
cert.sh: #3049: Sign TestUser44's DSA Request - PASSED
cert.sh: Import TestUser44's DSA Cert --------------------------
certutil -A -n TestUser44-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3050: Import TestUser44's DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3051: Generate mixed DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20044 -v 60 -d ../CA -i req -o TestUser44-dsamixed.cert -f ../tests.pw 
cert.sh: #3052: Sign TestUser44's DSA Request with RSA - PASSED
cert.sh: Import TestUser44's mixed DSA Cert --------------------------
certutil -A -n TestUser44-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3053: Import TestUser44's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3054: Generate EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request --------------------------
certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw 
cert.sh: #3055: Sign TestUser44's EC Request - PASSED
cert.sh: Import TestUser44's EC Cert --------------------------
certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3056: Import TestUser44's EC Cert - PASSED
cert.sh SUCCESS: TestUser44's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3057: Generate mixed EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw 
cert.sh: #3058: Sign TestUser44's EC Request with RSA - PASSED
cert.sh: Import TestUser44's mixed EC Cert --------------------------
certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser44-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3059: Import TestUser44's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3060: Generate Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's Request --------------------------
certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw 
cert.sh: #3061: Sign TestUser45's Request - PASSED
cert.sh: Import TestUser45's Cert --------------------------
certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3062: Import TestUser45's Cert - PASSED
cert.sh SUCCESS: TestUser45's Cert Created
cert.sh: Generate DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3063: Generate DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 45 -v 60 -d ../CA -i req -o TestUser45-dsa.cert -f ../tests.pw 
cert.sh: #3064: Sign TestUser45's DSA Request - PASSED
cert.sh: Import TestUser45's DSA Cert --------------------------
certutil -A -n TestUser45-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3065: Import TestUser45's DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3066: Generate mixed DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20045 -v 60 -d ../CA -i req -o TestUser45-dsamixed.cert -f ../tests.pw 
cert.sh: #3067: Sign TestUser45's DSA Request with RSA - PASSED
cert.sh: Import TestUser45's mixed DSA Cert --------------------------
certutil -A -n TestUser45-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3068: Import TestUser45's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3069: Generate EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request --------------------------
certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw 
cert.sh: #3070: Sign TestUser45's EC Request - PASSED
cert.sh: Import TestUser45's EC Cert --------------------------
certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3071: Import TestUser45's EC Cert - PASSED
cert.sh SUCCESS: TestUser45's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3072: Generate mixed EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw 
cert.sh: #3073: Sign TestUser45's EC Request with RSA - PASSED
cert.sh: Import TestUser45's mixed EC Cert --------------------------
certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser45-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3074: Import TestUser45's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3075: Generate Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's Request --------------------------
certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw 
cert.sh: #3076: Sign TestUser46's Request - PASSED
cert.sh: Import TestUser46's Cert --------------------------
certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3077: Import TestUser46's Cert - PASSED
cert.sh SUCCESS: TestUser46's Cert Created
cert.sh: Generate DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3078: Generate DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 46 -v 60 -d ../CA -i req -o TestUser46-dsa.cert -f ../tests.pw 
cert.sh: #3079: Sign TestUser46's DSA Request - PASSED
cert.sh: Import TestUser46's DSA Cert --------------------------
certutil -A -n TestUser46-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3080: Import TestUser46's DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3081: Generate mixed DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20046 -v 60 -d ../CA -i req -o TestUser46-dsamixed.cert -f ../tests.pw 
cert.sh: #3082: Sign TestUser46's DSA Request with RSA - PASSED
cert.sh: Import TestUser46's mixed DSA Cert --------------------------
certutil -A -n TestUser46-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3083: Import TestUser46's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3084: Generate EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request --------------------------
certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw 
cert.sh: #3085: Sign TestUser46's EC Request - PASSED
cert.sh: Import TestUser46's EC Cert --------------------------
certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3086: Import TestUser46's EC Cert - PASSED
cert.sh SUCCESS: TestUser46's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3087: Generate mixed EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw 
cert.sh: #3088: Sign TestUser46's EC Request with RSA - PASSED
cert.sh: Import TestUser46's mixed EC Cert --------------------------
certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser46-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3089: Import TestUser46's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3090: Generate Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's Request --------------------------
certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw 
cert.sh: #3091: Sign TestUser47's Request - PASSED
cert.sh: Import TestUser47's Cert --------------------------
certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3092: Import TestUser47's Cert - PASSED
cert.sh SUCCESS: TestUser47's Cert Created
cert.sh: Generate DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3093: Generate DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 47 -v 60 -d ../CA -i req -o TestUser47-dsa.cert -f ../tests.pw 
cert.sh: #3094: Sign TestUser47's DSA Request - PASSED
cert.sh: Import TestUser47's DSA Cert --------------------------
certutil -A -n TestUser47-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3095: Import TestUser47's DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3096: Generate mixed DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20047 -v 60 -d ../CA -i req -o TestUser47-dsamixed.cert -f ../tests.pw 
cert.sh: #3097: Sign TestUser47's DSA Request with RSA - PASSED
cert.sh: Import TestUser47's mixed DSA Cert --------------------------
certutil -A -n TestUser47-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3098: Import TestUser47's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3099: Generate EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request --------------------------
certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw 
cert.sh: #3100: Sign TestUser47's EC Request - PASSED
cert.sh: Import TestUser47's EC Cert --------------------------
certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3101: Import TestUser47's EC Cert - PASSED
cert.sh SUCCESS: TestUser47's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3102: Generate mixed EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw 
cert.sh: #3103: Sign TestUser47's EC Request with RSA - PASSED
cert.sh: Import TestUser47's mixed EC Cert --------------------------
certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser47-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3104: Import TestUser47's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3105: Generate Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's Request --------------------------
certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw 
cert.sh: #3106: Sign TestUser48's Request - PASSED
cert.sh: Import TestUser48's Cert --------------------------
certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3107: Import TestUser48's Cert - PASSED
cert.sh SUCCESS: TestUser48's Cert Created
cert.sh: Generate DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3108: Generate DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 48 -v 60 -d ../CA -i req -o TestUser48-dsa.cert -f ../tests.pw 
cert.sh: #3109: Sign TestUser48's DSA Request - PASSED
cert.sh: Import TestUser48's DSA Cert --------------------------
certutil -A -n TestUser48-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3110: Import TestUser48's DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3111: Generate mixed DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20048 -v 60 -d ../CA -i req -o TestUser48-dsamixed.cert -f ../tests.pw 
cert.sh: #3112: Sign TestUser48's DSA Request with RSA - PASSED
cert.sh: Import TestUser48's mixed DSA Cert --------------------------
certutil -A -n TestUser48-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3113: Import TestUser48's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3114: Generate EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request --------------------------
certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw 
cert.sh: #3115: Sign TestUser48's EC Request - PASSED
cert.sh: Import TestUser48's EC Cert --------------------------
certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3116: Import TestUser48's EC Cert - PASSED
cert.sh SUCCESS: TestUser48's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3117: Generate mixed EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw 
cert.sh: #3118: Sign TestUser48's EC Request with RSA - PASSED
cert.sh: Import TestUser48's mixed EC Cert --------------------------
certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser48-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3119: Import TestUser48's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3120: Generate Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's Request --------------------------
certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw 
cert.sh: #3121: Sign TestUser49's Request - PASSED
cert.sh: Import TestUser49's Cert --------------------------
certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3122: Import TestUser49's Cert - PASSED
cert.sh SUCCESS: TestUser49's Cert Created
cert.sh: Generate DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3123: Generate DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 49 -v 60 -d ../CA -i req -o TestUser49-dsa.cert -f ../tests.pw 
cert.sh: #3124: Sign TestUser49's DSA Request - PASSED
cert.sh: Import TestUser49's DSA Cert --------------------------
certutil -A -n TestUser49-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3125: Import TestUser49's DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3126: Generate mixed DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20049 -v 60 -d ../CA -i req -o TestUser49-dsamixed.cert -f ../tests.pw 
cert.sh: #3127: Sign TestUser49's DSA Request with RSA - PASSED
cert.sh: Import TestUser49's mixed DSA Cert --------------------------
certutil -A -n TestUser49-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3128: Import TestUser49's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3129: Generate EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request --------------------------
certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw 
cert.sh: #3130: Sign TestUser49's EC Request - PASSED
cert.sh: Import TestUser49's EC Cert --------------------------
certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3131: Import TestUser49's EC Cert - PASSED
cert.sh SUCCESS: TestUser49's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3132: Generate mixed EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw 
cert.sh: #3133: Sign TestUser49's EC Request with RSA - PASSED
cert.sh: Import TestUser49's mixed EC Cert --------------------------
certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser49-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3134: Import TestUser49's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3135: Generate Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw 
cert.sh: #3136: Sign TestUser50's Request - PASSED
cert.sh: Import TestUser50's Cert --------------------------
certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3137: Import TestUser50's Cert - PASSED
cert.sh SUCCESS: TestUser50's Cert Created
cert.sh: Generate DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3138: Generate DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o TestUser50-dsa.cert -f ../tests.pw 
cert.sh: #3139: Sign TestUser50's DSA Request - PASSED
cert.sh: Import TestUser50's DSA Cert --------------------------
certutil -A -n TestUser50-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3140: Import TestUser50's DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3141: Generate mixed DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o TestUser50-dsamixed.cert -f ../tests.pw 
cert.sh: #3142: Sign TestUser50's DSA Request with RSA - PASSED
cert.sh: Import TestUser50's mixed DSA Cert --------------------------
certutil -A -n TestUser50-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3143: Import TestUser50's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3144: Generate EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw 
cert.sh: #3145: Sign TestUser50's EC Request - PASSED
cert.sh: Import TestUser50's EC Cert --------------------------
certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3146: Import TestUser50's EC Cert - PASSED
cert.sh SUCCESS: TestUser50's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3147: Generate mixed EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw 
cert.sh: #3148: Sign TestUser50's EC Request with RSA - PASSED
cert.sh: Import TestUser50's mixed EC Cert --------------------------
certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser50-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3149: Import TestUser50's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3150: Generate Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's Request --------------------------
certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw 
cert.sh: #3151: Sign TestUser51's Request - PASSED
cert.sh: Import TestUser51's Cert --------------------------
certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3152: Import TestUser51's Cert - PASSED
cert.sh SUCCESS: TestUser51's Cert Created
cert.sh: Generate DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3153: Generate DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 51 -v 60 -d ../CA -i req -o TestUser51-dsa.cert -f ../tests.pw 
cert.sh: #3154: Sign TestUser51's DSA Request - PASSED
cert.sh: Import TestUser51's DSA Cert --------------------------
certutil -A -n TestUser51-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3155: Import TestUser51's DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3156: Generate mixed DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20051 -v 60 -d ../CA -i req -o TestUser51-dsamixed.cert -f ../tests.pw 
cert.sh: #3157: Sign TestUser51's DSA Request with RSA - PASSED
cert.sh: Import TestUser51's mixed DSA Cert --------------------------
certutil -A -n TestUser51-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3158: Import TestUser51's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3159: Generate EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request --------------------------
certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw 
cert.sh: #3160: Sign TestUser51's EC Request - PASSED
cert.sh: Import TestUser51's EC Cert --------------------------
certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3161: Import TestUser51's EC Cert - PASSED
cert.sh SUCCESS: TestUser51's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3162: Generate mixed EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw 
cert.sh: #3163: Sign TestUser51's EC Request with RSA - PASSED
cert.sh: Import TestUser51's mixed EC Cert --------------------------
certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser51-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3164: Import TestUser51's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3165: Generate Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's Request --------------------------
certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw 
cert.sh: #3166: Sign TestUser52's Request - PASSED
cert.sh: Import TestUser52's Cert --------------------------
certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3167: Import TestUser52's Cert - PASSED
cert.sh SUCCESS: TestUser52's Cert Created
cert.sh: Generate DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3168: Generate DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 52 -v 60 -d ../CA -i req -o TestUser52-dsa.cert -f ../tests.pw 
cert.sh: #3169: Sign TestUser52's DSA Request - PASSED
cert.sh: Import TestUser52's DSA Cert --------------------------
certutil -A -n TestUser52-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3170: Import TestUser52's DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3171: Generate mixed DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20052 -v 60 -d ../CA -i req -o TestUser52-dsamixed.cert -f ../tests.pw 
cert.sh: #3172: Sign TestUser52's DSA Request with RSA - PASSED
cert.sh: Import TestUser52's mixed DSA Cert --------------------------
certutil -A -n TestUser52-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3173: Import TestUser52's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3174: Generate EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request --------------------------
certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw 
cert.sh: #3175: Sign TestUser52's EC Request - PASSED
cert.sh: Import TestUser52's EC Cert --------------------------
certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3176: Import TestUser52's EC Cert - PASSED
cert.sh SUCCESS: TestUser52's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #3177: Generate mixed EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw 
cert.sh: #3178: Sign TestUser52's EC Request with RSA - PASSED
cert.sh: Import TestUser52's mixed EC Cert --------------------------
certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/client -f ../tests.pw -i TestUser52-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #3179: Import TestUser52's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed EC Cert Created
cert.sh: Creating CA CRL =====================================
cert.sh: Generating CRL for range 40-42 TestCA authority --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or
cert.sh: #3180: Generating CRL for range 40-42 TestCA authority - PASSED
cert.sh: Generating CRL (DSA) for range 40-42 TestCA-dsa authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -G -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or-dsa
cert.sh: #3181: Generating CRL (DSA) for range 40-42 TestCA-dsa authority - PASSED
cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec
cert.sh: #3182: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED
cert.sh: Modifying CA CRL by adding one more cert ============
cert.sh: Modify CRL by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or
cert.sh: #3183: Modify CRL by adding one more cert - PASSED
cert.sh: Modify CRL (DSA) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or1-dsa -i ../server/root.crl_40-42_or-dsa
cert.sh: #3184: Modify CRL (DSA) by adding one more cert - PASSED
cert.sh: Modify CRL (ECC) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec
cert.sh: #3185: Modify CRL (ECC) by adding one more cert - PASSED
cert.sh: Modifying CA CRL by removing one cert ===============
cert.sh: Modify CRL by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #3186: Modify CRL by removing one cert - PASSED
cert.sh: Modify CRL (DSA) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #3187: Modify CRL (DSA) by removing one cert - PASSED
cert.sh: Modify CRL (ECC) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec
cert.sh: #3188: Modify CRL (ECC) by removing one cert - PASSED
cert.sh: Creating CA CRL for groups 1 and 2  ===============
cert.sh: Creating CRL for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42
cert.sh: #3189: Creating CRL for groups 1 and 2 - PASSED
cert.sh: Creating CRL (ECC) for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec
cert.sh: #3190: Creating CRL (ECC) for groups 1 and 2 - PASSED
cert.sh: Creating CA CRL for groups 1, 2 and 3  ===============
cert.sh: Creating CRL for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48
cert.sh: #3191: Creating CRL for groups 1, 2 and 3 - PASSED
cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec
cert.sh: #3192: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED
cert.sh: Importing Server CA Issued CRL for certs  trough 52
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -D -n TestCA -f ../tests.pw -d ../server
crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #3193: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server
cert.sh: #3194: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server
crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #3195: Importing CRL (ECC) for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server
cert.sh: #3196: Importing CRL (ECC) for groups 1 - PASSED
cert.sh SUCCESS: SSL CRL prep passed
cert.sh cert.sh: finished cert.sh
TIMESTAMP cert END: Tue Jun 28 17:39:00 UTC 2016
Running tests for tools
TIMESTAMP tools BEGIN: Tue Jun 28 17:39:00 UTC 2016
tools.sh: Tools Tests with ECC ===============================
tools.sh: Exporting Alice's email cert & key - default ciphers
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3197: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                2a:aa:dc:8d:ab:49:ec:2e:de:af:c6:66:34:c7:38:05
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3198: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3199: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's email EC cert & key---------------
pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \
         -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3200: Exporting Alice's email EC cert & key (pk12util -o)  - PASSED
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3201: Importing Alice's email EC cert & key (pk12util -i)  - PASSED
tools.sh: Listing Alice's pk12 EC file -----------------
pk12util -l Alice-ec.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice-ec
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                9c:91:fd:c4:d1:6a:9e:03:93:1c:c0:8f:84:be:7c:aa
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 17:32:42 2016
            Not After : Mon Jun 28 17:32:42 2066
        Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor
            nia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:23
            EC Public Key:
                PublicValue:
                    04:00:c2:e7:dc:b4:ec:29:9a:9b:31:97:1e:30:7e:d2:
                    d8:b4:9a:5a:f5:fd:79:e5:53:43:72:f9:e6:4f:0f:67:
                    48:eb:5c:3a:34:3b:db:96:6d:36:21:22:1b:42:a2:2b:
                    f7:6e:9f:0c:30:0c:6b:53:54:64:f7:1a:60:b4:0a:c0:
                    15:ed:c1:01:44:5b:fe:f3:0c:ef:e5:d0:3b:36:d0:91:
                    a4:46:5a:4e:50:31:e6:10:37:1f:16:8e:f4:dc:07:0f:
                    54:e1:c8:4b:37:ae:ee:c6:78:9a:4d:a5:de:85:8e:12:
                    ed:99:05:9a:e9:cb:df:3c:b0:11:5e:02:3c:a6:3e:a6:
                    0e:02:23:42:4a
                Curve: SECG elliptic curve secp521r1 (aka NIST P-521)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:86:02:41:06:86:e0:ae:15:c3:ec:d8:0b:59:a3:
        f7:b6:d2:fa:23:6a:e5:3d:e0:04:75:53:fc:ae:93:ad:
        51:80:e3:0d:d4:08:2a:d8:23:d6:a6:73:ac:3b:92:53:
        d9:81:de:be:99:d9:72:7f:c3:fc:fc:ea:89:33:45:5a:
        a3:2c:42:57:ca:a0:02:41:2e:bb:5e:f2:a5:57:d0:35:
        c1:2c:fb:be:51:d8:49:1a:8f:c2:58:1f:15:83:29:cc:
        2d:f3:06:a8:25:56:bd:12:46:d6:3e:74:6a:48:a5:88:
        b9:96:31:c3:3f:fd:80:17:3f:95:07:aa:28:1d:c5:18:
        82:e8:77:66:65:3e:78:3d:2b
    Fingerprint (SHA-256):
        CF:F1:0C:9A:88:9D:85:CC:29:24:7C:E0:E2:69:88:D9:2B:8E:53:50:C3:47:E3:1B:C0:E7:02:9F:2B:D1:32:BA
    Fingerprint (SHA1):
        81:83:39:C6:3D:58:5F:64:04:F8:A6:AB:47:FA:37:09:2C:5F:17:75
    Friendly Name: TestCA-ec
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 17:33:42 2016
            Not After : Mon Jun 28 17:33:42 2021
        Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S
            T=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:22
            EC Public Key:
                PublicValue:
                    04:ca:5a:40:91:eb:9d:44:58:f1:3d:15:70:aa:87:9b:
                    02:b2:af:34:7b:4e:16:22:25:d9:65:73:39:a4:91:79:
                    d9:7b:62:29:0e:77:1b:a9:19:24:00:c5:28:95:17:34:
                    1c:d5:ca:d2:55:b3:3e:76:1f:f5:92:5d:9b:24:bd:7b:
                    57:ac:d5:18:d7:3d:9f:bb:7a:06:eb:69:62:b7:da:ab:
                    36:f9:4a:df:9a:e5:e7:34:2e:dd:0e:7d:43:a2:48:95:
                    b4
                Curve: SECG elliptic curve secp384r1 (aka NIST P-384)
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:01:19:ac:67:32:6d:00:02:89:bd:de:
        64:bd:fa:88:51:e5:30:83:c5:05:a5:53:ef:44:4b:18:
        40:ae:42:4c:63:b6:90:34:24:77:67:80:d2:ca:f6:26:
        04:9e:d0:fe:ba:02:aa:8b:7e:05:5f:78:9d:5a:ef:5e:
        30:c3:2e:5b:0b:91:12:02:42:00:f8:4e:71:e8:79:09:
        19:88:6b:07:5a:4f:a8:b0:fc:36:2b:38:44:43:a9:0b:
        56:26:af:39:54:2d:f5:8a:2f:3b:9e:55:70:49:ca:84:
        08:2c:4e:cf:c0:ef:e6:d4:aa:db:d0:c6:2e:3c:9f:4c:
        b5:ee:a4:f9:7e:73:cd:0d:f8:4f:57
    Fingerprint (SHA-256):
        5E:31:90:3A:E8:B5:E9:01:68:2F:8D:C8:44:8A:0E:AF:5B:A6:09:35:B5:0A:28:EB:56:D0:B0:17:F2:DC:52:1D
    Fingerprint (SHA1):
        90:9A:55:F5:D5:81:58:0C:2E:69:B7:95:FF:2F:62:7A:5C:07:30:D9
    Friendly Name: Alice-ec
tools.sh: #3202: Listing Alice's pk12 EC file (pk12util -l)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3203: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                4e:76:4f:d9:70:0a:82:df:cd:3a:9d:14:28:34:c2:5d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3204: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3205: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3206: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                16:0a:21:b7:ff:cc:97:00:c9:9b:af:95:e0:38:3a:9f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3207: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3208: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3209: Exporting with [RC2-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                af:41:71:4e:50:a5:94:94:5f:77:5e:3b:9c:44:5e:62
            Iteration Count: 2000 (0x7d0)
tools.sh: #3210: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3211: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3212: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                37:cc:60:7c:61:1a:86:54:12:83:76:e5:cb:2a:96:5b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3213: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3214: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3215: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                76:12:7f:86:8b:95:bf:7e:63:70:a3:ff:b0:46:30:12
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3216: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3217: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3218: Exporting with [DES-EDE3-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                84:e8:0c:64:41:0c:db:9c:80:51:37:89:be:46:81:63
            Iteration Count: 2000 (0x7d0)
tools.sh: #3219: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3220: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3221: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        0e:e5:1a:37:4e:64:bc:17:d1:18:c0:be:d0:2c:2b:b8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:ee:4d:58:02:83:ba:87:cc:06:9d:9c:67:37:13:
                    92:4b
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3222: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3223: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3224: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        a0:60:3b:5a:63:b6:7a:9f:b9:e6:bb:e6:51:e1:92:bf
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:45:5d:e3:d5:26:f0:13:dc:6a:63:bc:0e:aa:d8:
                    7a:48
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3225: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3226: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3227: Exporting with [AES-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        77:82:f6:ae:91:39:62:46:a0:05:87:21:f8:12:c5:c8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:a9:66:0c:c4:87:a1:dd:a0:62:e5:33:8a:78:e3:
                    71:eb
tools.sh: #3228: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3229: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3230: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        7e:7c:00:95:0f:08:91:45:17:70:86:08:55:e4:f3:bb
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:66:12:d7:63:1a:48:db:94:73:bd:b4:8c:03:6e:
                    5c:a5
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3231: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3232: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3233: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        b8:fd:bf:bd:bd:ea:62:7d:60:fd:52:4d:de:81:b6:d6
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:0c:c4:2e:1a:14:e7:ed:ea:30:3c:05:22:87:4c:
                    53:4d
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3234: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3235: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3236: Exporting with [AES-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        7f:39:e9:08:9b:f9:14:05:a6:8d:5c:f6:b6:7d:ee:9f
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:2c:c6:53:d8:3e:54:6a:1e:04:ac:02:53:c9:52:
                    52:a5
tools.sh: #3237: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3238: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3239: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        a4:05:ad:3f:8e:3c:58:e2:96:d5:2f:f4:c2:13:2c:11
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:92:76:8b:c9:5d:9a:3c:e3:f4:b1:04:36:f0:5f:
                    23:ee
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3240: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3241: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3242: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        23:fe:29:f6:32:6f:b4:c7:36:49:9a:4e:07:a6:c6:f0
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:ab:ff:ef:a4:f8:68:17:56:7d:9d:24:d2:f5:cc:
                    83:18
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3243: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3244: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3245: Exporting with [AES-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        2a:3f:08:6f:b5:36:1c:a6:39:ce:35:28:ae:5a:54:1d
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:0d:13:b3:b7:6b:43:76:e7:86:12:f5:f9:0b:6f:
                    fc:39
tools.sh: #3246: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3247: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3248: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        eb:ce:7b:9b:88:ed:c7:40:db:77:6e:06:88:66:cf:1d
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:16:1a:3b:b1:0c:4e:05:7f:b0:ea:fa:f2:13:dd:
                    67:20
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3249: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3250: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3251: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        c4:56:d1:ae:f8:50:d2:05:8b:2f:b1:a3:0e:be:8b:cc
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:94:ee:2d:d2:9d:6b:39:2c:80:13:f5:22:8a:ee:
                    49:1c
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3252: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3253: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3254: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        cd:b6:7b:a5:9e:5d:82:44:8b:6c:6b:ce:55:f0:fa:16
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:2c:07:15:85:68:20:f7:9f:ea:b3:20:b5:90:1a:
                    ec:57
tools.sh: #3255: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3256: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3257: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        49:09:5c:79:7e:24:2a:ce:25:f9:b7:09:23:80:79:bb
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:25:96:18:ed:fa:e9:ab:91:de:70:73:cf:3d:ac:
                    7f:c1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3258: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3259: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3260: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        a4:47:56:3b:e1:98:57:91:65:43:24:13:c3:0e:1c:7b
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:b6:af:a8:ab:b6:a9:23:e3:06:ed:26:94:48:c3:
                    50:3f
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3261: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3262: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3263: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        a5:c1:9a:5f:80:df:12:0f:ca:f9:20:08:2e:b7:1b:21
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:bd:a1:bb:42:c4:a5:21:62:e2:61:fd:ee:df:97:
                    9a:49
tools.sh: #3264: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3265: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3266: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        83:ec:e1:c6:0e:23:04:c8:fc:dc:cc:2d:8f:94:ce:35
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:54:c1:4c:5b:11:f4:8f:03:9a:e1:a5:2a:2e:3a:
                    f1:db
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3267: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3268: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3269: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        1b:a7:87:18:ec:e8:b4:ff:80:76:90:f9:42:bd:da:68
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:5b:a4:5a:54:c0:5c:3d:05:27:3c:6c:c5:0b:38:
                    fc:19
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3270: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3271: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3272: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        86:cf:ef:c5:42:39:8e:8e:d4:e6:51:c2:7c:b6:fa:04
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:24:82:6f:26:87:6f:5c:18:bc:56:1d:1b:95:b6:
                    a0:c7
tools.sh: #3273: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3274: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3275: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                1f:e5:41:47:70:9f:98:76:77:d4:11:74:a9:70:34:fe
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3276: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3277: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3278: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                39:fa:90:f2:2a:3b:9d:d3:80:a5:2f:f6:57:06:25:f8
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3279: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3280: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3281: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                e6:c8:31:85:52:65:9c:53:2d:92:22:c0:05:ff:3d:52
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3282: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3283: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3284: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                f7:8a:0f:c4:76:ee:ed:54:9e:f2:70:ae:03:d2:e9:56
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3285: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3286: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3287: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                f2:bf:50:ea:30:5e:c8:0e:2e:15:b8:62:9d:b9:12:3c
            Iteration Count: 2000 (0x7d0)
tools.sh: #3288: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3289: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3290: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                93:a1:0a:44:73:c3:ad:2c:a9:12:c5:b7:f5:f1:68:1a
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3291: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3292: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3293: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                35:6e:d2:66:22:fc:ee:ab:8c:b2:47:1c:29:1c:3c:27
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3294: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3295: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3296: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                85:1c:49:75:d5:bf:1a:0b:04:e2:50:e7:cd:6c:2c:89
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3297: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3298: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3299: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                31:c2:2e:10:55:59:96:03:85:ed:77:de:7b:88:9a:4a
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3300: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3301: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3302: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                71:55:75:4f:b8:c3:62:b0:84:6e:ac:ae:da:ef:b1:69
            Iteration Count: 2000 (0x7d0)
tools.sh: #3303: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3304: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3305: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                09:ec:aa:05:49:d3:1a:2a:30:e8:79:b9:0f:7a:84:22
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3306: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3307: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3308: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                d5:0a:f6:72:00:e2:a0:b7:1c:f3:5a:30:bb:42:44:25
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3309: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3310: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3311: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                6b:67:42:d1:b2:70:1c:57:03:dd:10:32:62:2a:00:52
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3312: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3313: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3314: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                10:14:79:2a:b4:a8:22:b6:9d:3f:c9:a2:a3:1a:66:05
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3315: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3316: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3317: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                5a:c2:50:5a:66:4f:78:17:1d:b4:5e:fb:6e:a0:bb:ed
            Iteration Count: 2000 (0x7d0)
tools.sh: #3318: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3319: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3320: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                8d:98:3e:88:54:8b:b7:2d:bf:1f:3e:19:b9:a2:f5:6a
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3321: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3322: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3323: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                3d:39:c8:a6:5e:43:7a:d7:7a:77:74:fd:40:73:3f:62
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3324: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3325: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3326: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                09:50:f7:0f:9d:23:f1:35:17:47:ca:38:f9:82:da:69
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3327: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3328: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3329: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                32:1b:bb:d2:68:95:83:f9:f2:99:70:a1:df:7f:5d:fc
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3330: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3331: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:null]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3332: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f0:53:eb:1a:b9:2d:1c:04:1e:6a:75:68:c1:2a:02:8a
            Iteration Count: 2000 (0x7d0)
tools.sh: #3333: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3334: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3335: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                42:5b:dc:33:e9:53:d1:68:32:3d:45:63:75:83:76:6d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3336: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3337: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3338: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                4f:0d:3f:ab:dc:3e:31:5f:96:30:08:c0:93:49:19:86
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3339: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3340: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3341: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                27:de:c9:c0:af:dd:fa:9c:cb:b4:e6:4c:cb:7a:85:08
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3342: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3343: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3344: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                ed:05:7e:82:9a:3c:7e:90:23:9d:19:65:dd:88:b4:00
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3345: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3346: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3347: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                9a:f0:8a:3c:92:bb:fb:6f:3f:37:7c:5b:91:fc:90:5d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3348: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3349: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3350: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                03:00:b7:63:9b:33:50:48:5b:44:56:02:45:7b:f9:7f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3351: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3352: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3353: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                e6:9a:02:35:f2:8f:d5:76:73:e5:64:16:58:4a:61:ad
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3354: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3355: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3356: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                05:59:e3:ff:68:39:18:dc:5a:ca:de:ce:89:5b:e3:48
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3357: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3358: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3359: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                eb:11:28:fe:95:ae:a3:43:18:a9:32:4f:55:d3:72:69
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3360: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3361: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3362: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                6a:bd:d9:14:4a:7c:9c:e5:4c:04:2f:76:82:98:1f:0b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:32:14 2016
            Not After : Mon Jun 28 17:32:14 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    aa:28:f0:36:f0:6e:02:91:32:1b:43:9b:76:de:4d:a6:
                    b4:7a:13:85:0f:10:b3:da:38:7d:f4:63:56:99:63:43:
                    d2:40:23:c8:59:6a:1f:c9:9c:56:04:dc:23:e5:5d:cf:
                    33:d2:f5:e2:fa:bf:3a:d2:b3:21:ce:be:b5:16:84:db:
                    85:50:10:65:7d:30:b0:5e:ea:46:ea:80:44:04:6c:95:
                    fc:35:31:31:a9:d7:7b:a9:3d:a6:c7:ca:09:1a:9d:d7:
                    4a:9e:14:66:62:3f:b2:1e:b9:a5:7f:4d:4b:fa:ad:40:
                    7e:2e:fe:54:67:20:86:a7:74:c1:c5:44:7b:a7:52:b2:
                    64:af:f3:03:41:55:db:b8:a1:20:17:a3:b3:9e:0f:8c:
                    8e:b1:9a:37:84:26:a0:27:04:94:83:b3:49:7b:e7:54:
                    bc:69:06:38:59:78:ea:6e:dc:db:5c:ae:55:ef:e8:85:
                    47:15:74:88:bb:2f:e1:26:04:cb:bf:92:04:36:57:29:
                    2a:d5:c1:94:d5:72:0d:2b:80:16:c5:d8:d0:d8:42:59:
                    83:55:85:78:cf:c0:89:4a:a4:08:11:dc:2a:cb:2d:46:
                    bc:20:37:37:80:eb:1d:f8:ea:dc:20:86:87:79:5c:fb:
                    61:89:5f:a1:cc:93:d4:59:39:9e:55:5d:3d:fe:2b:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:c6:c3:fd:44:b1:08:c4:97:5b:53:2d:a0:6b:aa:be:
        b1:e9:53:90:f3:65:37:0d:86:b6:1e:e4:50:ed:ff:08:
        67:dd:48:c7:3d:16:80:99:63:b8:51:ac:33:e3:54:55:
        a6:1e:ee:98:61:1b:03:5a:e1:92:a8:c5:48:36:39:2c:
        c8:ff:86:38:01:f1:92:a1:a9:89:29:2b:08:11:e0:19:
        12:f4:e1:fe:53:e5:68:01:a7:e4:ea:e5:60:9e:f1:6f:
        09:29:46:8e:0d:9a:88:5f:59:b4:41:23:cc:39:96:72:
        04:80:6d:93:ce:a3:6b:33:0f:1e:28:d2:81:8b:be:bd:
        08:6f:c9:78:aa:29:82:64:53:a8:78:49:07:25:e2:9e:
        34:f2:f9:a2:ea:81:40:5b:7e:1f:6d:bf:2b:0e:f8:b0:
        6b:80:79:bb:53:01:ac:83:e6:95:d3:55:c5:8b:88:6a:
        dc:9e:f2:ca:1b:dd:60:d9:ec:95:4b:3b:d4:66:2c:97:
        fd:05:c0:7f:bc:6c:90:a6:a7:ef:04:dd:28:3b:20:b4:
        78:c7:60:af:9c:e0:3b:9f:58:07:12:84:c9:aa:ce:77:
        b4:7b:a5:f6:f2:8e:c6:ee:4b:6e:78:94:36:56:a4:ab:
        55:85:6f:a2:a8:c4:c1:11:5d:c9:28:c1:e5:01:df:b6
    Fingerprint (SHA-256):
        0D:68:04:FE:BE:D9:3B:7D:CB:2E:4F:50:A6:28:D7:5E:E3:59:4B:33:29:FF:A8:F0:79:94:17:79:A7:0E:B5:E9
    Fingerprint (SHA1):
        7D:A2:C3:43:E8:22:F8:08:60:CE:03:E9:C4:07:EC:0F:E5:20:3E:D7
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 17:33:41 2016
            Not After : Mon Jun 28 17:33:41 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:e4:25:a9:8f:52:64:d0:22:d3:4f:fe:73:a4:db:41:
                    4c:61:65:82:da:57:3f:c8:36:c5:fe:e7:25:d4:5c:2e:
                    d8:9a:f8:a7:f0:11:5a:f3:6f:a6:04:4e:84:52:82:2f:
                    da:d5:29:c7:08:8c:20:d9:3f:64:6e:f8:e8:fb:a6:eb:
                    80:7f:54:54:74:a2:57:db:52:6c:c0:8c:c6:9a:4f:30:
                    97:b6:0b:ed:e6:1a:77:7c:8a:99:61:b1:b9:87:3e:ce:
                    fa:35:a3:13:7c:98:98:a1:24:d9:d2:56:15:02:43:e3:
                    1d:b6:25:e1:b8:a9:00:af:44:e9:23:dc:7c:93:33:71:
                    ee:16:8f:ac:1e:36:6f:3d:15:db:7f:ed:92:e4:e1:17:
                    25:55:fc:1d:04:cd:2b:3d:c6:0a:ef:ab:f7:47:04:0a:
                    84:a0:e8:42:30:5f:80:f0:bd:94:1c:13:3e:2e:1d:61:
                    e0:9e:c6:f5:61:e6:ff:ff:4d:b6:24:69:53:77:dc:bd:
                    e9:de:df:00:6b:1f:75:d2:35:68:c3:9f:25:98:79:e7:
                    ec:19:d2:1f:02:10:b5:c7:33:f3:1e:09:34:3d:38:e3:
                    02:72:44:7f:69:19:a7:eb:29:65:dc:17:db:48:39:65:
                    1b:78:cf:89:ed:9b:aa:15:ff:d4:13:67:70:83:48:27
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:b0:bf:70:e0:cc:aa:7a:16:55:96:a8:d7:c6:e4:42:
        19:2c:5f:ad:63:47:48:49:fd:be:e8:de:e4:73:fb:58:
        c5:15:5c:0c:70:b0:52:63:d3:45:2a:9c:f4:c7:93:f7:
        93:c5:bf:59:33:e9:0a:85:45:9c:73:8d:b9:a0:e2:be:
        25:4a:89:7a:e7:61:e2:0d:f9:f6:58:ac:21:dd:56:ab:
        e3:fa:17:a6:1a:d8:6b:03:ac:c7:b4:6e:3a:f1:95:d2:
        f8:58:af:c9:aa:19:65:b2:8b:27:95:5e:d8:a9:0f:8b:
        49:f1:0e:9b:a0:bc:6b:8e:43:d2:30:f7:e9:58:9d:ae:
        72:29:0b:99:01:54:a8:6a:b2:37:fa:b3:f1:3e:31:84:
        7d:eb:4b:3f:e7:47:aa:8b:51:1a:62:a7:1b:9d:4c:b7:
        65:d6:0e:07:64:66:c9:5b:36:63:85:8e:84:cb:7b:bc:
        78:d2:b1:93:ac:16:2c:18:46:ed:6e:5d:16:09:80:10:
        ae:42:07:8e:17:e0:6c:82:f8:c6:df:36:71:34:3c:ef:
        0f:a7:47:c7:0a:da:ff:25:3a:73:a0:bf:66:ac:b5:eb:
        a4:d9:13:23:12:1e:b0:10:d2:d0:6a:f1:15:4f:6c:a7:
        43:f2:e1:99:59:ec:8d:c5:89:55:82:24:f6:89:94:42
    Fingerprint (SHA-256):
        98:EA:B8:8C:47:41:B4:FF:F9:99:1F:78:EB:03:A5:26:A8:39:01:73:A4:44:C3:AB:CD:45:0F:38:AF:5C:38:F7
    Fingerprint (SHA1):
        81:E6:4C:38:B9:DF:D9:16:B2:1B:57:6C:5C:8D:CA:79:BF:F2:5B:14
    Friendly Name: Alice
tools.sh: #3363: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #3364: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c null
pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm.
tools.sh: #3365: Exporting with [null:default] (pk12util -o)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #3366: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Create objsign cert -------------------------------
signtool -G "objectsigner" -d ../tools/signdir -p "nss"
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit the browser before continuing this operation. Enter 
"y" to continue, or anything else to abort: 
Enter certificate information.  All fields are optional. Acceptable
characters are numbers, letters, spaces, and apostrophes.
certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair
certificate request generated
certificate has been signed
certificate "objsigner" added to database
Exported certificate to x509.raw and x509.cacert.
tools.sh: #3367: Create objsign cert (signtool -G)  - PASSED
tools.sh: Signing a jar of files ----------------------------
signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
adding ../tools/html/signjs.html to nojs.jar...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.jar...(deflated 26%)
Generating zigbert.sf file..
adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 37%)
adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%)
tree "../tools/html" signed successfully
tools.sh: #3368: Signing a jar of files (signtool -Z)  - PASSED
tools.sh: Listing signed files in jar ----------------------
signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner
archive "nojs.jar" has passed crypto verification.
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
found a RSA signature file: META-INF/zigbert.rsa
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #3369: Listing signed files in jar (signtool -v)  - PASSED
tools.sh: Show who signed jar ------------------------------
signtool -w nojs.jar -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #3370: Show who signed jar (signtool -w)  - PASSED
tools.sh: Signing a xpi of files ----------------------------
signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
--> sign.html
Generating zigbert.sf file..
Creating XPI Compatible Archive 
adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 32%)
--> signjs.html
adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.xpi...(deflated 26%)
adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 37%)
tree "../tools/html" signed successfully
tools.sh: #3371: Signing a xpi of files (signtool -Z -X)  - PASSED
tools.sh: Listing signed files in xpi ----------------------
signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner
archive "nojs.xpi" has passed crypto verification.
found a RSA signature file: META-INF/zigbert.rsa
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #3372: Listing signed files in xpi (signtool -v)  - PASSED
tools.sh: Show who signed xpi ------------------------------
signtool -w nojs.xpi -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #3373: Show who signed xpi (signtool -w)  - PASSED
TIMESTAMP tools END: Tue Jun 28 17:39:14 UTC 2016
Running tests for fips
TIMESTAMP fips BEGIN: Tue Jun 28 17:39:14 UTC 2016
fips.sh: FIPS 140 Compliance Tests ===============================
fips.sh: Verify this module is in FIPS mode  -----------------
modutil -dbdir ../fips -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal FIPS PKCS #11 Module
	 slots: 1 slot attached
	status: loaded
	 slot: NSS FIPS 140-2 User Private Key Services
	token: NSS FIPS 140-2 Certificate DB
  2. RootCerts
	library name: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so
	 slots: 1 slot attached
	status: loaded
	 slot: NSS Builtin Objects
	token: Builtin Object Token
-----------------------------------------------------------
FIPS mode enabled.
fips.sh: #3374: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #3375: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys -------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      30231f2c1ed61f9b472bd6d1f69619011d3f43b7   NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate
fips.sh: #3376: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Attempt to list FIPS module keys with incorrect password
certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests.fipsbadpw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
fips.sh: #3377: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED
certutil -K returned 255
fips.sh: Validate the certificate --------------------------
certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw
certutil: certificate is valid
fips.sh: #3378: Validate the certificate (certutil -V -e) . - PASSED
fips.sh: Export the certificate and key as a PKCS#12 file --
pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 EXPORT SUCCESSFUL
fips.sh: #3379: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED
fips.sh: Export the certificate as a DER-encoded file ------
certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt
fips.sh: #3380: Export the certificate as a DER (certutil -L -r) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #3381: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Delete the certificate and key from the FIPS module
certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw
fips.sh: #3382: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #3383: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys.
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
certutil: no keys found
fips.sh: #3384: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #3385: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #3386: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      30231f2c1ed61f9b472bd6d1f69619011d3f43b7   FIPS_PUB_140_Test_Certificate
fips.sh: #3387: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Delete the certificate from the FIPS module
certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate
fips.sh: #3388: Delete the certificate from the FIPS module (certutil -D) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #3389: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #3390: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #3391: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      30231f2c1ed61f9b472bd6d1f69619011d3f43b7   FIPS_PUB_140_Test_Certificate
fips.sh: #3392: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Run PK11MODE in FIPSMODE  -----------------
pk11mode -d ../fips -p fips- -f ../tests.fipspw
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
**** Total number of TESTS ran in FIPS MODE is 106. ****
**** ALL TESTS PASSED ****
fips.sh: #3393: Run PK11MODE in FIPS mode (pk11mode) . - PASSED
fips.sh: Run PK11MODE in Non FIPSMODE  -----------------
pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
**** Total number of TESTS ran in NON FIPS MODE is 104. ****
**** ALL TESTS PASSED ****
fips.sh: #3394: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED
mkdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest1.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
fips.sh: Detect mangled softoken--------------------------
mangling /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so
mangle -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle/libsoftokn3.so -o -8 -b 5
cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle
Changing byte 0x00033e94 (212628): from 01 (1) to 21 (33)
LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/fips/mangle dbtest -r -d ../fips
fips.sh: #3395: Init NSS with a corrupted library (dbtest -r) . - PASSED
fips.sh done
TIMESTAMP fips END: Tue Jun 28 17:39:55 UTC 2016
Running tests for ssl
TIMESTAMP ssl BEGIN: Tue Jun 28 17:39:55 UTC 2016
./ssl.sh: line 306: syntax error near unexpected token `('
./ssl.sh: line 306: `            echo "exp/ssl2/ssl3 test should fail: (NSS_NO_SSL2,EXP,SSL2,SSL3)=(${NSS_NO_SSL2},${EXP},${SSL2},${SSL3})"'
TIMESTAMP ssl END: Tue Jun 28 17:39:55 UTC 2016
Running tests for ocsp
TIMESTAMP ocsp BEGIN: Tue Jun 28 17:39:55 UTC 2016
ocsp.sh: OCSP tests ===============================
TIMESTAMP ocsp END: Tue Jun 28 17:39:55 UTC 2016
Running tests for pkits
TIMESTAMP pkits BEGIN: Tue Jun 28 17:39:55 UTC 2016
pkits.sh: PKITS data directory not defined, skipping.
TIMESTAMP pkits END: Tue Jun 28 17:39:55 UTC 2016
Running tests for chains
TIMESTAMP chains BEGIN: Tue Jun 28 17:39:55 UTC 2016
chains.sh: Certificate Chains Tests ===============================
chains.sh: Creating DB OCSPRootDB
certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd
chains.sh: #3396: OCSPD: Creating DB OCSPRootDB  - PASSED
chains.sh: Creating Root CA OCSPRoot
certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot  -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173956 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3397: OCSPD: Creating Root CA OCSPRoot  - PASSED
chains.sh: Exporting Root CA OCSPRoot.der
certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der
chains.sh: #3398: OCSPD: Exporting Root CA OCSPRoot.der  - PASSED
chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #3399: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database  - PASSED
chains.sh: Creating DB OCSPCA1DB
certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd
chains.sh: #3400: OCSPD: Creating DB OCSPCA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der
certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US"  -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3401: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der  - PASSED
chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3402: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database
certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3403: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database  - PASSED
chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #3404: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database  - PASSED
chains.sh: Creating DB OCSPCA2DB
certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd
chains.sh: #3405: OCSPD: Creating DB OCSPCA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der
certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US"  -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3406: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der  - PASSED
chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3407: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database
certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3408: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database  - PASSED
chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #3409: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database  - PASSED
chains.sh: Creating DB OCSPCA3DB
certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd
chains.sh: #3410: OCSPD: Creating DB OCSPCA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der
certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US"  -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPCA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3411: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der  - PASSED
chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3412: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database
certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3413: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database  - PASSED
chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #3414: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database  - PASSED
chains.sh: Creating DB OCSPEE11DB
certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd
chains.sh: #3415: OCSPD: Creating DB OCSPEE11DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE11Req.der
certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US"  -R  -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3416: OCSPD: Creating EE certifiate request OCSPEE11Req.der  - PASSED
chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3417: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database
certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3418: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database  - PASSED
chains.sh: Creating DB OCSPEE12DB
certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd
chains.sh: #3419: OCSPD: Creating DB OCSPEE12DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE12Req.der
certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US"  -R  -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3420: OCSPD: Creating EE certifiate request OCSPEE12Req.der  - PASSED
chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3421: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database
certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3422: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database  - PASSED
chains.sh: Creating DB OCSPEE13DB
certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd
chains.sh: #3423: OCSPD: Creating DB OCSPEE13DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE13Req.der
certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US"  -R  -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3424: OCSPD: Creating EE certifiate request OCSPEE13Req.der  - PASSED
chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3425: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database
certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3426: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database  - PASSED
chains.sh: Creating DB OCSPEE14DB
certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd
chains.sh: #3427: OCSPD: Creating DB OCSPEE14DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE14Req.der
certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US"  -R  -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE14Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3428: OCSPD: Creating EE certifiate request OCSPEE14Req.der  - PASSED
chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3429: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database
certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3430: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database  - PASSED
chains.sh: Creating DB OCSPEE15DB
certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd
chains.sh: #3431: OCSPD: Creating DB OCSPEE15DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE15Req.der
certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US"  -R  -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE15Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3432: OCSPD: Creating EE certifiate request OCSPEE15Req.der  - PASSED
chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3433: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database
certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3434: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database  - PASSED
chains.sh: Creating DB OCSPEE21DB
certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd
chains.sh: #3435: OCSPD: Creating DB OCSPEE21DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE21Req.der
certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US"  -R  -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3436: OCSPD: Creating EE certifiate request OCSPEE21Req.der  - PASSED
chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3437: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database
certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3438: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database  - PASSED
chains.sh: Creating DB OCSPEE22DB
certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd
chains.sh: #3439: OCSPD: Creating DB OCSPEE22DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE22Req.der
certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US"  -R  -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3440: OCSPD: Creating EE certifiate request OCSPEE22Req.der  - PASSED
chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3441: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database
certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3442: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database  - PASSED
chains.sh: Creating DB OCSPEE23DB
certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd
chains.sh: #3443: OCSPD: Creating DB OCSPEE23DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE23Req.der
certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US"  -R  -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3444: OCSPD: Creating EE certifiate request OCSPEE23Req.der  - PASSED
chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3445: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database
certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3446: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database  - PASSED
chains.sh: Creating DB OCSPEE31DB
certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd
chains.sh: #3447: OCSPD: Creating DB OCSPEE31DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE31Req.der
certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US"  -R  -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE31Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3448: OCSPD: Creating EE certifiate request OCSPEE31Req.der  - PASSED
chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3449: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database
certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3450: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database  - PASSED
chains.sh: Creating DB OCSPEE32DB
certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd
chains.sh: #3451: OCSPD: Creating DB OCSPEE32DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE32Req.der
certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US"  -R  -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3452: OCSPD: Creating EE certifiate request OCSPEE32Req.der  - PASSED
chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3453: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database
certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3454: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database  - PASSED
chains.sh: Creating DB OCSPEE33DB
certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd
chains.sh: #3455: OCSPD: Creating DB OCSPEE33DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE33Req.der
certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US"  -R  -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OCSPEE33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3456: OCSPD: Creating EE certifiate request OCSPEE33Req.der  - PASSED
chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3457: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database
certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3458: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database  - PASSED
chains.sh: Create CRL for OCSPRootDB
crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628174138Z
nextupdate=20170628174138Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 17:41:38 2016
    Next Update: Wed Jun 28 17:41:38 2017
    CRL Extensions:
chains.sh: #3459: OCSPD: Create CRL for OCSPRootDB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPRoot
crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628174139Z
addcert 2 20160628174139Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 17:41:39 2016
    Next Update: Wed Jun 28 17:41:38 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:39 2016
    CRL Extensions:
chains.sh: #3460: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot  - PASSED
chains.sh: Create CRL for OCSPCA1DB
crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628174140Z
nextupdate=20170628174140Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:41:40 2016
    Next Update: Wed Jun 28 17:41:40 2017
    CRL Extensions:
chains.sh: #3461: OCSPD: Create CRL for OCSPCA1DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628174141Z
addcert 2 20160628174141Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:41:41 2016
    Next Update: Wed Jun 28 17:41:40 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:41 2016
    CRL Extensions:
chains.sh: #3462: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1  - PASSED
chains.sh: Revoking certificate with SN 4 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628174142Z
addcert 4 20160628174142Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 17:41:42 2016
    Next Update: Wed Jun 28 17:41:40 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:41 2016
    Entry 2 (0x2):
        Serial Number: 4 (0x4)
        Revocation Date: Tue Jun 28 17:41:42 2016
    CRL Extensions:
chains.sh: #3463: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1  - PASSED
chains.sh: Create CRL for OCSPCA2DB
crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628174142Z
nextupdate=20170628174142Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:41:42 2016
    Next Update: Wed Jun 28 17:41:42 2017
    CRL Extensions:
chains.sh: #3464: OCSPD: Create CRL for OCSPCA2DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628174143Z
addcert 2 20160628174143Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:41:43 2016
    Next Update: Wed Jun 28 17:41:42 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:43 2016
    CRL Extensions:
chains.sh: #3465: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628174144Z
addcert 3 20160628174144Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 17:41:44 2016
    Next Update: Wed Jun 28 17:41:42 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:43 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 17:41:44 2016
    CRL Extensions:
chains.sh: #3466: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2  - PASSED
chains.sh: Create CRL for OCSPCA3DB
crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628174144Z
nextupdate=20170628174144Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:41:44 2016
    Next Update: Wed Jun 28 17:41:44 2017
    CRL Extensions:
chains.sh: #3467: OCSPD: Create CRL for OCSPCA3DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628174145Z
addcert 2 20160628174145Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:41:45 2016
    Next Update: Wed Jun 28 17:41:44 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:45 2016
    CRL Extensions:
chains.sh: #3468: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628174146Z
addcert 3 20160628174146Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 17:41:46 2016
    Next Update: Wed Jun 28 17:41:44 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 17:41:45 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 17:41:46 2016
    CRL Extensions:
chains.sh: #3469: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3  - PASSED
chains.sh: Creating DB ServerDB
certutil -N -d ServerDB -f ServerDB/dbpasswd
chains.sh: #3470: OCSPD: Creating DB ServerDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ServerDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der
chains.sh: #3471: OCSPD: Importing certificate OCSPRoot.der to ServerDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ServerDB database
crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl
chains.sh: #3472: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #3473: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #3474: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #3475: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #3476: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database  - PASSED
chains.sh: Creating DB ClientDB
certutil -N -d ClientDB -f ClientDB/dbpasswd
chains.sh: #3477: OCSPD: Creating DB ClientDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ClientDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der
chains.sh: #3478: OCSPD: Importing certificate OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ClientDB database
crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl
chains.sh: #3479: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA1OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der
chains.sh: #3480: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA2OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der
chains.sh: #3481: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA3OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der
chains.sh: #3482: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE11OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der
chains.sh: #3483: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE12OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der
chains.sh: #3484: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE13OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der
chains.sh: #3485: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE14OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der
chains.sh: #3486: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE15OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der
chains.sh: #3487: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE21OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der
chains.sh: #3488: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE22OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der
chains.sh: #3489: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE23OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der
chains.sh: #3490: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE31OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der
chains.sh: #3491: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE32OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der
chains.sh: #3492: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE33OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der
chains.sh: #3493: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database  - PASSED
httpserv starting at Tue Jun 28 17:41:48 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \
         -O get -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:41:48 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 2663 >/dev/null 2>/dev/null
httpserv with PID 2663 found at Tue Jun 28 17:41:48 UTC 2016
httpserv with PID 2663 started at Tue Jun 28 17:41:48 UTC 2016
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #3494: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173956 (0x25712c84)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:40:15 2016
            Not After : Mon Jun 28 17:40:15 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:cc:28:a9:1d:8a:2b:12:ab:ca:2e:fb:7c:fb:b3:be:
                    ae:5d:96:90:aa:8b:c7:7b:0c:98:cc:7f:59:01:b6:c9:
                    2b:68:7e:74:13:5c:51:27:52:00:f3:8f:71:e7:90:93:
                    78:d3:1d:ed:fd:e9:67:c0:87:24:1b:87:84:74:3c:24:
                    fa:b2:56:27:b7:5a:58:95:fc:eb:cd:ce:bb:c1:94:ab:
                    83:c7:86:7e:4e:9e:e7:76:ca:30:07:92:cf:4b:8c:6b:
                    8d:a7:63:3f:90:36:13:c5:d5:1e:b2:94:09:a8:8b:85:
                    f5:c3:0b:f9:ea:f3:20:eb:04:2f:98:7c:60:be:07:f0:
                    12:77:77:0c:d8:89:07:a9:7a:42:d9:27:c2:54:66:13:
                    fa:4a:1f:2a:ed:6f:d0:75:54:66:f6:61:1e:a9:52:c1:
                    15:16:8a:75:5a:fd:5f:fc:42:2b:38:62:2d:1e:5d:15:
                    e3:2e:37:f1:fd:ac:59:ab:d2:8a:54:ac:5a:95:a4:f7:
                    ec:ea:fb:2f:42:f5:6b:5a:20:34:a4:1b:7d:3c:98:a2:
                    fe:2a:fa:0a:0e:4f:b6:b9:82:37:46:2e:a4:d6:08:0b:
                    a3:e4:4e:88:48:3c:e3:3d:18:bb:d9:95:1b:35:10:e4:
                    8c:17:67:72:a3:ac:0c:89:22:26:2c:1f:01:63:d7:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        53:99:a0:49:94:f4:29:e1:e8:da:62:ee:83:93:58:f6:
        6b:30:d7:b4:32:db:2d:e7:5c:b4:1c:8d:6f:c4:fa:d5:
        48:e5:7c:3f:cd:48:cf:e2:1c:c4:ff:bd:ce:21:20:30:
        a0:d7:a7:d0:a4:90:86:c4:e7:8c:f9:e2:2a:94:0d:95:
        64:bb:63:0f:3e:df:92:f9:29:6e:1d:dd:1d:ad:2c:01:
        61:56:36:47:fd:46:76:bd:94:19:77:87:17:03:e6:b1:
        bd:ca:9e:ce:cd:15:15:71:3d:f4:71:e7:41:46:53:23:
        ce:94:df:c0:c0:44:b4:6a:bb:91:ed:e4:fc:1b:4f:77:
        08:1a:1d:f0:c9:46:fb:47:69:6b:2b:3c:40:bc:f9:33:
        3c:48:b0:9a:48:84:6d:0a:1e:57:1e:c9:6a:46:21:12:
        b0:15:67:75:7f:b4:7c:e9:10:34:0d:52:5f:0c:9c:0f:
        bb:3d:cf:05:e3:1f:a0:13:83:ac:7e:fa:81:d2:74:10:
        22:0f:bb:b2:aa:b3:63:40:5c:28:5e:8a:d2:f2:b4:71:
        1f:df:a7:67:7d:60:b0:f9:0b:5a:9f:b3:12:1b:61:92:
        2e:50:33:da:0a:8e:bc:8e:9c:40:f2:41:c7:4f:60:64:
        62:c5:6e:b2:fe:6f:66:63:06:e6:ae:99:ab:53:cd:a3
    Fingerprint (SHA-256):
        28:36:64:ED:55:AB:DE:4D:69:B3:53:D4:54:1D:90:25:0B:D4:61:EA:08:01:9C:E7:29:3F:BB:7D:58:66:29:A4
    Fingerprint (SHA1):
        CF:52:8E:36:09:63:50:9A:FA:45:F9:26:62:99:33:C6:B1:4A:75:72
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3495: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #3496: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #3497: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 2663 at Tue Jun 28 17:41:48 UTC 2016
kill -USR1 2663
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 2663 killed at Tue Jun 28 17:41:48 UTC 2016
httpserv starting at Tue Jun 28 17:41:48 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \
         -O post -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:41:48 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 2832 >/dev/null 2>/dev/null
httpserv with PID 2832 found at Tue Jun 28 17:41:48 UTC 2016
httpserv with PID 2832 started at Tue Jun 28 17:41:48 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3498: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3499: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3500: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #3501: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173956 (0x25712c84)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:40:15 2016
            Not After : Mon Jun 28 17:40:15 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:cc:28:a9:1d:8a:2b:12:ab:ca:2e:fb:7c:fb:b3:be:
                    ae:5d:96:90:aa:8b:c7:7b:0c:98:cc:7f:59:01:b6:c9:
                    2b:68:7e:74:13:5c:51:27:52:00:f3:8f:71:e7:90:93:
                    78:d3:1d:ed:fd:e9:67:c0:87:24:1b:87:84:74:3c:24:
                    fa:b2:56:27:b7:5a:58:95:fc:eb:cd:ce:bb:c1:94:ab:
                    83:c7:86:7e:4e:9e:e7:76:ca:30:07:92:cf:4b:8c:6b:
                    8d:a7:63:3f:90:36:13:c5:d5:1e:b2:94:09:a8:8b:85:
                    f5:c3:0b:f9:ea:f3:20:eb:04:2f:98:7c:60:be:07:f0:
                    12:77:77:0c:d8:89:07:a9:7a:42:d9:27:c2:54:66:13:
                    fa:4a:1f:2a:ed:6f:d0:75:54:66:f6:61:1e:a9:52:c1:
                    15:16:8a:75:5a:fd:5f:fc:42:2b:38:62:2d:1e:5d:15:
                    e3:2e:37:f1:fd:ac:59:ab:d2:8a:54:ac:5a:95:a4:f7:
                    ec:ea:fb:2f:42:f5:6b:5a:20:34:a4:1b:7d:3c:98:a2:
                    fe:2a:fa:0a:0e:4f:b6:b9:82:37:46:2e:a4:d6:08:0b:
                    a3:e4:4e:88:48:3c:e3:3d:18:bb:d9:95:1b:35:10:e4:
                    8c:17:67:72:a3:ac:0c:89:22:26:2c:1f:01:63:d7:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        53:99:a0:49:94:f4:29:e1:e8:da:62:ee:83:93:58:f6:
        6b:30:d7:b4:32:db:2d:e7:5c:b4:1c:8d:6f:c4:fa:d5:
        48:e5:7c:3f:cd:48:cf:e2:1c:c4:ff:bd:ce:21:20:30:
        a0:d7:a7:d0:a4:90:86:c4:e7:8c:f9:e2:2a:94:0d:95:
        64:bb:63:0f:3e:df:92:f9:29:6e:1d:dd:1d:ad:2c:01:
        61:56:36:47:fd:46:76:bd:94:19:77:87:17:03:e6:b1:
        bd:ca:9e:ce:cd:15:15:71:3d:f4:71:e7:41:46:53:23:
        ce:94:df:c0:c0:44:b4:6a:bb:91:ed:e4:fc:1b:4f:77:
        08:1a:1d:f0:c9:46:fb:47:69:6b:2b:3c:40:bc:f9:33:
        3c:48:b0:9a:48:84:6d:0a:1e:57:1e:c9:6a:46:21:12:
        b0:15:67:75:7f:b4:7c:e9:10:34:0d:52:5f:0c:9c:0f:
        bb:3d:cf:05:e3:1f:a0:13:83:ac:7e:fa:81:d2:74:10:
        22:0f:bb:b2:aa:b3:63:40:5c:28:5e:8a:d2:f2:b4:71:
        1f:df:a7:67:7d:60:b0:f9:0b:5a:9f:b3:12:1b:61:92:
        2e:50:33:da:0a:8e:bc:8e:9c:40:f2:41:c7:4f:60:64:
        62:c5:6e:b2:fe:6f:66:63:06:e6:ae:99:ab:53:cd:a3
    Fingerprint (SHA-256):
        28:36:64:ED:55:AB:DE:4D:69:B3:53:D4:54:1D:90:25:0B:D4:61:EA:08:01:9C:E7:29:3F:BB:7D:58:66:29:A4
    Fingerprint (SHA1):
        CF:52:8E:36:09:63:50:9A:FA:45:F9:26:62:99:33:C6:B1:4A:75:72
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3502: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #3503: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #3504: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 2832 at Tue Jun 28 17:41:50 UTC 2016
kill -USR1 2832
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 2832 killed at Tue Jun 28 17:41:50 UTC 2016
httpserv starting at Tue Jun 28 17:41:50 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \
         -O random -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:41:50 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 3080 >/dev/null 2>/dev/null
httpserv with PID 3080 found at Tue Jun 28 17:41:50 UTC 2016
httpserv with PID 3080 started at Tue Jun 28 17:41:50 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #3505: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #3506: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173957 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3507: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #3508: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #3509: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173958 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3510: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #3511: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #3512: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3513: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628173959 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3514: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3515: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628173960 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3516: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3517: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #3518: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #3519: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3520: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628173961   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3521: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3522: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3523: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #3524: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #3525: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173958 (0x25712c86)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:07 2016
            Not After : Mon Jun 28 17:42:07 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:b9:56:f4:1f:dc:24:56:a2:b2:8a:51:0f:dc:b7:2f:
                    ca:50:44:40:38:e2:81:8f:2c:2a:e2:7d:ec:26:42:54:
                    a7:22:54:62:de:23:5b:d9:07:5c:8a:77:4f:10:0a:bc:
                    65:c1:e3:c0:5d:48:6d:22:f4:11:7e:25:94:17:80:a6:
                    fd:e8:0c:e9:e6:8b:ce:90:54:00:8f:63:6a:24:17:ce:
                    eb:1f:2b:06:42:7f:d1:ad:07:0d:f1:fe:1b:0b:74:cf:
                    e8:c0:cb:d2:af:f9:8d:74:e3:32:41:b1:f0:1a:e2:00:
                    ed:01:3e:5a:b4:94:a5:8f:11:e0:df:07:c9:0f:3e:fb:
                    f4:79:10:ae:ce:71:8f:de:ba:f8:16:ea:f0:22:32:63:
                    13:9d:11:c6:a3:ed:bd:27:82:bd:1e:4f:65:67:98:f3:
                    77:a2:e5:9e:4a:11:5e:3f:cf:5c:51:df:1a:c4:2c:83:
                    d3:21:91:37:f2:19:22:b3:c2:ba:4d:56:b1:09:2f:fd:
                    61:51:df:57:43:5f:9d:ba:2b:94:2e:0b:8b:90:89:e0:
                    df:53:b8:f1:cd:d3:f3:22:f2:8f:13:b6:3b:2a:7c:22:
                    cb:55:0a:b6:32:bc:79:58:61:1d:d3:11:74:a7:d7:8f:
                    18:03:95:a9:96:4e:cf:53:95:f8:47:e9:6b:a8:46:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:22:0e:a1:5a:f3:df:88:54:2a:bc:5c:f1:48:82:96:
        2b:74:54:dc:75:ba:9f:d2:23:39:d4:e4:23:90:e3:bc:
        13:2f:df:9a:52:13:cc:45:50:9b:d1:18:a9:65:cd:bb:
        9e:fe:31:ed:52:7b:12:89:78:b2:44:3f:38:20:6b:96:
        ac:ba:36:0a:76:87:cf:40:bd:9d:fc:71:86:e4:dd:12:
        a8:ce:a8:8d:95:37:fa:fb:1d:98:09:21:99:e6:b3:c7:
        a3:3a:83:4b:73:66:d8:a4:1a:cd:f4:27:3f:f2:ef:41:
        c3:7f:a6:50:02:ad:bf:e3:d4:87:de:0b:05:c6:1d:71:
        0f:bf:64:de:c0:df:35:b3:9b:fd:16:b9:4c:8b:ba:de:
        20:83:8a:53:87:8f:c9:16:fc:4c:29:04:91:9b:93:90:
        f4:1c:ed:80:40:d7:e6:29:4e:7b:c9:a6:a3:f2:0b:e2:
        1c:f3:e6:68:e6:b0:5d:cf:7c:87:dd:32:6f:44:e3:41:
        a7:2f:0e:e0:70:2a:c2:7e:ab:f0:6b:2b:a1:96:58:f3:
        d3:3e:1e:a7:23:ad:ad:7a:d4:e7:ca:10:21:37:c4:63:
        4b:ff:43:d1:7f:02:88:92:15:47:50:f7:14:fb:e8:93:
        db:15:26:6d:30:b3:5d:d1:5b:3b:25:8b:74:c0:d4:e5
    Fingerprint (SHA-256):
        6B:9A:54:1E:CE:87:BE:5A:7E:22:88:A5:CA:FE:42:91:98:B5:DE:EE:0F:B8:FC:2E:2C:81:62:D9:B8:71:D4:11
    Fingerprint (SHA1):
        1F:50:EE:16:6B:2A:78:70:81:E1:BE:AE:74:48:91:79:ED:48:21:2D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3526: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173957 (0x25712c85)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:41:58 2016
            Not After : Mon Jun 28 17:41:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:80:04:80:1e:f0:8d:25:79:59:80:d5:68:99:45:53:
                    44:11:3f:20:a1:df:a7:74:be:b4:74:01:f6:ae:8b:7c:
                    1f:fc:ba:81:68:56:c6:25:99:ad:61:14:b8:a6:36:16:
                    f0:b3:f4:21:e8:25:e0:c8:15:35:1f:50:ad:7c:e2:49:
                    97:ed:33:f1:aa:4b:6c:9c:ab:b8:fe:86:20:d8:d7:1b:
                    b4:7b:5c:65:d2:c8:64:e8:d5:9e:6c:26:f6:3f:e6:9c:
                    f3:db:d6:20:3b:37:00:5f:f8:6b:c2:f7:97:75:b0:cc:
                    0f:55:e4:82:97:29:a9:dd:ae:ae:06:a6:31:65:3a:34:
                    ab:87:ec:20:49:d4:b8:a0:27:e8:0b:be:c7:46:ca:c0:
                    f5:8e:de:72:f5:43:f3:92:18:8c:f4:63:09:1f:cc:0d:
                    e8:ad:a9:c5:b3:69:26:37:30:e3:45:bb:98:4d:63:85:
                    77:a6:78:aa:35:20:93:d3:d2:49:35:8b:a1:2d:b1:fd:
                    22:25:ff:1b:62:a0:a4:7f:df:7f:48:47:d8:05:8a:41:
                    66:9e:38:ff:a9:13:61:f0:98:e9:d8:19:20:9b:a5:ab:
                    81:43:58:75:4a:97:02:b7:b7:a3:c0:14:f1:20:21:d0:
                    c4:49:e3:4d:6f:c5:97:02:3e:3b:58:d1:69:1e:94:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c3:a4:86:a0:f0:35:1d:e1:a3:0a:7e:43:03:00:75:9a:
        4e:5f:d3:38:f4:c4:35:f0:53:30:6d:b3:55:66:22:c9:
        eb:01:b8:d0:6e:41:88:47:0f:45:57:4e:b3:30:c8:e0:
        31:0a:17:b1:54:01:71:a5:45:59:ed:31:24:be:0d:95:
        2a:24:0c:a2:dd:de:dc:aa:51:5a:a4:e4:4a:89:35:82:
        4b:62:a9:8f:b6:49:11:dc:1b:d7:73:7e:4b:2b:90:50:
        51:af:fc:c5:3b:75:88:b5:60:52:81:cf:52:41:64:d7:
        6d:4e:32:b5:1c:aa:0e:fe:be:ff:f5:78:1d:a5:4b:e6:
        e4:c0:19:e2:2b:83:9d:56:66:83:af:f4:ec:e1:51:f5:
        2d:08:cb:ce:9f:92:e6:34:f1:97:15:15:ee:93:fb:8a:
        59:9e:ca:fd:36:ee:0f:a2:41:e4:d8:c2:1a:12:d6:5d:
        05:dd:15:cf:3f:56:5b:8c:d1:41:c7:3e:47:85:56:68:
        9e:21:de:72:05:ee:35:17:17:9a:c2:31:17:5d:b4:77:
        a8:b8:19:60:b5:5e:bc:9a:5c:80:c9:8c:5b:bb:c7:5b:
        30:2e:02:b4:2e:8c:7f:b2:24:1f:9a:bc:ee:24:d0:3f:
        d9:94:46:66:bd:5d:96:0e:38:c4:0e:e2:5e:f6:af:f1
    Fingerprint (SHA-256):
        88:9C:B4:6A:98:86:54:31:6E:5C:99:2A:A8:15:2B:6B:5F:BE:91:21:F4:62:2C:ED:B9:48:B3:3A:7D:6B:7C:04
    Fingerprint (SHA1):
        99:72:C6:27:20:4A:DA:24:83:FC:0E:6E:72:4E:4A:3F:35:57:C8:36
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3527: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #3528: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #3529: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #3530: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173957 (0x25712c85)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:41:58 2016
            Not After : Mon Jun 28 17:41:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:80:04:80:1e:f0:8d:25:79:59:80:d5:68:99:45:53:
                    44:11:3f:20:a1:df:a7:74:be:b4:74:01:f6:ae:8b:7c:
                    1f:fc:ba:81:68:56:c6:25:99:ad:61:14:b8:a6:36:16:
                    f0:b3:f4:21:e8:25:e0:c8:15:35:1f:50:ad:7c:e2:49:
                    97:ed:33:f1:aa:4b:6c:9c:ab:b8:fe:86:20:d8:d7:1b:
                    b4:7b:5c:65:d2:c8:64:e8:d5:9e:6c:26:f6:3f:e6:9c:
                    f3:db:d6:20:3b:37:00:5f:f8:6b:c2:f7:97:75:b0:cc:
                    0f:55:e4:82:97:29:a9:dd:ae:ae:06:a6:31:65:3a:34:
                    ab:87:ec:20:49:d4:b8:a0:27:e8:0b:be:c7:46:ca:c0:
                    f5:8e:de:72:f5:43:f3:92:18:8c:f4:63:09:1f:cc:0d:
                    e8:ad:a9:c5:b3:69:26:37:30:e3:45:bb:98:4d:63:85:
                    77:a6:78:aa:35:20:93:d3:d2:49:35:8b:a1:2d:b1:fd:
                    22:25:ff:1b:62:a0:a4:7f:df:7f:48:47:d8:05:8a:41:
                    66:9e:38:ff:a9:13:61:f0:98:e9:d8:19:20:9b:a5:ab:
                    81:43:58:75:4a:97:02:b7:b7:a3:c0:14:f1:20:21:d0:
                    c4:49:e3:4d:6f:c5:97:02:3e:3b:58:d1:69:1e:94:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c3:a4:86:a0:f0:35:1d:e1:a3:0a:7e:43:03:00:75:9a:
        4e:5f:d3:38:f4:c4:35:f0:53:30:6d:b3:55:66:22:c9:
        eb:01:b8:d0:6e:41:88:47:0f:45:57:4e:b3:30:c8:e0:
        31:0a:17:b1:54:01:71:a5:45:59:ed:31:24:be:0d:95:
        2a:24:0c:a2:dd:de:dc:aa:51:5a:a4:e4:4a:89:35:82:
        4b:62:a9:8f:b6:49:11:dc:1b:d7:73:7e:4b:2b:90:50:
        51:af:fc:c5:3b:75:88:b5:60:52:81:cf:52:41:64:d7:
        6d:4e:32:b5:1c:aa:0e:fe:be:ff:f5:78:1d:a5:4b:e6:
        e4:c0:19:e2:2b:83:9d:56:66:83:af:f4:ec:e1:51:f5:
        2d:08:cb:ce:9f:92:e6:34:f1:97:15:15:ee:93:fb:8a:
        59:9e:ca:fd:36:ee:0f:a2:41:e4:d8:c2:1a:12:d6:5d:
        05:dd:15:cf:3f:56:5b:8c:d1:41:c7:3e:47:85:56:68:
        9e:21:de:72:05:ee:35:17:17:9a:c2:31:17:5d:b4:77:
        a8:b8:19:60:b5:5e:bc:9a:5c:80:c9:8c:5b:bb:c7:5b:
        30:2e:02:b4:2e:8c:7f:b2:24:1f:9a:bc:ee:24:d0:3f:
        d9:94:46:66:bd:5d:96:0e:38:c4:0e:e2:5e:f6:af:f1
    Fingerprint (SHA-256):
        88:9C:B4:6A:98:86:54:31:6E:5C:99:2A:A8:15:2B:6B:5F:BE:91:21:F4:62:2C:ED:B9:48:B3:3A:7D:6B:7C:04
    Fingerprint (SHA1):
        99:72:C6:27:20:4A:DA:24:83:FC:0E:6E:72:4E:4A:3F:35:57:C8:36
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3531: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173958 (0x25712c86)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:07 2016
            Not After : Mon Jun 28 17:42:07 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:b9:56:f4:1f:dc:24:56:a2:b2:8a:51:0f:dc:b7:2f:
                    ca:50:44:40:38:e2:81:8f:2c:2a:e2:7d:ec:26:42:54:
                    a7:22:54:62:de:23:5b:d9:07:5c:8a:77:4f:10:0a:bc:
                    65:c1:e3:c0:5d:48:6d:22:f4:11:7e:25:94:17:80:a6:
                    fd:e8:0c:e9:e6:8b:ce:90:54:00:8f:63:6a:24:17:ce:
                    eb:1f:2b:06:42:7f:d1:ad:07:0d:f1:fe:1b:0b:74:cf:
                    e8:c0:cb:d2:af:f9:8d:74:e3:32:41:b1:f0:1a:e2:00:
                    ed:01:3e:5a:b4:94:a5:8f:11:e0:df:07:c9:0f:3e:fb:
                    f4:79:10:ae:ce:71:8f:de:ba:f8:16:ea:f0:22:32:63:
                    13:9d:11:c6:a3:ed:bd:27:82:bd:1e:4f:65:67:98:f3:
                    77:a2:e5:9e:4a:11:5e:3f:cf:5c:51:df:1a:c4:2c:83:
                    d3:21:91:37:f2:19:22:b3:c2:ba:4d:56:b1:09:2f:fd:
                    61:51:df:57:43:5f:9d:ba:2b:94:2e:0b:8b:90:89:e0:
                    df:53:b8:f1:cd:d3:f3:22:f2:8f:13:b6:3b:2a:7c:22:
                    cb:55:0a:b6:32:bc:79:58:61:1d:d3:11:74:a7:d7:8f:
                    18:03:95:a9:96:4e:cf:53:95:f8:47:e9:6b:a8:46:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:22:0e:a1:5a:f3:df:88:54:2a:bc:5c:f1:48:82:96:
        2b:74:54:dc:75:ba:9f:d2:23:39:d4:e4:23:90:e3:bc:
        13:2f:df:9a:52:13:cc:45:50:9b:d1:18:a9:65:cd:bb:
        9e:fe:31:ed:52:7b:12:89:78:b2:44:3f:38:20:6b:96:
        ac:ba:36:0a:76:87:cf:40:bd:9d:fc:71:86:e4:dd:12:
        a8:ce:a8:8d:95:37:fa:fb:1d:98:09:21:99:e6:b3:c7:
        a3:3a:83:4b:73:66:d8:a4:1a:cd:f4:27:3f:f2:ef:41:
        c3:7f:a6:50:02:ad:bf:e3:d4:87:de:0b:05:c6:1d:71:
        0f:bf:64:de:c0:df:35:b3:9b:fd:16:b9:4c:8b:ba:de:
        20:83:8a:53:87:8f:c9:16:fc:4c:29:04:91:9b:93:90:
        f4:1c:ed:80:40:d7:e6:29:4e:7b:c9:a6:a3:f2:0b:e2:
        1c:f3:e6:68:e6:b0:5d:cf:7c:87:dd:32:6f:44:e3:41:
        a7:2f:0e:e0:70:2a:c2:7e:ab:f0:6b:2b:a1:96:58:f3:
        d3:3e:1e:a7:23:ad:ad:7a:d4:e7:ca:10:21:37:c4:63:
        4b:ff:43:d1:7f:02:88:92:15:47:50:f7:14:fb:e8:93:
        db:15:26:6d:30:b3:5d:d1:5b:3b:25:8b:74:c0:d4:e5
    Fingerprint (SHA-256):
        6B:9A:54:1E:CE:87:BE:5A:7E:22:88:A5:CA:FE:42:91:98:B5:DE:EE:0F:B8:FC:2E:2C:81:62:D9:B8:71:D4:11
    Fingerprint (SHA1):
        1F:50:EE:16:6B:2A:78:70:81:E1:BE:AE:74:48:91:79:ED:48:21:2D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3532: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #3533: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #3534: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #3535: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #3536: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #3537: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173958 (0x25712c86)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:07 2016
            Not After : Mon Jun 28 17:42:07 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:b9:56:f4:1f:dc:24:56:a2:b2:8a:51:0f:dc:b7:2f:
                    ca:50:44:40:38:e2:81:8f:2c:2a:e2:7d:ec:26:42:54:
                    a7:22:54:62:de:23:5b:d9:07:5c:8a:77:4f:10:0a:bc:
                    65:c1:e3:c0:5d:48:6d:22:f4:11:7e:25:94:17:80:a6:
                    fd:e8:0c:e9:e6:8b:ce:90:54:00:8f:63:6a:24:17:ce:
                    eb:1f:2b:06:42:7f:d1:ad:07:0d:f1:fe:1b:0b:74:cf:
                    e8:c0:cb:d2:af:f9:8d:74:e3:32:41:b1:f0:1a:e2:00:
                    ed:01:3e:5a:b4:94:a5:8f:11:e0:df:07:c9:0f:3e:fb:
                    f4:79:10:ae:ce:71:8f:de:ba:f8:16:ea:f0:22:32:63:
                    13:9d:11:c6:a3:ed:bd:27:82:bd:1e:4f:65:67:98:f3:
                    77:a2:e5:9e:4a:11:5e:3f:cf:5c:51:df:1a:c4:2c:83:
                    d3:21:91:37:f2:19:22:b3:c2:ba:4d:56:b1:09:2f:fd:
                    61:51:df:57:43:5f:9d:ba:2b:94:2e:0b:8b:90:89:e0:
                    df:53:b8:f1:cd:d3:f3:22:f2:8f:13:b6:3b:2a:7c:22:
                    cb:55:0a:b6:32:bc:79:58:61:1d:d3:11:74:a7:d7:8f:
                    18:03:95:a9:96:4e:cf:53:95:f8:47:e9:6b:a8:46:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:22:0e:a1:5a:f3:df:88:54:2a:bc:5c:f1:48:82:96:
        2b:74:54:dc:75:ba:9f:d2:23:39:d4:e4:23:90:e3:bc:
        13:2f:df:9a:52:13:cc:45:50:9b:d1:18:a9:65:cd:bb:
        9e:fe:31:ed:52:7b:12:89:78:b2:44:3f:38:20:6b:96:
        ac:ba:36:0a:76:87:cf:40:bd:9d:fc:71:86:e4:dd:12:
        a8:ce:a8:8d:95:37:fa:fb:1d:98:09:21:99:e6:b3:c7:
        a3:3a:83:4b:73:66:d8:a4:1a:cd:f4:27:3f:f2:ef:41:
        c3:7f:a6:50:02:ad:bf:e3:d4:87:de:0b:05:c6:1d:71:
        0f:bf:64:de:c0:df:35:b3:9b:fd:16:b9:4c:8b:ba:de:
        20:83:8a:53:87:8f:c9:16:fc:4c:29:04:91:9b:93:90:
        f4:1c:ed:80:40:d7:e6:29:4e:7b:c9:a6:a3:f2:0b:e2:
        1c:f3:e6:68:e6:b0:5d:cf:7c:87:dd:32:6f:44:e3:41:
        a7:2f:0e:e0:70:2a:c2:7e:ab:f0:6b:2b:a1:96:58:f3:
        d3:3e:1e:a7:23:ad:ad:7a:d4:e7:ca:10:21:37:c4:63:
        4b:ff:43:d1:7f:02:88:92:15:47:50:f7:14:fb:e8:93:
        db:15:26:6d:30:b3:5d:d1:5b:3b:25:8b:74:c0:d4:e5
    Fingerprint (SHA-256):
        6B:9A:54:1E:CE:87:BE:5A:7E:22:88:A5:CA:FE:42:91:98:B5:DE:EE:0F:B8:FC:2E:2C:81:62:D9:B8:71:D4:11
    Fingerprint (SHA1):
        1F:50:EE:16:6B:2A:78:70:81:E1:BE:AE:74:48:91:79:ED:48:21:2D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3538: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173958 (0x25712c86)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:07 2016
            Not After : Mon Jun 28 17:42:07 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:b9:56:f4:1f:dc:24:56:a2:b2:8a:51:0f:dc:b7:2f:
                    ca:50:44:40:38:e2:81:8f:2c:2a:e2:7d:ec:26:42:54:
                    a7:22:54:62:de:23:5b:d9:07:5c:8a:77:4f:10:0a:bc:
                    65:c1:e3:c0:5d:48:6d:22:f4:11:7e:25:94:17:80:a6:
                    fd:e8:0c:e9:e6:8b:ce:90:54:00:8f:63:6a:24:17:ce:
                    eb:1f:2b:06:42:7f:d1:ad:07:0d:f1:fe:1b:0b:74:cf:
                    e8:c0:cb:d2:af:f9:8d:74:e3:32:41:b1:f0:1a:e2:00:
                    ed:01:3e:5a:b4:94:a5:8f:11:e0:df:07:c9:0f:3e:fb:
                    f4:79:10:ae:ce:71:8f:de:ba:f8:16:ea:f0:22:32:63:
                    13:9d:11:c6:a3:ed:bd:27:82:bd:1e:4f:65:67:98:f3:
                    77:a2:e5:9e:4a:11:5e:3f:cf:5c:51:df:1a:c4:2c:83:
                    d3:21:91:37:f2:19:22:b3:c2:ba:4d:56:b1:09:2f:fd:
                    61:51:df:57:43:5f:9d:ba:2b:94:2e:0b:8b:90:89:e0:
                    df:53:b8:f1:cd:d3:f3:22:f2:8f:13:b6:3b:2a:7c:22:
                    cb:55:0a:b6:32:bc:79:58:61:1d:d3:11:74:a7:d7:8f:
                    18:03:95:a9:96:4e:cf:53:95:f8:47:e9:6b:a8:46:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:22:0e:a1:5a:f3:df:88:54:2a:bc:5c:f1:48:82:96:
        2b:74:54:dc:75:ba:9f:d2:23:39:d4:e4:23:90:e3:bc:
        13:2f:df:9a:52:13:cc:45:50:9b:d1:18:a9:65:cd:bb:
        9e:fe:31:ed:52:7b:12:89:78:b2:44:3f:38:20:6b:96:
        ac:ba:36:0a:76:87:cf:40:bd:9d:fc:71:86:e4:dd:12:
        a8:ce:a8:8d:95:37:fa:fb:1d:98:09:21:99:e6:b3:c7:
        a3:3a:83:4b:73:66:d8:a4:1a:cd:f4:27:3f:f2:ef:41:
        c3:7f:a6:50:02:ad:bf:e3:d4:87:de:0b:05:c6:1d:71:
        0f:bf:64:de:c0:df:35:b3:9b:fd:16:b9:4c:8b:ba:de:
        20:83:8a:53:87:8f:c9:16:fc:4c:29:04:91:9b:93:90:
        f4:1c:ed:80:40:d7:e6:29:4e:7b:c9:a6:a3:f2:0b:e2:
        1c:f3:e6:68:e6:b0:5d:cf:7c:87:dd:32:6f:44:e3:41:
        a7:2f:0e:e0:70:2a:c2:7e:ab:f0:6b:2b:a1:96:58:f3:
        d3:3e:1e:a7:23:ad:ad:7a:d4:e7:ca:10:21:37:c4:63:
        4b:ff:43:d1:7f:02:88:92:15:47:50:f7:14:fb:e8:93:
        db:15:26:6d:30:b3:5d:d1:5b:3b:25:8b:74:c0:d4:e5
    Fingerprint (SHA-256):
        6B:9A:54:1E:CE:87:BE:5A:7E:22:88:A5:CA:FE:42:91:98:B5:DE:EE:0F:B8:FC:2E:2C:81:62:D9:B8:71:D4:11
    Fingerprint (SHA1):
        1F:50:EE:16:6B:2A:78:70:81:E1:BE:AE:74:48:91:79:ED:48:21:2D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3539: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #3540: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #3541: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #3542: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #3543: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #3544: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173957 (0x25712c85)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:41:58 2016
            Not After : Mon Jun 28 17:41:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:80:04:80:1e:f0:8d:25:79:59:80:d5:68:99:45:53:
                    44:11:3f:20:a1:df:a7:74:be:b4:74:01:f6:ae:8b:7c:
                    1f:fc:ba:81:68:56:c6:25:99:ad:61:14:b8:a6:36:16:
                    f0:b3:f4:21:e8:25:e0:c8:15:35:1f:50:ad:7c:e2:49:
                    97:ed:33:f1:aa:4b:6c:9c:ab:b8:fe:86:20:d8:d7:1b:
                    b4:7b:5c:65:d2:c8:64:e8:d5:9e:6c:26:f6:3f:e6:9c:
                    f3:db:d6:20:3b:37:00:5f:f8:6b:c2:f7:97:75:b0:cc:
                    0f:55:e4:82:97:29:a9:dd:ae:ae:06:a6:31:65:3a:34:
                    ab:87:ec:20:49:d4:b8:a0:27:e8:0b:be:c7:46:ca:c0:
                    f5:8e:de:72:f5:43:f3:92:18:8c:f4:63:09:1f:cc:0d:
                    e8:ad:a9:c5:b3:69:26:37:30:e3:45:bb:98:4d:63:85:
                    77:a6:78:aa:35:20:93:d3:d2:49:35:8b:a1:2d:b1:fd:
                    22:25:ff:1b:62:a0:a4:7f:df:7f:48:47:d8:05:8a:41:
                    66:9e:38:ff:a9:13:61:f0:98:e9:d8:19:20:9b:a5:ab:
                    81:43:58:75:4a:97:02:b7:b7:a3:c0:14:f1:20:21:d0:
                    c4:49:e3:4d:6f:c5:97:02:3e:3b:58:d1:69:1e:94:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c3:a4:86:a0:f0:35:1d:e1:a3:0a:7e:43:03:00:75:9a:
        4e:5f:d3:38:f4:c4:35:f0:53:30:6d:b3:55:66:22:c9:
        eb:01:b8:d0:6e:41:88:47:0f:45:57:4e:b3:30:c8:e0:
        31:0a:17:b1:54:01:71:a5:45:59:ed:31:24:be:0d:95:
        2a:24:0c:a2:dd:de:dc:aa:51:5a:a4:e4:4a:89:35:82:
        4b:62:a9:8f:b6:49:11:dc:1b:d7:73:7e:4b:2b:90:50:
        51:af:fc:c5:3b:75:88:b5:60:52:81:cf:52:41:64:d7:
        6d:4e:32:b5:1c:aa:0e:fe:be:ff:f5:78:1d:a5:4b:e6:
        e4:c0:19:e2:2b:83:9d:56:66:83:af:f4:ec:e1:51:f5:
        2d:08:cb:ce:9f:92:e6:34:f1:97:15:15:ee:93:fb:8a:
        59:9e:ca:fd:36:ee:0f:a2:41:e4:d8:c2:1a:12:d6:5d:
        05:dd:15:cf:3f:56:5b:8c:d1:41:c7:3e:47:85:56:68:
        9e:21:de:72:05:ee:35:17:17:9a:c2:31:17:5d:b4:77:
        a8:b8:19:60:b5:5e:bc:9a:5c:80:c9:8c:5b:bb:c7:5b:
        30:2e:02:b4:2e:8c:7f:b2:24:1f:9a:bc:ee:24:d0:3f:
        d9:94:46:66:bd:5d:96:0e:38:c4:0e:e2:5e:f6:af:f1
    Fingerprint (SHA-256):
        88:9C:B4:6A:98:86:54:31:6E:5C:99:2A:A8:15:2B:6B:5F:BE:91:21:F4:62:2C:ED:B9:48:B3:3A:7D:6B:7C:04
    Fingerprint (SHA1):
        99:72:C6:27:20:4A:DA:24:83:FC:0E:6E:72:4E:4A:3F:35:57:C8:36
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3545: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173957 (0x25712c85)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:41:58 2016
            Not After : Mon Jun 28 17:41:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:80:04:80:1e:f0:8d:25:79:59:80:d5:68:99:45:53:
                    44:11:3f:20:a1:df:a7:74:be:b4:74:01:f6:ae:8b:7c:
                    1f:fc:ba:81:68:56:c6:25:99:ad:61:14:b8:a6:36:16:
                    f0:b3:f4:21:e8:25:e0:c8:15:35:1f:50:ad:7c:e2:49:
                    97:ed:33:f1:aa:4b:6c:9c:ab:b8:fe:86:20:d8:d7:1b:
                    b4:7b:5c:65:d2:c8:64:e8:d5:9e:6c:26:f6:3f:e6:9c:
                    f3:db:d6:20:3b:37:00:5f:f8:6b:c2:f7:97:75:b0:cc:
                    0f:55:e4:82:97:29:a9:dd:ae:ae:06:a6:31:65:3a:34:
                    ab:87:ec:20:49:d4:b8:a0:27:e8:0b:be:c7:46:ca:c0:
                    f5:8e:de:72:f5:43:f3:92:18:8c:f4:63:09:1f:cc:0d:
                    e8:ad:a9:c5:b3:69:26:37:30:e3:45:bb:98:4d:63:85:
                    77:a6:78:aa:35:20:93:d3:d2:49:35:8b:a1:2d:b1:fd:
                    22:25:ff:1b:62:a0:a4:7f:df:7f:48:47:d8:05:8a:41:
                    66:9e:38:ff:a9:13:61:f0:98:e9:d8:19:20:9b:a5:ab:
                    81:43:58:75:4a:97:02:b7:b7:a3:c0:14:f1:20:21:d0:
                    c4:49:e3:4d:6f:c5:97:02:3e:3b:58:d1:69:1e:94:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c3:a4:86:a0:f0:35:1d:e1:a3:0a:7e:43:03:00:75:9a:
        4e:5f:d3:38:f4:c4:35:f0:53:30:6d:b3:55:66:22:c9:
        eb:01:b8:d0:6e:41:88:47:0f:45:57:4e:b3:30:c8:e0:
        31:0a:17:b1:54:01:71:a5:45:59:ed:31:24:be:0d:95:
        2a:24:0c:a2:dd:de:dc:aa:51:5a:a4:e4:4a:89:35:82:
        4b:62:a9:8f:b6:49:11:dc:1b:d7:73:7e:4b:2b:90:50:
        51:af:fc:c5:3b:75:88:b5:60:52:81:cf:52:41:64:d7:
        6d:4e:32:b5:1c:aa:0e:fe:be:ff:f5:78:1d:a5:4b:e6:
        e4:c0:19:e2:2b:83:9d:56:66:83:af:f4:ec:e1:51:f5:
        2d:08:cb:ce:9f:92:e6:34:f1:97:15:15:ee:93:fb:8a:
        59:9e:ca:fd:36:ee:0f:a2:41:e4:d8:c2:1a:12:d6:5d:
        05:dd:15:cf:3f:56:5b:8c:d1:41:c7:3e:47:85:56:68:
        9e:21:de:72:05:ee:35:17:17:9a:c2:31:17:5d:b4:77:
        a8:b8:19:60:b5:5e:bc:9a:5c:80:c9:8c:5b:bb:c7:5b:
        30:2e:02:b4:2e:8c:7f:b2:24:1f:9a:bc:ee:24:d0:3f:
        d9:94:46:66:bd:5d:96:0e:38:c4:0e:e2:5e:f6:af:f1
    Fingerprint (SHA-256):
        88:9C:B4:6A:98:86:54:31:6E:5C:99:2A:A8:15:2B:6B:5F:BE:91:21:F4:62:2C:ED:B9:48:B3:3A:7D:6B:7C:04
    Fingerprint (SHA1):
        99:72:C6:27:20:4A:DA:24:83:FC:0E:6E:72:4E:4A:3F:35:57:C8:36
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #3546: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #3547: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173962 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3548: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #3549: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #3550: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173963 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3551: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #3552: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #3553: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173964 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3554: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #3555: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #3556: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173965 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3557: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #3558: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #3559: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173966 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3560: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #3561: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #3562: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173967 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3563: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #3564: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #3565: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173968 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3566: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #3567: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #3568: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173969 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3569: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #3570: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #3571: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173970 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3572: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #3573: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #3574: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3575: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628173971 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3576: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3577: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628173972 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3578: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3579: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628173973 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3580: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3581: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #3582: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #3583: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3584: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628173974 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3585: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3586: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628173975 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3587: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3588: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628173976 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3589: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3590: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #3591: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #3592: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3593: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628173977 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3594: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3595: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628173978 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3596: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3597: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628173979 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3598: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3599: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #3600: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #3601: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3602: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628173980 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3603: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3604: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628173981 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3605: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3606: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628173982 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3607: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3608: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #3609: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3610: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3611: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628173983   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3612: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3613: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #3614: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3615: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628173984   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3616: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3617: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173962 (0x25712c8a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:36 2016
            Not After : Mon Jun 28 17:42:36 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a6:82:03:69:02:ab:90:90:58:f6:1f:e4:7e:ca:ae:1e:
                    fa:41:ef:48:0e:48:b2:1b:56:b3:9d:82:18:2a:64:2b:
                    8d:08:d9:33:25:c1:83:90:79:fc:cc:f7:3f:58:3c:8f:
                    44:33:de:9f:86:6a:e8:99:40:ad:28:fd:e7:bf:d8:ba:
                    ee:d8:8f:87:a6:b2:e6:aa:6b:c3:f6:60:f0:00:be:f6:
                    33:eb:87:22:05:9f:aa:1b:8c:b9:db:24:78:af:47:f8:
                    6b:b7:af:15:de:50:49:f3:a7:cf:c4:92:8f:39:db:b8:
                    bf:c4:19:c4:04:74:26:3e:08:e9:f2:a9:4c:5d:07:58:
                    fc:90:e7:a8:11:a1:9f:b7:8f:f9:c8:d4:15:cf:7c:4e:
                    fd:09:9c:2c:a8:ec:31:b1:6a:bb:68:29:8a:31:2c:42:
                    c8:9a:bb:e8:80:47:f1:b0:86:25:76:8a:13:f1:56:f4:
                    a7:0d:cb:b2:ec:a8:ca:81:fd:1f:c5:b6:14:06:32:d0:
                    69:4f:9d:a8:22:ae:2d:63:c4:ef:ac:e4:a2:48:9a:9c:
                    4b:fd:f3:01:bf:9c:22:eb:90:d0:8c:6f:38:00:ba:68:
                    04:5c:1c:90:55:21:e1:ba:2f:09:9b:4e:5f:0b:ec:71:
                    0e:ee:3f:c7:85:f7:c4:6b:ea:ac:10:3f:9a:91:9c:21
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:94:1e:97:06:d9:e1:d4:eb:71:26:8c:c8:ad:ad:9a:
        08:e6:6e:e8:1c:a3:ac:35:d2:9d:e0:0e:4e:2d:f5:a0:
        88:ee:37:43:d2:e3:be:20:37:83:81:1e:2a:52:d9:19:
        0a:9a:21:cc:7d:47:c1:a2:62:06:00:ef:67:b0:7b:88:
        19:95:b9:e2:a9:fd:83:ee:c2:b1:c0:9b:04:c6:5b:8f:
        a9:09:b4:d6:66:1e:77:8f:12:7a:52:73:35:e5:71:70:
        26:22:34:76:80:85:90:77:09:24:e1:db:b2:c3:d7:ce:
        f9:0c:a4:27:65:2b:1f:4e:5b:c5:1b:a1:6d:b5:a3:ed:
        38:cf:a6:d9:db:0a:56:98:0b:8e:45:f4:55:67:9e:41:
        10:0f:7b:a2:14:b7:dd:12:85:f1:14:1b:32:26:5f:e4:
        16:00:72:56:39:8b:cc:d5:0d:09:3e:1e:17:3a:92:8e:
        bb:97:87:0f:35:b9:45:48:29:08:72:30:4f:d1:bb:32:
        b5:c5:57:69:ec:c1:25:49:19:36:2c:47:52:4c:f8:16:
        91:51:fd:0e:7e:60:fa:02:3a:b3:2a:d1:f3:d7:21:ef:
        d6:36:20:01:e6:7b:9e:68:bd:f3:7d:70:9f:14:11:0c:
        c0:a9:db:15:6e:83:c6:91:de:0b:a4:84:77:fc:33:03
    Fingerprint (SHA-256):
        BA:CE:D2:76:03:4B:B7:35:61:61:4F:B5:D4:DB:E4:20:E3:97:46:2E:12:C0:5B:4A:47:40:B9:B0:E9:78:9E:E6
    Fingerprint (SHA1):
        F6:CD:D1:F6:C3:F0:B7:AE:09:E5:F4:94:00:14:CC:89:4A:2B:42:E1
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #3618: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173963 (0x25712c8b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:50 2016
            Not After : Mon Jun 28 17:42:50 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ae:1f:15:db:e9:81:50:21:7a:c6:31:15:f3:13:f4:25:
                    16:53:3f:24:fe:1e:79:7b:90:57:54:a9:32:1f:ee:34:
                    c1:6d:c7:10:69:19:61:8a:de:f6:05:8b:89:89:4a:3d:
                    24:e8:42:ce:5a:f0:32:78:eb:ce:bd:e9:12:9b:42:3c:
                    09:d3:65:c3:8f:35:f2:bb:44:36:19:df:62:ae:1f:ee:
                    c3:8f:cc:13:f5:90:38:1f:76:2f:82:7b:c6:79:f5:cb:
                    d2:56:f5:94:0c:ac:f6:fc:35:48:09:4b:8c:fd:d0:79:
                    91:1c:34:71:dd:c0:b0:e8:c6:9c:5f:c2:bd:95:17:78:
                    9b:68:a0:75:aa:d6:5e:65:d7:f1:2d:5f:da:a9:ef:61:
                    87:6b:17:65:96:69:d7:aa:c3:d2:87:29:ef:bf:23:e8:
                    e0:7a:e7:82:e6:04:81:52:bb:84:3e:b2:af:e6:77:a0:
                    01:3e:57:ae:3c:97:ae:d9:fb:8c:1a:5d:8b:11:9f:a3:
                    69:d8:02:64:4f:6c:43:a7:68:d8:58:b9:6b:61:02:33:
                    a9:d3:b3:49:d3:b2:5e:5d:09:ba:50:22:29:c8:0b:a9:
                    76:52:49:49:1e:fc:c8:d3:fc:5d:09:5f:59:82:5b:f3:
                    26:71:50:cc:d4:03:f1:67:17:be:97:e8:7b:94:0a:03
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:fc:ba:00:f7:b0:04:90:9d:f4:d9:84:eb:23:ef:d0:
        90:41:da:b8:68:80:8f:f3:1b:8c:80:a0:e2:fd:1e:96:
        dc:7b:d8:80:eb:66:7f:7b:5b:87:b3:be:11:da:60:fc:
        11:17:ba:ed:54:ac:54:40:da:dc:a5:16:11:15:2c:5e:
        f3:b4:ec:e5:28:5c:9a:d6:21:9f:1c:28:7d:bc:76:c1:
        c6:00:1e:8e:5a:24:af:e4:fc:12:d1:0f:68:74:a3:9c:
        ee:a8:cb:c6:4e:0d:ef:35:75:4b:bc:66:68:a3:96:39:
        0a:85:23:9a:7c:b4:65:63:97:37:cc:53:6b:2b:33:2f:
        01:1c:22:a9:ad:b2:e4:af:70:7d:90:19:fd:44:bd:03:
        e2:b2:86:50:08:45:15:62:5b:38:db:ee:0c:50:08:59:
        49:40:e1:c4:0e:08:41:05:82:4b:a1:c9:8b:0d:8e:5e:
        5b:4d:ac:be:c2:d4:ba:f7:46:15:38:3d:e4:d1:9e:66:
        b4:d9:b0:ce:38:a0:29:4c:e6:b6:3a:9b:34:32:4b:bc:
        39:16:a9:c8:c2:e8:a7:6e:15:de:a1:94:16:21:5c:df:
        a1:5d:58:5d:4a:33:2c:d2:25:58:38:82:8c:d5:c2:61:
        73:22:11:51:ba:56:40:80:fa:90:f5:10:8b:44:be:30
    Fingerprint (SHA-256):
        C1:A4:11:A0:B1:68:1A:D0:65:A5:08:C3:67:3E:09:E6:67:92:98:2F:DB:D4:C4:8C:BF:F1:C2:14:6D:ED:40:9C
    Fingerprint (SHA1):
        D4:6B:90:41:03:CC:07:F2:F2:EB:48:C1:2B:0A:16:1C:ED:9C:A8:EC
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #3619: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173964 (0x25712c8c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 17:42:55 2016
            Not After : Mon Jun 28 17:42:55 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:5b:aa:f9:d3:3c:08:3f:9b:1f:dc:89:24:ca:50:03:
                    b9:de:c6:c7:0f:17:e9:d8:e9:33:2d:4c:99:a8:b6:b2:
                    dc:cb:20:29:17:5b:d4:c2:93:0d:b8:e7:a4:c1:cb:56:
                    11:45:ec:9d:f6:cf:9f:09:64:d0:ad:b4:e1:d6:06:24:
                    41:48:c9:dd:c3:d9:e6:89:99:77:91:9a:4d:5e:a0:9b:
                    98:01:01:e0:47:f9:a8:6b:9f:36:b6:a2:3b:84:fc:05:
                    e6:24:56:ac:f5:3a:4e:dc:b5:02:af:02:47:86:c1:19:
                    2e:69:d6:76:6d:20:41:8d:22:51:bb:46:6e:38:be:3a:
                    9c:4b:07:58:96:14:6c:e2:9a:51:19:cc:67:02:98:51:
                    c1:ba:0c:f9:9a:ec:ec:95:69:89:f7:22:20:f0:8f:21:
                    61:bb:30:cd:12:12:79:65:7b:7b:c2:52:31:ba:91:84:
                    f4:2f:3d:7f:80:99:b4:bf:ad:5d:ea:86:00:76:76:e3:
                    bd:63:1c:6c:1e:5a:16:e4:7f:ce:3b:60:07:06:67:96:
                    6b:00:17:e0:7a:0c:fb:96:9a:2a:d4:61:d9:a3:a5:be:
                    26:b0:a6:ee:d8:0f:f9:c2:8a:f8:40:a0:8b:34:5b:21:
                    d6:f3:f2:4c:d3:e4:e8:fd:9f:18:c2:f7:af:21:88:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:0f:fa:f0:f0:f7:fc:3b:41:b0:f9:9a:2d:07:5a:d7:
        47:58:fd:68:93:72:da:9c:5a:b0:08:9a:6e:db:71:7f:
        93:bc:af:a7:3b:13:97:17:60:aa:14:5f:07:d3:0d:2b:
        81:3a:e6:a0:93:81:e5:cc:63:d7:90:92:e3:0c:1b:b2:
        05:62:d9:32:47:ca:0f:bd:5e:36:a4:fd:db:86:64:1d:
        24:5f:26:10:28:db:be:e9:56:02:e0:06:33:8a:20:60:
        85:0e:d7:8b:94:40:4f:3c:17:f6:43:f3:3a:62:09:21:
        50:18:91:37:6d:34:39:7b:02:5f:b4:6d:b3:2c:50:bf:
        5c:42:41:8e:36:e7:2a:d0:cb:e7:6d:43:7a:3a:8e:e0:
        b9:65:16:00:b8:3a:5d:10:99:d2:60:41:d0:46:11:d4:
        44:d9:51:67:1c:0c:00:eb:08:b0:c9:bf:ff:d7:9e:c6:
        64:64:de:d7:09:bd:ad:5d:69:4b:9c:22:f2:76:c2:38:
        45:f3:eb:12:26:5e:ca:3d:99:04:70:43:64:33:98:96:
        a7:2c:80:83:8a:e8:13:6d:c5:bc:55:75:83:1f:8a:66:
        bc:f1:49:f8:18:db:e2:4f:47:9f:0e:ce:f0:13:b4:79:
        7b:34:42:8c:0e:0d:16:b0:98:b2:b7:fa:26:01:75:92
    Fingerprint (SHA-256):
        F7:3D:62:F2:19:2E:BF:46:35:96:50:24:FA:01:F0:92:A6:8A:8C:5B:46:A4:9F:2D:CB:02:E1:13:29:01:46:6B
    Fingerprint (SHA1):
        0C:9D:1E:3F:FA:E1:91:13:AD:32:B4:A4:4E:D7:7A:4C:32:2E:C2:19
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #3620: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173965 (0x25712c8d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:03 2016
            Not After : Mon Jun 28 17:43:03 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:67:cd:1c:e6:45:47:26:16:55:3d:6e:10:1f:54:12:
                    84:6f:95:b8:7f:92:8d:2e:18:f8:af:6c:e8:74:cb:09:
                    37:2a:ff:38:21:2e:7f:96:b2:96:ed:68:c7:96:1c:45:
                    78:ed:b9:0a:07:93:49:5e:cb:cf:46:38:de:8e:ad:38:
                    0f:2a:71:6f:36:58:6e:19:f5:17:dc:b6:7f:ac:82:43:
                    08:be:d4:39:4c:77:80:3e:68:80:99:84:1c:4e:bc:af:
                    ea:0c:b5:cc:51:21:36:53:d1:cd:31:a1:3e:ac:5b:cc:
                    cc:02:4c:99:65:a5:cc:e6:3f:30:01:65:75:1b:3c:99:
                    39:17:57:26:9d:03:bd:42:a6:3e:fc:c6:56:74:e8:e7:
                    77:d6:f2:43:18:1e:95:c7:2a:b2:ce:99:a3:dc:0e:d7:
                    fb:f1:6f:e4:d1:8e:7c:49:20:2c:7e:96:13:45:e7:9a:
                    67:73:b6:b0:29:66:76:7c:f9:ed:3a:88:11:b8:11:60:
                    38:af:ac:0a:1f:3d:55:73:83:bc:44:72:fa:43:8d:86:
                    5b:44:26:96:9b:bb:48:ea:df:c9:af:09:82:5e:1b:50:
                    ea:0d:e8:e1:88:91:77:f9:bf:b8:ed:2c:72:67:a3:6a:
                    de:83:a6:aa:18:e4:00:74:b5:8d:9b:d6:82:97:d6:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        30:46:c6:68:89:cd:fb:2f:a7:ca:9c:79:2a:32:48:ec:
        2b:3c:65:88:97:d9:ad:83:68:19:d6:ab:b0:80:f6:dd:
        80:0f:ef:82:0f:fc:0c:17:4a:58:53:b4:69:cb:21:30:
        0a:f2:0d:5e:b5:8e:f9:5d:7a:c4:f3:ba:ba:64:a1:7a:
        fd:75:e3:a8:af:10:27:f0:9b:15:9f:87:bd:76:25:d1:
        eb:45:fd:27:a2:1e:c0:b3:44:0f:6a:4a:48:aa:52:bf:
        6c:dd:4b:3a:48:82:4d:34:ea:f9:1c:95:97:b9:cb:01:
        08:4d:d2:44:9c:b1:a0:29:e0:2a:06:7b:1e:59:8b:c9:
        34:b9:8d:8d:a8:df:ef:5e:99:7e:41:96:a1:d8:45:fc:
        ba:68:fd:f1:d7:6f:bd:05:e9:6d:a2:cc:89:65:9d:c0:
        e1:8f:88:42:5a:2e:3a:72:8b:63:03:55:de:60:5a:32:
        91:10:1f:21:ae:5f:8d:dd:4d:9f:9f:c6:ea:45:bd:fa:
        1d:1a:77:d5:32:71:51:41:15:95:e3:a5:ea:fa:fe:42:
        4b:c9:2c:45:98:59:0e:02:23:e2:87:cb:93:0b:0c:66:
        49:02:10:85:db:df:63:e9:85:1b:4e:cc:75:66:ee:8c:
        d3:34:50:f4:d4:c1:5b:0c:c7:5a:7c:61:07:ab:00:55
    Fingerprint (SHA-256):
        D9:90:F1:F1:01:AF:C3:1E:E7:CD:35:D5:88:9D:A4:DC:F5:BC:01:40:09:0A:C1:1B:35:D7:61:D2:86:FE:B0:6E
    Fingerprint (SHA1):
        A5:0D:32:97:38:6D:C0:7E:0C:F2:10:A8:08:91:AC:5D:A4:69:20:5B
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #3621: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173966 (0x25712c8e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:05 2016
            Not After : Mon Jun 28 17:43:05 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:cc:f7:a4:e0:8a:e2:5a:f9:84:20:e5:c2:56:f0:33:
                    75:55:78:0f:a2:0d:6d:92:98:d2:30:e0:19:64:bc:67:
                    1b:61:b2:cd:4f:af:f3:9d:90:67:bd:0a:42:b0:6a:eb:
                    d2:e8:e8:7d:e4:18:e5:1c:ae:bb:02:79:10:d3:df:a0:
                    3f:0c:2b:41:02:00:f8:16:cb:c3:eb:e6:f9:b6:04:3e:
                    68:b2:63:8e:ac:17:d2:0a:28:c0:bd:de:ec:48:07:0d:
                    1f:02:31:c0:dc:be:a3:8a:b1:bc:c5:08:30:f8:40:42:
                    e7:fa:0e:3d:84:1e:96:89:6c:86:bc:bc:84:97:d9:74:
                    d2:90:3c:4d:97:68:e5:f3:d7:0e:c9:0f:43:d5:da:92:
                    1f:a7:ca:c9:32:72:0d:9d:7c:4f:75:3a:3e:99:63:31:
                    4d:e0:85:3e:c1:37:b5:49:8e:af:a4:da:c9:7d:38:28:
                    f2:4b:0b:2f:38:47:8f:23:32:8b:a6:85:37:ac:a3:b1:
                    e3:ad:70:9d:f8:48:33:28:84:30:f9:b6:1d:cb:41:76:
                    06:38:90:f1:84:49:47:dc:34:82:b0:17:93:d9:6e:19:
                    40:07:b8:0c:8c:b1:32:95:8b:bb:80:e6:a2:2c:32:73:
                    9a:0d:7a:33:85:40:20:dd:05:01:04:41:78:43:9d:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:17:19:84:74:99:5e:ed:07:55:0f:ff:8a:ae:12:df:
        3e:7b:f9:b6:d4:00:02:35:82:48:d9:9a:3a:0d:b8:7d:
        6e:10:93:68:b8:7e:04:6f:5d:90:6a:47:d3:aa:ee:ad:
        07:f6:49:0d:ae:db:1a:0b:04:0c:09:00:4c:aa:90:e4:
        13:37:33:af:be:8c:54:ca:3b:20:68:11:8c:46:82:3a:
        03:93:bd:56:c0:92:b1:8a:8c:a8:ff:1e:5b:2c:76:b1:
        96:7e:32:3e:6f:2e:af:5e:87:43:57:f6:72:79:4c:d0:
        e7:30:1a:fc:01:fc:53:08:2c:bc:5d:5b:ef:b0:c9:9e:
        3a:0d:c7:fe:0f:39:97:a3:d8:68:9e:94:83:45:a1:6c:
        17:0c:99:8e:a3:be:2a:80:ab:26:84:a5:2e:7f:13:32:
        56:01:72:a3:26:9d:ed:18:a0:aa:19:d3:2f:74:74:54:
        b7:26:f7:5b:d3:d2:38:ca:74:b9:eb:f8:e9:de:cd:cd:
        72:de:c9:27:3e:ef:24:02:94:df:77:2e:c4:de:5b:53:
        49:5d:1b:44:23:53:96:57:d0:01:95:e9:35:a3:9f:47:
        69:07:4d:6f:fc:57:74:34:6e:49:ba:21:f5:37:f0:88:
        01:59:a3:65:85:99:a4:6b:c8:0f:eb:79:e8:68:5d:4e
    Fingerprint (SHA-256):
        3B:61:2E:2A:BF:D4:BD:D2:6D:DC:03:61:6A:F2:5B:EA:37:78:81:AB:66:5B:F3:FC:F3:E3:F7:3F:40:5F:C4:B4
    Fingerprint (SHA1):
        11:C2:09:C2:6C:45:61:42:72:E8:FC:C5:FE:B9:1F:44:78:01:C6:50
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #3622: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173967 (0x25712c8f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:10 2016
            Not After : Mon Jun 28 17:43:10 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:a5:9d:8f:c8:8c:0b:27:e3:d0:37:91:cf:61:1c:2f:
                    29:6c:14:bb:dd:13:b4:9e:2c:fe:7c:04:f2:47:1f:ee:
                    d8:ca:f8:5d:cf:78:04:3b:fc:cc:bd:82:d9:1f:85:77:
                    ca:58:2b:31:fe:12:81:8f:b1:b9:90:d3:94:22:cb:ea:
                    7b:e0:97:c4:e9:51:ff:16:ea:21:82:a3:02:ab:ca:2b:
                    ba:d3:f5:76:11:ab:f8:06:ee:2e:6d:b6:e3:1d:78:eb:
                    c0:e1:a5:93:ab:8a:11:4e:37:36:03:23:51:c7:94:02:
                    18:f5:d1:85:02:07:fa:85:1d:65:69:6e:50:a9:52:d0:
                    8f:33:85:7d:ff:b2:d1:fe:ec:3a:28:1a:8b:78:03:d1:
                    55:cf:20:27:73:3f:2e:9a:1f:c3:c7:49:69:63:f8:43:
                    15:09:da:d4:ea:f5:f4:52:72:4e:fd:6a:26:70:1d:47:
                    1e:f7:db:8b:b2:3d:51:6e:cd:86:5b:c3:2a:ce:42:03:
                    2f:09:36:dd:68:1c:73:8a:c6:3e:9f:be:8d:a0:b4:75:
                    75:56:9e:80:f1:72:b7:8c:c9:65:15:3b:90:44:65:a5:
                    df:c5:29:bd:e3:4c:f2:ab:95:d4:3e:59:e1:2c:c9:e4:
                    9e:9e:c6:06:71:99:88:5e:be:02:9e:96:5e:b3:23:03
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ca:61:8a:c6:77:85:62:d5:1e:90:5c:22:90:cf:ca:6e:
        95:71:1d:65:95:4f:67:32:6f:f3:ac:d8:a3:22:ec:20:
        ee:91:08:f8:cf:c9:14:2a:2d:fe:67:a4:e7:54:3f:70:
        14:02:a3:49:e7:52:80:88:4f:5b:d5:12:6e:81:22:f1:
        6c:64:39:49:71:26:15:64:82:7d:8f:18:35:05:7f:47:
        93:10:ef:ca:fa:7e:b1:62:53:01:31:57:20:57:63:0b:
        11:22:96:93:54:b0:c4:a3:16:e5:39:54:c5:ef:bb:08:
        1e:a1:dc:f4:5b:98:be:bf:10:02:be:39:87:ca:8a:2b:
        f6:f4:2a:df:d8:19:ff:63:d5:13:0e:bb:d0:4b:d7:5a:
        ef:92:6e:a4:ba:b7:2a:5b:9f:bf:d8:84:f2:20:91:a9:
        b9:b9:e4:a5:af:99:57:3d:e5:3c:31:2f:97:da:98:87:
        2b:6d:b7:4e:56:9f:c9:c6:12:fe:82:dd:f6:5d:3b:3a:
        fd:d0:b4:0b:4a:52:6a:fe:4f:a1:d1:86:e1:6f:d5:d1:
        71:e9:e1:f3:56:b7:2b:fe:98:5e:22:7c:c5:58:7e:26:
        35:e1:0f:2c:7f:38:53:b5:83:4d:e0:d4:0c:ff:f4:b9:
        ec:58:8c:f5:53:1a:e6:0f:ac:63:af:ce:69:bf:3e:87
    Fingerprint (SHA-256):
        AF:D7:6D:25:9C:4C:0C:D8:12:11:0C:72:A5:F0:E0:A8:92:04:4C:63:0E:0C:35:E8:B6:19:93:CB:FB:B9:4A:7B
    Fingerprint (SHA1):
        37:9B:33:5E:5B:92:6D:C4:C0:80:2E:68:4D:03:DE:21:B8:F8:60:A3
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #3623: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173968 (0x25712c90)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:15 2016
            Not After : Mon Jun 28 17:43:15 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e4:50:81:d8:4c:ab:6a:6e:24:e0:a0:b6:b4:b4:c6:a1:
                    4d:fa:f3:31:18:eb:90:76:07:81:91:4f:cc:1a:9c:6d:
                    c2:f7:f6:90:db:ed:37:16:13:50:ad:a8:76:e3:5d:a2:
                    34:69:5c:bc:29:ec:07:2c:5a:6d:73:04:08:3e:11:72:
                    63:c3:70:b9:d0:47:33:f8:05:32:df:40:11:aa:20:04:
                    dc:ee:e4:69:bd:ee:6f:fd:9f:9c:1c:b7:f0:66:f8:5c:
                    ac:b0:c0:0a:6b:4c:52:a1:83:7a:a8:90:04:38:86:e3:
                    26:0a:c1:19:2f:71:43:28:f3:64:d0:27:8a:c8:cb:53:
                    cf:43:28:48:bc:5f:6a:5f:a8:7e:50:13:0d:ad:b3:ca:
                    bf:3e:98:ee:bf:9c:5e:46:4c:40:5f:2a:7a:a5:2e:c0:
                    a6:d7:e4:23:5d:fb:0f:2d:42:c6:de:8f:4c:c0:75:01:
                    b1:d8:77:c6:ac:8d:2c:b2:6b:96:83:a1:48:5a:3e:78:
                    00:87:d7:a4:67:ba:c8:00:3c:1b:fb:77:89:ab:46:10:
                    4e:63:5f:69:21:c4:c3:e7:d6:69:d3:fe:5a:2a:3a:60:
                    e1:21:bf:d7:60:01:a8:e6:38:32:40:e8:38:e2:3c:b3:
                    5d:48:43:10:e1:75:d1:08:4e:49:53:b9:8c:44:de:49
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7a:d6:9b:05:d8:f2:b9:2a:11:91:bf:d8:80:4f:05:c0:
        39:ea:e4:c5:55:47:45:c3:86:b5:1e:1c:75:2d:b7:ef:
        8a:45:1c:f7:64:0e:cd:ed:bd:08:dd:ac:af:b0:3f:fe:
        22:98:16:57:6f:a8:aa:46:48:a1:de:0b:f8:95:f7:ac:
        e9:3d:92:c2:7d:8f:48:d6:70:e3:6a:9e:5c:ac:08:cf:
        7f:29:94:87:4d:6e:89:58:7a:fb:b2:fc:ac:8c:53:60:
        a9:15:c7:66:e0:73:69:e2:48:22:f3:db:ab:da:91:89:
        3d:5b:ee:8a:94:de:e2:23:b0:57:fe:8a:a1:1f:56:40:
        f7:26:81:c7:9f:ce:52:69:3d:5b:3a:f7:e1:cb:b1:35:
        09:6b:24:65:d8:af:46:7c:9d:1c:09:17:73:33:c4:60:
        5a:18:d5:dd:56:48:79:97:51:50:3c:cd:e5:25:4b:8c:
        5b:c8:e6:b9:ba:5f:88:e4:96:c8:39:5e:d8:4b:57:8e:
        c6:c5:0a:38:a4:5e:a1:e2:73:6d:1f:51:60:62:ba:bb:
        d8:83:0b:04:85:54:f2:b3:44:74:4e:de:a9:75:38:bb:
        1e:39:ed:ed:89:e2:1f:0e:09:d2:19:a8:6e:e6:da:dc:
        f6:10:60:6d:4e:01:b8:47:17:57:eb:95:dd:62:06:92
    Fingerprint (SHA-256):
        93:58:DD:73:9C:A8:13:D5:7D:C0:4F:AE:02:6C:C2:36:D3:42:EC:E8:3B:D0:60:69:27:36:F8:8C:D0:57:AC:92
    Fingerprint (SHA1):
        B8:BB:12:8E:C5:E8:55:A6:6D:D6:1B:4A:AB:7F:28:B3:E8:51:65:5A
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #3624: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173969 (0x25712c91)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:18 2016
            Not After : Mon Jun 28 17:43:18 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ae:f1:05:c4:35:4c:a1:75:e7:b1:17:57:29:d5:c1:93:
                    e9:33:00:26:56:e1:95:21:99:bb:f7:83:fa:91:7e:81:
                    8f:00:dc:b8:d8:94:04:7a:2b:cf:3a:90:f4:28:d1:8a:
                    2c:01:3c:7b:87:f2:19:6c:ee:72:cb:d9:1d:3c:13:a3:
                    50:6a:46:98:2b:d1:2f:ef:57:64:5d:8b:1a:97:fd:a6:
                    ed:16:8d:9d:a5:d1:0e:31:61:a5:98:bc:03:b9:2e:96:
                    f1:d7:ee:97:11:4e:63:61:22:b1:6c:3a:71:36:44:6b:
                    78:ef:98:4b:53:af:01:ff:69:81:21:32:12:bb:7e:3b:
                    46:ef:13:84:f0:ff:59:8e:3c:bc:49:99:ef:be:71:1a:
                    af:a4:00:fc:cd:80:fe:a1:a3:15:fe:dc:4b:c3:16:da:
                    f5:be:c7:43:30:ab:a7:b8:9e:09:aa:4c:c8:1a:c8:5f:
                    a4:a0:12:5e:cb:77:0e:65:86:72:41:e0:98:73:24:0a:
                    29:38:f2:3a:a0:fd:96:a3:02:a3:54:fe:70:7e:30:13:
                    f3:cc:fa:d7:03:35:a7:b0:45:c4:44:9e:88:fa:33:89:
                    aa:26:0d:89:97:1f:df:c5:ff:3f:bf:dd:72:25:a2:07:
                    aa:c9:85:64:13:35:47:3d:46:2e:8e:c2:e4:d8:fc:4b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        34:6c:0a:95:19:eb:20:b4:a1:b7:56:d8:21:65:da:1a:
        74:1b:08:30:f9:ef:19:4d:d9:ec:98:bf:08:01:d3:cb:
        2c:75:ea:ac:47:04:60:3e:1b:ed:ad:a5:c5:29:71:3f:
        06:27:90:f1:0a:16:d0:10:8f:3f:52:32:0d:22:b6:11:
        b3:28:dc:ab:21:af:c6:8f:2a:c1:ee:6e:db:9a:fe:a2:
        03:f3:91:61:67:dd:d5:cf:2c:e7:d5:0f:6f:0c:8a:0c:
        a0:db:2f:13:4c:4f:cf:a4:d8:bf:f9:3f:75:29:05:98:
        c4:54:73:32:a8:a4:b9:96:14:a5:63:7c:5e:f2:97:9c:
        89:4a:f0:55:02:1e:dc:30:75:57:a6:ea:c3:38:d7:dd:
        a4:fb:a9:97:40:84:78:3a:4f:cf:73:d6:eb:44:1e:d7:
        b5:1d:83:de:82:1f:3c:37:c8:50:7b:2a:1a:56:cb:a9:
        94:8c:60:2b:a1:0a:7e:93:68:ab:93:b3:d6:a4:fb:c4:
        db:d5:8f:b7:ca:73:4a:32:cc:9c:9a:76:9e:23:48:bd:
        b7:5d:58:77:e9:6a:35:48:1c:35:6f:15:6f:fc:69:66:
        21:63:e8:56:04:09:a2:3e:6e:88:8c:f7:63:55:87:c6:
        5e:25:74:75:66:c9:7f:59:40:eb:ea:ec:4f:72:68:73
    Fingerprint (SHA-256):
        F4:AA:34:C6:EA:E2:5E:C2:42:CE:81:78:B1:77:7A:4F:B9:7F:5B:50:63:63:6A:CF:9E:C8:01:39:E3:1B:50:E7
    Fingerprint (SHA1):
        5E:B1:B0:9D:9E:F7:21:A6:7C:5A:9A:6E:A2:9F:4D:96:9A:E1:E2:1F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #3625: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173970 (0x25712c92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:26 2016
            Not After : Mon Jun 28 17:43:26 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:b5:5f:09:ca:39:7a:32:ea:56:42:42:41:6b:f0:17:
                    a3:82:40:a1:c0:fa:6d:5f:fd:48:cb:e1:d7:75:60:d5:
                    ef:7f:50:17:b1:52:03:26:e3:f2:9f:fe:3a:4c:95:77:
                    49:57:e5:d1:ad:3e:6d:d4:a3:1b:6b:f8:f5:83:e0:54:
                    83:a0:3e:0c:e5:7a:ee:f5:f2:56:f4:67:2f:eb:e2:3a:
                    99:23:c5:69:ce:68:51:ae:1b:6f:90:e8:18:15:e9:85:
                    2b:bd:43:6c:b4:ee:c7:5d:73:b5:72:7f:0b:e5:fa:e1:
                    71:15:a9:3e:25:a7:31:45:1f:c1:38:b5:b7:8a:24:e5:
                    80:28:c6:53:1a:94:34:15:40:bb:71:80:06:f1:58:24:
                    2f:c7:47:39:a0:7a:af:f7:f3:f2:02:10:9a:c0:0a:a2:
                    4d:04:7e:1c:08:68:66:f2:8c:00:d5:3d:20:c7:bd:48:
                    40:a4:7f:8c:1f:8b:04:f4:27:5f:06:b0:ed:53:80:14:
                    a1:34:95:f6:13:c7:a2:27:63:18:c4:c3:22:bd:9f:57:
                    a6:aa:ad:b4:20:22:c7:e6:c3:dd:4f:db:44:bd:28:c2:
                    3b:e6:76:5d:96:63:29:d9:d4:1a:ee:af:2b:d2:cf:1b:
                    60:84:07:3d:39:df:8e:4f:b4:9d:50:23:13:71:5d:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:d5:47:71:c9:92:0a:44:d4:bc:7f:9b:f7:d4:21:d8:
        cb:6f:19:d7:09:50:26:b9:b1:84:31:0e:73:34:71:87:
        e7:6f:1a:cd:de:cd:4f:0a:9c:0a:2e:ac:7b:9f:cb:45:
        89:1b:ec:7f:02:b1:07:6b:78:1c:b1:ff:59:9d:f5:b3:
        5d:9f:83:b5:f5:9c:d6:b4:34:9f:09:6e:d6:d2:f3:64:
        6c:5a:1d:01:62:d9:08:51:f8:ac:35:4d:ca:cc:fd:3f:
        ba:16:77:53:4a:f3:00:cd:a8:40:ca:74:dc:78:8f:05:
        42:b8:09:c0:00:f7:89:13:b9:02:a4:ac:da:4e:73:c6:
        39:68:42:2a:ca:cb:5e:fe:ae:8b:6e:6b:ec:f0:9a:ac:
        b7:b1:22:78:9b:45:d0:45:9f:97:c4:be:20:97:78:40:
        e6:e9:6a:62:b0:0b:7b:51:df:86:e1:4e:07:42:07:93:
        32:b2:d7:4c:74:4b:f4:da:a0:a3:48:48:d9:59:02:7d:
        e0:91:4d:65:08:d0:bb:98:5d:ab:4b:3b:13:d7:f8:80:
        19:a0:46:7c:a9:a6:b8:97:c6:05:e0:cc:20:58:b0:42:
        bb:aa:cb:2a:5f:de:a7:ee:19:23:2b:ed:22:c8:13:20:
        45:54:b0:cf:51:1e:25:24:5f:a7:b8:27:a0:49:bc:20
    Fingerprint (SHA-256):
        63:2F:C3:5B:CE:AD:90:94:B4:F8:9A:74:45:32:F9:87:22:C3:D9:80:38:11:42:04:51:9F:95:45:C9:12:6C:4C
    Fingerprint (SHA1):
        D4:96:08:A6:9F:8A:A7:08:4F:55:D5:5D:1F:9A:05:A6:E7:73:2A:DC
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #3626: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3627: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173985 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3628: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3629: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3630: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3631: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628173986   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3632: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3633: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3634: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3635: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628173987   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3636: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3637: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #3638: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3639: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628173988   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3640: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3641: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3642: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173985 (0x25712ca1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:52 2016
            Not After : Mon Jun 28 17:43:52 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e3:96:13:4a:1c:1b:3c:76:74:20:4b:18:0f:87:ff:c0:
                    b6:24:cc:72:04:85:c9:d4:78:e1:8b:e0:a2:ab:91:b9:
                    21:84:cf:43:c0:76:09:c5:ed:07:e5:37:e7:8c:e7:24:
                    77:3e:b6:da:bf:03:6a:58:76:b3:af:cf:75:e2:5b:88:
                    43:13:b4:06:7a:b4:5d:5b:fb:c3:7e:45:a7:15:1d:f3:
                    63:bb:f8:ba:c8:64:b7:79:91:1c:75:f6:a0:1b:67:53:
                    e1:ed:6f:d3:8b:4f:65:fb:21:e7:47:e0:00:02:4e:25:
                    29:42:57:a5:4f:2f:fc:41:b0:11:5b:09:b1:cd:b0:86:
                    d9:4f:b5:3c:43:e9:53:6a:b9:d8:44:39:de:c5:63:12:
                    31:ca:aa:b3:c8:e2:25:75:91:b9:b1:50:d3:61:83:9e:
                    65:3e:1f:78:ec:a7:f4:d0:c9:3c:e8:ec:cd:b3:f9:62:
                    73:0f:f4:8e:19:42:ce:b9:4a:a1:7f:66:f1:83:96:22:
                    ba:05:a2:e5:f8:a7:a0:23:25:45:f3:0f:05:a4:89:ae:
                    3b:3b:41:27:d7:e1:8a:22:cb:09:1f:d5:51:d9:41:07:
                    be:3f:73:4e:7a:5e:67:c3:9a:4b:b3:4e:18:45:46:91:
                    0c:00:fe:ed:41:60:42:11:85:9d:70:eb:1c:45:bd:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b3:8e:ec:9b:e1:03:fa:ac:6f:95:2a:fc:75:a4:02:f6:
        20:90:b8:37:7f:37:60:dc:88:63:49:1f:2f:45:74:38:
        a6:e9:34:a3:2a:3f:a4:25:4c:1b:cf:f2:a9:e7:09:0a:
        8b:e8:ce:e5:a1:35:ee:90:ac:e5:08:ff:a1:5d:06:c6:
        2c:81:20:5a:c6:dc:75:cd:8f:47:e9:72:9d:ca:cc:37:
        c5:a4:d8:46:f8:3d:65:d1:bd:bc:37:e2:27:66:4b:d9:
        6f:8a:12:42:d7:ad:9b:36:be:a1:f0:68:0e:e1:0e:6a:
        49:ab:c1:5a:65:93:fe:cc:3f:b2:1d:0d:4f:68:a8:5e:
        76:03:7a:c0:c3:2c:5b:59:2d:e6:15:84:80:c6:4e:76:
        ad:9d:66:30:bd:84:d3:0f:a9:7b:48:de:61:92:bf:aa:
        67:1a:4a:5a:ac:ad:20:2d:71:cf:f7:c9:8f:9f:81:7b:
        23:79:8a:52:03:85:b8:dd:28:1f:a4:74:65:30:12:a4:
        73:f6:78:ad:93:22:1c:86:4c:53:b7:7d:3a:0b:bd:29:
        90:04:de:05:64:b8:19:44:b8:38:88:5e:aa:ad:91:ea:
        c6:b7:b8:93:ef:b0:ea:3c:49:92:07:f0:b2:91:90:da:
        9f:20:19:f4:dd:c4:96:26:b5:a4:79:c0:12:a7:7e:8b
    Fingerprint (SHA-256):
        E7:32:BE:B5:A6:C1:04:54:27:17:EF:E8:4A:F5:5C:C1:5A:B6:F5:46:36:DA:EF:C8:A2:C6:D7:14:BB:A1:E2:E6
    Fingerprint (SHA1):
        D9:FE:6D:E5:23:2C:93:6C:42:59:11:E3:3C:83:2B:39:40:E9:EC:C0
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3643: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3644: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173986 (0x25712ca2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:01 2016
            Not After : Mon Jun 28 17:44:01 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:82:dd:67:45:ba:31:8b:cc:90:3e:81:4b:f4:68:38:
                    ec:41:f9:13:52:57:6f:63:97:95:4f:98:62:7d:92:61:
                    40:f7:84:41:1a:fd:56:09:61:26:35:18:d2:be:9f:0f:
                    23:2f:97:71:70:77:53:a4:98:1f:ed:66:0b:23:80:20:
                    73:9a:0b:ef:e5:14:d8:6a:a6:cf:f5:b4:54:e2:fb:f8:
                    7c:93:80:8f:8c:9d:59:92:cc:31:1c:d4:05:67:52:5b:
                    84:eb:d7:29:2d:b3:96:26:58:1f:e1:c7:56:2e:4a:9d:
                    5d:9a:07:a8:4d:53:eb:e0:2d:60:d0:da:05:d2:1f:c5:
                    cc:fe:2f:64:8b:94:63:32:e5:c5:92:df:c1:a0:8a:11:
                    9d:05:dc:5f:ae:3c:d3:a6:13:cc:d9:e3:8d:33:d7:16:
                    47:16:b3:39:65:69:45:2c:71:88:53:c0:bb:37:10:25:
                    1d:ad:8a:ea:97:03:ae:c1:05:c0:16:22:7f:2c:bc:bf:
                    f5:94:a9:05:ef:b6:30:02:82:e1:76:42:1e:89:eb:a3:
                    d4:85:34:46:b3:b7:79:fe:97:3e:c7:79:42:22:19:d1:
                    8d:04:c2:bc:1c:a9:79:f9:95:61:f1:f3:13:9b:0a:f6:
                    fa:66:00:48:68:8e:cc:89:c9:67:24:33:05:08:9b:75
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d7:26:0b:05:9c:e1:7d:0f:29:9e:28:92:df:5d:29:94:
        16:2f:39:46:4c:49:20:10:1f:ca:ca:96:5b:f8:1b:bb:
        8c:90:2a:63:6b:51:70:8c:c0:22:03:e1:b8:44:c3:60:
        f0:79:c0:4e:a1:f9:44:a5:27:6f:20:9b:76:28:f7:2e:
        d5:90:1e:1b:5e:6e:79:94:3b:fa:f2:b1:78:a3:2a:cc:
        4e:2a:d3:ca:d5:b6:e1:c9:09:1e:fd:af:3e:95:f1:06:
        11:d6:df:07:e5:4b:1d:22:f3:0e:49:39:ae:0d:12:8c:
        82:e0:ed:ab:a2:d1:ad:05:4f:4f:bd:d0:fb:af:85:56:
        9c:f7:80:a7:17:32:f6:e8:dd:e0:2f:86:e7:81:af:91:
        57:95:e1:3c:43:a1:f6:69:8b:44:ca:fc:66:2c:91:aa:
        a5:82:7d:75:7d:18:de:4c:e7:f1:43:fe:b7:f3:7e:ec:
        13:46:28:08:ee:ad:58:0f:50:8e:e8:d7:58:a0:40:23:
        5a:bd:57:9c:d2:f7:99:30:84:11:5b:73:12:a1:b6:33:
        8f:65:27:b7:20:be:72:99:7b:bc:73:e1:5e:29:e1:ab:
        01:b7:05:3b:7d:f2:c7:5e:64:c7:cc:a5:d9:ab:4c:1e:
        06:09:98:41:4d:30:13:2b:f1:5b:16:6e:bc:0a:e7:05
    Fingerprint (SHA-256):
        4F:42:2C:9E:D6:AA:B0:52:C4:5C:92:D0:82:E4:CC:1A:C8:65:BE:AC:FC:47:E9:F0:23:88:57:B4:87:FE:99:88
    Fingerprint (SHA1):
        32:11:EB:EC:D3:8D:25:67:77:D8:1D:01:35:23:CA:3D:9A:62:B9:D6
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3645: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3646: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173987 (0x25712ca3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:06 2016
            Not After : Mon Jun 28 17:44:06 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:3a:36:28:ef:b0:0d:8c:71:c9:64:27:16:47:a5:e5:
                    0a:69:4b:c3:ba:13:6f:70:f4:8a:6c:45:e7:7c:86:73:
                    62:fe:94:48:90:50:e3:07:8c:e7:0a:5b:d1:9d:42:86:
                    86:75:3b:8b:79:0d:27:41:e0:14:fa:bd:04:ce:d6:27:
                    c3:ce:2d:a6:e8:63:a6:e4:34:4d:b9:27:a4:f6:d4:c6:
                    37:ae:7f:43:a4:07:1c:1f:f3:5e:fb:8b:25:e1:4e:94:
                    46:39:25:d3:8f:7b:3f:c0:07:b5:7d:c0:1b:ea:40:a4:
                    65:91:3e:21:75:d4:28:39:60:2e:dc:28:6b:07:29:86:
                    57:bb:c8:59:ec:d3:f5:dd:af:f9:33:fc:de:6b:fc:3b:
                    a7:d9:1e:94:f9:a2:ca:7f:a1:4a:0b:74:cd:16:c3:72:
                    72:2f:7c:b4:6e:9f:a8:8f:25:ea:ca:20:71:2c:3d:bc:
                    9b:75:21:99:5f:d4:6f:b5:12:7e:07:54:29:c0:de:1e:
                    ac:34:2e:92:e3:4f:b7:43:e6:62:4f:b5:c5:3c:88:bd:
                    62:89:11:42:bc:4d:25:31:18:00:d6:a1:6f:5e:ce:fd:
                    77:a9:16:01:88:e7:87:15:fb:e1:35:e5:71:95:12:99:
                    00:6e:35:ce:e7:1d:e3:e7:f9:e6:57:aa:d4:6b:f5:61
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ae:a8:c7:07:7a:a8:c3:c7:e9:25:aa:79:e2:4b:be:09:
        c2:c2:c5:be:2e:bf:87:d7:9c:8e:75:50:d8:50:6e:aa:
        46:bc:6e:48:82:51:70:37:6a:09:da:37:cb:98:94:02:
        4f:00:d0:c6:5c:7a:e4:4f:da:fa:18:61:98:81:69:a3:
        83:2f:d2:5a:f7:b6:8d:91:f7:ba:47:c1:f5:75:33:5c:
        64:0b:ee:5b:ec:60:ae:b7:4f:9f:96:65:65:65:43:83:
        af:b8:d0:df:a1:f9:77:55:b1:cf:24:93:23:54:69:b0:
        5d:45:f9:44:c1:fb:56:6a:f3:c4:a3:ef:57:80:ce:df:
        f9:62:d1:d5:3d:59:5e:6a:3a:46:b1:0b:84:6f:43:0b:
        cd:1d:2c:4f:ce:ad:42:50:36:67:ac:77:41:0b:52:b2:
        67:d1:43:75:21:25:53:6f:88:b2:da:46:f7:8a:71:5e:
        b8:09:17:14:66:4b:53:ff:aa:bb:eb:20:5e:8c:ef:b1:
        20:3a:d7:5c:9a:af:43:ef:f6:59:87:c5:2c:cb:90:e4:
        11:e6:cc:23:de:10:eb:2e:c2:57:ff:92:43:ef:ea:5f:
        8d:a8:87:23:b7:30:6e:3f:8f:81:05:c7:e0:24:93:d6:
        ab:31:3d:36:5b:35:c9:fc:c8:35:04:ce:45:b4:19:36
    Fingerprint (SHA-256):
        F0:82:68:40:BF:43:61:ED:C3:19:20:CB:4E:56:F3:BC:F4:98:68:12:56:C2:67:A1:50:97:A4:B7:CB:10:46:DD
    Fingerprint (SHA1):
        A4:C1:84:9A:92:FE:EB:C0:32:6D:34:B3:9D:44:9B:41:0C:88:BD:3B
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #3647: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3648: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #3649: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #3650: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #3651: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173985 (0x25712ca1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:43:52 2016
            Not After : Mon Jun 28 17:43:52 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e3:96:13:4a:1c:1b:3c:76:74:20:4b:18:0f:87:ff:c0:
                    b6:24:cc:72:04:85:c9:d4:78:e1:8b:e0:a2:ab:91:b9:
                    21:84:cf:43:c0:76:09:c5:ed:07:e5:37:e7:8c:e7:24:
                    77:3e:b6:da:bf:03:6a:58:76:b3:af:cf:75:e2:5b:88:
                    43:13:b4:06:7a:b4:5d:5b:fb:c3:7e:45:a7:15:1d:f3:
                    63:bb:f8:ba:c8:64:b7:79:91:1c:75:f6:a0:1b:67:53:
                    e1:ed:6f:d3:8b:4f:65:fb:21:e7:47:e0:00:02:4e:25:
                    29:42:57:a5:4f:2f:fc:41:b0:11:5b:09:b1:cd:b0:86:
                    d9:4f:b5:3c:43:e9:53:6a:b9:d8:44:39:de:c5:63:12:
                    31:ca:aa:b3:c8:e2:25:75:91:b9:b1:50:d3:61:83:9e:
                    65:3e:1f:78:ec:a7:f4:d0:c9:3c:e8:ec:cd:b3:f9:62:
                    73:0f:f4:8e:19:42:ce:b9:4a:a1:7f:66:f1:83:96:22:
                    ba:05:a2:e5:f8:a7:a0:23:25:45:f3:0f:05:a4:89:ae:
                    3b:3b:41:27:d7:e1:8a:22:cb:09:1f:d5:51:d9:41:07:
                    be:3f:73:4e:7a:5e:67:c3:9a:4b:b3:4e:18:45:46:91:
                    0c:00:fe:ed:41:60:42:11:85:9d:70:eb:1c:45:bd:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b3:8e:ec:9b:e1:03:fa:ac:6f:95:2a:fc:75:a4:02:f6:
        20:90:b8:37:7f:37:60:dc:88:63:49:1f:2f:45:74:38:
        a6:e9:34:a3:2a:3f:a4:25:4c:1b:cf:f2:a9:e7:09:0a:
        8b:e8:ce:e5:a1:35:ee:90:ac:e5:08:ff:a1:5d:06:c6:
        2c:81:20:5a:c6:dc:75:cd:8f:47:e9:72:9d:ca:cc:37:
        c5:a4:d8:46:f8:3d:65:d1:bd:bc:37:e2:27:66:4b:d9:
        6f:8a:12:42:d7:ad:9b:36:be:a1:f0:68:0e:e1:0e:6a:
        49:ab:c1:5a:65:93:fe:cc:3f:b2:1d:0d:4f:68:a8:5e:
        76:03:7a:c0:c3:2c:5b:59:2d:e6:15:84:80:c6:4e:76:
        ad:9d:66:30:bd:84:d3:0f:a9:7b:48:de:61:92:bf:aa:
        67:1a:4a:5a:ac:ad:20:2d:71:cf:f7:c9:8f:9f:81:7b:
        23:79:8a:52:03:85:b8:dd:28:1f:a4:74:65:30:12:a4:
        73:f6:78:ad:93:22:1c:86:4c:53:b7:7d:3a:0b:bd:29:
        90:04:de:05:64:b8:19:44:b8:38:88:5e:aa:ad:91:ea:
        c6:b7:b8:93:ef:b0:ea:3c:49:92:07:f0:b2:91:90:da:
        9f:20:19:f4:dd:c4:96:26:b5:a4:79:c0:12:a7:7e:8b
    Fingerprint (SHA-256):
        E7:32:BE:B5:A6:C1:04:54:27:17:EF:E8:4A:F5:5C:C1:5A:B6:F5:46:36:DA:EF:C8:A2:C6:D7:14:BB:A1:E2:E6
    Fingerprint (SHA1):
        D9:FE:6D:E5:23:2C:93:6C:42:59:11:E3:3C:83:2B:39:40:E9:EC:C0
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3652: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3653: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173986 (0x25712ca2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:01 2016
            Not After : Mon Jun 28 17:44:01 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:82:dd:67:45:ba:31:8b:cc:90:3e:81:4b:f4:68:38:
                    ec:41:f9:13:52:57:6f:63:97:95:4f:98:62:7d:92:61:
                    40:f7:84:41:1a:fd:56:09:61:26:35:18:d2:be:9f:0f:
                    23:2f:97:71:70:77:53:a4:98:1f:ed:66:0b:23:80:20:
                    73:9a:0b:ef:e5:14:d8:6a:a6:cf:f5:b4:54:e2:fb:f8:
                    7c:93:80:8f:8c:9d:59:92:cc:31:1c:d4:05:67:52:5b:
                    84:eb:d7:29:2d:b3:96:26:58:1f:e1:c7:56:2e:4a:9d:
                    5d:9a:07:a8:4d:53:eb:e0:2d:60:d0:da:05:d2:1f:c5:
                    cc:fe:2f:64:8b:94:63:32:e5:c5:92:df:c1:a0:8a:11:
                    9d:05:dc:5f:ae:3c:d3:a6:13:cc:d9:e3:8d:33:d7:16:
                    47:16:b3:39:65:69:45:2c:71:88:53:c0:bb:37:10:25:
                    1d:ad:8a:ea:97:03:ae:c1:05:c0:16:22:7f:2c:bc:bf:
                    f5:94:a9:05:ef:b6:30:02:82:e1:76:42:1e:89:eb:a3:
                    d4:85:34:46:b3:b7:79:fe:97:3e:c7:79:42:22:19:d1:
                    8d:04:c2:bc:1c:a9:79:f9:95:61:f1:f3:13:9b:0a:f6:
                    fa:66:00:48:68:8e:cc:89:c9:67:24:33:05:08:9b:75
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d7:26:0b:05:9c:e1:7d:0f:29:9e:28:92:df:5d:29:94:
        16:2f:39:46:4c:49:20:10:1f:ca:ca:96:5b:f8:1b:bb:
        8c:90:2a:63:6b:51:70:8c:c0:22:03:e1:b8:44:c3:60:
        f0:79:c0:4e:a1:f9:44:a5:27:6f:20:9b:76:28:f7:2e:
        d5:90:1e:1b:5e:6e:79:94:3b:fa:f2:b1:78:a3:2a:cc:
        4e:2a:d3:ca:d5:b6:e1:c9:09:1e:fd:af:3e:95:f1:06:
        11:d6:df:07:e5:4b:1d:22:f3:0e:49:39:ae:0d:12:8c:
        82:e0:ed:ab:a2:d1:ad:05:4f:4f:bd:d0:fb:af:85:56:
        9c:f7:80:a7:17:32:f6:e8:dd:e0:2f:86:e7:81:af:91:
        57:95:e1:3c:43:a1:f6:69:8b:44:ca:fc:66:2c:91:aa:
        a5:82:7d:75:7d:18:de:4c:e7:f1:43:fe:b7:f3:7e:ec:
        13:46:28:08:ee:ad:58:0f:50:8e:e8:d7:58:a0:40:23:
        5a:bd:57:9c:d2:f7:99:30:84:11:5b:73:12:a1:b6:33:
        8f:65:27:b7:20:be:72:99:7b:bc:73:e1:5e:29:e1:ab:
        01:b7:05:3b:7d:f2:c7:5e:64:c7:cc:a5:d9:ab:4c:1e:
        06:09:98:41:4d:30:13:2b:f1:5b:16:6e:bc:0a:e7:05
    Fingerprint (SHA-256):
        4F:42:2C:9E:D6:AA:B0:52:C4:5C:92:D0:82:E4:CC:1A:C8:65:BE:AC:FC:47:E9:F0:23:88:57:B4:87:FE:99:88
    Fingerprint (SHA1):
        32:11:EB:EC:D3:8D:25:67:77:D8:1D:01:35:23:CA:3D:9A:62:B9:D6
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3654: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3655: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173987 (0x25712ca3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:06 2016
            Not After : Mon Jun 28 17:44:06 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:3a:36:28:ef:b0:0d:8c:71:c9:64:27:16:47:a5:e5:
                    0a:69:4b:c3:ba:13:6f:70:f4:8a:6c:45:e7:7c:86:73:
                    62:fe:94:48:90:50:e3:07:8c:e7:0a:5b:d1:9d:42:86:
                    86:75:3b:8b:79:0d:27:41:e0:14:fa:bd:04:ce:d6:27:
                    c3:ce:2d:a6:e8:63:a6:e4:34:4d:b9:27:a4:f6:d4:c6:
                    37:ae:7f:43:a4:07:1c:1f:f3:5e:fb:8b:25:e1:4e:94:
                    46:39:25:d3:8f:7b:3f:c0:07:b5:7d:c0:1b:ea:40:a4:
                    65:91:3e:21:75:d4:28:39:60:2e:dc:28:6b:07:29:86:
                    57:bb:c8:59:ec:d3:f5:dd:af:f9:33:fc:de:6b:fc:3b:
                    a7:d9:1e:94:f9:a2:ca:7f:a1:4a:0b:74:cd:16:c3:72:
                    72:2f:7c:b4:6e:9f:a8:8f:25:ea:ca:20:71:2c:3d:bc:
                    9b:75:21:99:5f:d4:6f:b5:12:7e:07:54:29:c0:de:1e:
                    ac:34:2e:92:e3:4f:b7:43:e6:62:4f:b5:c5:3c:88:bd:
                    62:89:11:42:bc:4d:25:31:18:00:d6:a1:6f:5e:ce:fd:
                    77:a9:16:01:88:e7:87:15:fb:e1:35:e5:71:95:12:99:
                    00:6e:35:ce:e7:1d:e3:e7:f9:e6:57:aa:d4:6b:f5:61
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ae:a8:c7:07:7a:a8:c3:c7:e9:25:aa:79:e2:4b:be:09:
        c2:c2:c5:be:2e:bf:87:d7:9c:8e:75:50:d8:50:6e:aa:
        46:bc:6e:48:82:51:70:37:6a:09:da:37:cb:98:94:02:
        4f:00:d0:c6:5c:7a:e4:4f:da:fa:18:61:98:81:69:a3:
        83:2f:d2:5a:f7:b6:8d:91:f7:ba:47:c1:f5:75:33:5c:
        64:0b:ee:5b:ec:60:ae:b7:4f:9f:96:65:65:65:43:83:
        af:b8:d0:df:a1:f9:77:55:b1:cf:24:93:23:54:69:b0:
        5d:45:f9:44:c1:fb:56:6a:f3:c4:a3:ef:57:80:ce:df:
        f9:62:d1:d5:3d:59:5e:6a:3a:46:b1:0b:84:6f:43:0b:
        cd:1d:2c:4f:ce:ad:42:50:36:67:ac:77:41:0b:52:b2:
        67:d1:43:75:21:25:53:6f:88:b2:da:46:f7:8a:71:5e:
        b8:09:17:14:66:4b:53:ff:aa:bb:eb:20:5e:8c:ef:b1:
        20:3a:d7:5c:9a:af:43:ef:f6:59:87:c5:2c:cb:90:e4:
        11:e6:cc:23:de:10:eb:2e:c2:57:ff:92:43:ef:ea:5f:
        8d:a8:87:23:b7:30:6e:3f:8f:81:05:c7:e0:24:93:d6:
        ab:31:3d:36:5b:35:c9:fc:c8:35:04:ce:45:b4:19:36
    Fingerprint (SHA-256):
        F0:82:68:40:BF:43:61:ED:C3:19:20:CB:4E:56:F3:BC:F4:98:68:12:56:C2:67:A1:50:97:A4:B7:CB:10:46:DD
    Fingerprint (SHA1):
        A4:C1:84:9A:92:FE:EB:C0:32:6D:34:B3:9D:44:9B:41:0C:88:BD:3B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #3656: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3657: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3658: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173989 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3659: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3660: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3661: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3662: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628173990   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3663: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3664: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3665: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3666: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628173991   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3667: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3668: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #3669: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3670: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628173992   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3671: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3672: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #3673: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3674: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628173993   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3675: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3676: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3677: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173989 (0x25712ca5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:15 2016
            Not After : Mon Jun 28 17:44:15 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:99:31:e0:01:07:5d:86:4d:47:72:19:16:d8:3d:ca:
                    eb:e0:ba:17:0f:80:8b:4e:f0:fa:17:86:f9:8e:26:37:
                    4e:be:9c:af:58:30:17:45:5c:b4:aa:a9:87:ab:73:3c:
                    07:a0:90:cc:62:b7:13:76:29:fa:89:fd:5b:67:2f:6d:
                    81:d0:32:ea:c7:1e:1f:f7:86:8f:69:27:b9:e0:98:38:
                    e4:2f:80:23:81:91:0d:a6:30:ba:81:5c:0a:2e:69:5e:
                    ee:9f:96:37:e3:04:6e:d1:3b:3c:8b:32:93:f5:51:0d:
                    db:44:99:8f:f2:b4:95:2d:68:8b:c8:79:6c:98:67:f0:
                    4f:6b:15:42:da:ba:bb:58:82:2a:76:4a:a1:78:49:47:
                    6b:79:5b:0c:27:84:66:57:cf:7d:68:b9:b9:91:83:d6:
                    6a:26:6f:d4:b0:40:69:f2:b7:1e:87:04:79:42:f0:28:
                    c8:66:30:60:8e:50:bd:71:aa:5a:23:2c:8a:bf:f3:6c:
                    d6:b5:1c:83:1c:6e:96:e6:c8:3c:79:9a:dc:c2:c0:9b:
                    12:36:77:32:e9:2d:5f:5b:86:3a:b8:ca:b2:d2:9f:3c:
                    ae:43:76:bc:9c:20:d1:69:ab:62:09:32:a6:8f:4f:50:
                    e2:66:e7:f6:d7:7d:94:e2:fa:9a:60:fe:f4:0d:c1:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6a:9c:e0:de:fd:ab:1f:01:23:57:b8:05:82:97:63:ba:
        df:13:10:79:9d:3f:14:b6:2f:71:b5:6b:99:da:96:f8:
        79:f0:22:ea:d1:b7:86:18:aa:46:40:ab:e1:d4:ed:08:
        d5:f9:8c:83:4f:c0:cd:f0:14:ec:4e:2b:b0:1f:9a:6a:
        33:06:f8:6c:0b:77:c0:2f:ec:52:9a:6a:3e:f7:27:08:
        d3:9a:b4:a7:09:ed:61:7f:b2:7b:1a:25:27:5e:33:61:
        88:82:f1:f1:68:cf:1c:af:b9:43:c4:73:ee:94:b9:97:
        65:cd:d7:fb:80:54:d8:03:85:fb:a9:8e:0d:d2:ef:35:
        48:b3:1a:ac:9a:4a:db:e3:ea:c7:ba:0a:0b:c9:a8:a7:
        e5:f3:d5:af:26:cc:3c:c1:92:68:82:02:e4:51:97:30:
        4a:d8:ca:9f:72:c7:d7:5d:7a:94:6e:6c:b9:dc:3a:12:
        40:3a:3b:c1:51:5c:ee:40:3d:ed:d0:c6:24:8d:8e:55:
        81:0d:a8:fc:1c:48:81:b2:6c:c1:ed:a3:ba:31:60:ce:
        19:8d:92:6c:9b:24:78:e2:de:b8:1e:db:f6:9d:b6:9d:
        2f:ae:6b:97:6e:21:6b:dd:9c:f1:37:d3:4d:e8:fb:d6:
        fb:93:a3:6e:2c:8b:9a:ea:63:d6:67:ab:9e:f6:65:c4
    Fingerprint (SHA-256):
        C0:2A:02:88:AC:CE:27:44:6F:9C:28:BF:73:F1:01:BB:90:D3:8D:BD:60:8D:E4:3E:FE:9E:59:43:78:F6:71:9D
    Fingerprint (SHA1):
        74:55:49:8B:40:67:23:C8:F1:6C:64:1C:9F:13:CC:A2:69:0E:F9:1A
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3678: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3679: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173990 (0x25712ca6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:24 2016
            Not After : Mon Jun 28 17:44:24 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:09:1a:f9:ef:a6:c6:17:d7:e8:44:e0:58:ef:22:83:
                    92:98:f3:d6:fe:dd:1f:38:59:f4:36:e1:1a:c1:5f:9c:
                    42:eb:9b:50:f6:d3:bf:18:35:b7:66:58:87:06:33:7a:
                    8a:b8:cd:51:9b:f8:f8:6d:20:b1:10:24:10:63:92:5e:
                    44:cd:3e:d0:03:90:2b:c6:71:ec:dd:51:67:35:9e:10:
                    83:f7:50:24:1c:61:aa:21:a4:ff:b3:8d:96:8b:36:b8:
                    4b:d9:3d:4b:c9:36:e7:aa:0d:c5:52:50:5f:d6:41:f9:
                    97:7b:60:cd:12:c1:5c:d7:d7:98:93:00:a9:91:d4:fb:
                    8e:51:43:52:0d:b5:bc:75:76:b6:ad:19:df:21:1a:98:
                    07:cc:c4:a4:1a:7d:46:10:3a:fe:e4:f1:51:ab:cc:f2:
                    a5:7a:ed:88:0d:c6:33:76:20:dd:e3:c1:52:14:2f:4b:
                    39:d7:3c:98:73:e9:e0:aa:9e:da:61:78:90:7c:90:39:
                    94:9c:0b:8a:c4:97:74:75:1e:2c:76:7a:80:cf:c4:3d:
                    ab:e4:d5:04:70:46:31:86:9b:09:bd:87:da:19:4a:eb:
                    5d:4c:f0:28:f7:82:8f:9f:f3:02:16:52:ba:10:b6:41:
                    2a:25:08:ca:47:86:a3:2a:d6:e9:d1:c9:51:b8:4b:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:93:5a:0d:59:ec:67:60:ed:69:47:7f:93:a8:f5:9f:
        7a:af:58:2d:d9:32:f8:17:d8:be:2b:3a:27:c8:09:e9:
        37:91:59:e6:78:d8:26:10:78:35:fa:46:38:1c:88:82:
        2c:de:86:2a:46:99:b2:a5:f7:d9:77:6a:b4:43:ba:ce:
        b4:10:17:80:01:81:dd:65:82:21:4f:d0:92:e3:bc:8c:
        11:f1:f7:22:d7:a0:db:e1:6b:0a:b0:d2:d3:29:57:ea:
        ff:8c:3e:64:b8:d3:ef:b2:48:71:e3:63:ea:94:bf:bd:
        ae:b6:7f:15:72:9a:0f:98:83:1d:5b:ff:54:b1:81:67:
        fb:94:74:e8:22:c5:73:0a:f7:1a:61:21:85:60:c3:31:
        50:0d:c3:41:56:8f:c1:96:ce:40:05:50:8c:91:b9:38:
        2b:57:30:03:71:b6:ce:da:53:9f:ba:87:1f:44:04:de:
        7b:2f:db:f3:b1:81:49:40:50:97:4f:bd:8d:77:88:65:
        a5:51:7f:a8:9f:2c:72:a2:c6:7b:79:bb:95:85:a4:01:
        3c:c4:6f:42:26:e2:81:7f:28:64:34:2d:11:0b:02:1d:
        dd:cb:8c:42:17:76:c4:ca:87:65:b5:b8:de:6f:e4:75:
        3b:61:7f:5f:f8:15:11:d3:56:27:2b:b6:52:c6:d0:ba
    Fingerprint (SHA-256):
        1E:66:A5:E0:D2:56:4E:60:F3:F1:9C:2C:38:CA:D0:02:DE:07:C9:04:1A:BA:D1:2D:EE:78:B3:5D:00:F4:AE:18
    Fingerprint (SHA1):
        B9:8D:B3:EF:90:03:0D:C5:C4:63:6C:1A:4F:D7:A3:0D:8C:9D:C5:E8
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3680: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3681: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173991 (0x25712ca7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:29 2016
            Not After : Mon Jun 28 17:44:29 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:9a:38:49:41:8f:c4:90:b0:ef:7f:b3:2b:36:5a:84:
                    84:61:7d:56:89:19:b1:5f:e7:99:31:c6:06:d2:48:16:
                    79:bb:b9:26:f9:8f:c5:36:af:55:b5:2f:16:78:fd:81:
                    2f:c5:bd:6d:66:cf:d2:39:f1:89:f0:54:bb:ac:9f:27:
                    ea:7a:dd:b6:7c:cf:3c:99:5c:13:52:b1:4b:95:4d:49:
                    d7:81:73:91:cf:7a:f0:9e:aa:c5:0b:c5:55:76:6e:1f:
                    46:71:6a:35:73:06:f7:40:7b:58:7d:c7:1a:41:a7:8c:
                    d2:51:9c:fd:79:06:00:5d:c5:d9:7f:9b:48:3f:7d:b9:
                    1a:1b:77:2a:17:f3:d7:da:f6:71:44:00:4d:91:79:d9:
                    52:c7:28:12:87:68:ba:c4:16:a4:db:33:1c:8c:2f:a9:
                    0c:65:f3:38:70:cc:ae:bd:64:16:46:a7:cb:1a:30:2e:
                    f8:25:75:09:90:4e:d8:dd:ba:01:a8:5b:65:72:bd:78:
                    42:76:34:fd:78:e6:45:f9:71:79:52:e5:da:02:41:f6:
                    14:b6:ce:d2:c1:b9:34:0d:ff:09:01:ab:69:55:d5:3a:
                    dc:00:8a:36:50:73:43:97:7f:c5:ea:9e:83:9e:f7:65:
                    48:e2:86:9f:65:a4:f9:19:6e:ec:c6:3b:ed:c7:ee:1f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a7:8c:07:ff:67:9c:85:ec:8e:ba:29:5d:07:ea:c9:eb:
        69:e2:4e:af:01:14:48:78:13:d4:24:a7:9c:55:9c:96:
        c6:58:99:e6:94:52:a3:5e:f8:94:9a:59:5c:e9:48:46:
        f7:b3:31:82:34:5d:5f:75:c0:a5:c2:05:c3:67:04:9f:
        2b:fc:46:92:7e:96:c4:6e:9c:01:7f:53:35:6f:ae:b1:
        6a:55:15:cd:38:35:a5:56:ba:1e:85:67:26:52:18:0e:
        b7:35:ae:b2:b5:07:1d:32:e3:f3:1e:fa:8d:d3:2c:16:
        29:6c:77:4f:dc:50:d9:c0:96:96:bf:c6:a7:2a:98:51:
        05:a4:ea:7d:7b:bc:b5:b8:4a:cc:f4:14:e8:f8:f6:bb:
        c6:1c:48:8a:b1:d2:18:70:3c:13:1b:2f:64:e3:b3:90:
        6e:e2:90:02:7b:38:76:12:ce:08:c0:ba:91:da:b8:8a:
        54:5e:0e:b5:3d:f5:66:b8:51:99:85:7c:b7:fa:d8:9c:
        15:e2:9e:4b:bc:52:72:24:6c:4f:95:67:f8:c1:65:74:
        3f:98:2f:ca:2d:3b:90:75:44:09:db:82:76:7b:60:44:
        e6:60:79:18:96:d5:d7:4a:1d:5a:63:02:26:a6:10:71:
        9d:8e:70:81:d7:19:d5:6e:bc:08:50:eb:f3:ff:f3:6e
    Fingerprint (SHA-256):
        2D:58:F2:D3:FB:00:F2:3A:45:1C:6E:26:EF:F9:6C:2B:58:48:E4:1F:49:FF:37:04:78:6B:1A:06:14:35:A9:52
    Fingerprint (SHA1):
        8F:EA:11:57:7B:D2:0C:C9:A2:A0:F9:72:42:3D:A3:01:22:9A:02:7A
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3682: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3683: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #3684: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #3685: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #3686: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173989 (0x25712ca5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:15 2016
            Not After : Mon Jun 28 17:44:15 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:99:31:e0:01:07:5d:86:4d:47:72:19:16:d8:3d:ca:
                    eb:e0:ba:17:0f:80:8b:4e:f0:fa:17:86:f9:8e:26:37:
                    4e:be:9c:af:58:30:17:45:5c:b4:aa:a9:87:ab:73:3c:
                    07:a0:90:cc:62:b7:13:76:29:fa:89:fd:5b:67:2f:6d:
                    81:d0:32:ea:c7:1e:1f:f7:86:8f:69:27:b9:e0:98:38:
                    e4:2f:80:23:81:91:0d:a6:30:ba:81:5c:0a:2e:69:5e:
                    ee:9f:96:37:e3:04:6e:d1:3b:3c:8b:32:93:f5:51:0d:
                    db:44:99:8f:f2:b4:95:2d:68:8b:c8:79:6c:98:67:f0:
                    4f:6b:15:42:da:ba:bb:58:82:2a:76:4a:a1:78:49:47:
                    6b:79:5b:0c:27:84:66:57:cf:7d:68:b9:b9:91:83:d6:
                    6a:26:6f:d4:b0:40:69:f2:b7:1e:87:04:79:42:f0:28:
                    c8:66:30:60:8e:50:bd:71:aa:5a:23:2c:8a:bf:f3:6c:
                    d6:b5:1c:83:1c:6e:96:e6:c8:3c:79:9a:dc:c2:c0:9b:
                    12:36:77:32:e9:2d:5f:5b:86:3a:b8:ca:b2:d2:9f:3c:
                    ae:43:76:bc:9c:20:d1:69:ab:62:09:32:a6:8f:4f:50:
                    e2:66:e7:f6:d7:7d:94:e2:fa:9a:60:fe:f4:0d:c1:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6a:9c:e0:de:fd:ab:1f:01:23:57:b8:05:82:97:63:ba:
        df:13:10:79:9d:3f:14:b6:2f:71:b5:6b:99:da:96:f8:
        79:f0:22:ea:d1:b7:86:18:aa:46:40:ab:e1:d4:ed:08:
        d5:f9:8c:83:4f:c0:cd:f0:14:ec:4e:2b:b0:1f:9a:6a:
        33:06:f8:6c:0b:77:c0:2f:ec:52:9a:6a:3e:f7:27:08:
        d3:9a:b4:a7:09:ed:61:7f:b2:7b:1a:25:27:5e:33:61:
        88:82:f1:f1:68:cf:1c:af:b9:43:c4:73:ee:94:b9:97:
        65:cd:d7:fb:80:54:d8:03:85:fb:a9:8e:0d:d2:ef:35:
        48:b3:1a:ac:9a:4a:db:e3:ea:c7:ba:0a:0b:c9:a8:a7:
        e5:f3:d5:af:26:cc:3c:c1:92:68:82:02:e4:51:97:30:
        4a:d8:ca:9f:72:c7:d7:5d:7a:94:6e:6c:b9:dc:3a:12:
        40:3a:3b:c1:51:5c:ee:40:3d:ed:d0:c6:24:8d:8e:55:
        81:0d:a8:fc:1c:48:81:b2:6c:c1:ed:a3:ba:31:60:ce:
        19:8d:92:6c:9b:24:78:e2:de:b8:1e:db:f6:9d:b6:9d:
        2f:ae:6b:97:6e:21:6b:dd:9c:f1:37:d3:4d:e8:fb:d6:
        fb:93:a3:6e:2c:8b:9a:ea:63:d6:67:ab:9e:f6:65:c4
    Fingerprint (SHA-256):
        C0:2A:02:88:AC:CE:27:44:6F:9C:28:BF:73:F1:01:BB:90:D3:8D:BD:60:8D:E4:3E:FE:9E:59:43:78:F6:71:9D
    Fingerprint (SHA1):
        74:55:49:8B:40:67:23:C8:F1:6C:64:1C:9F:13:CC:A2:69:0E:F9:1A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3687: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3688: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173990 (0x25712ca6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:24 2016
            Not After : Mon Jun 28 17:44:24 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:09:1a:f9:ef:a6:c6:17:d7:e8:44:e0:58:ef:22:83:
                    92:98:f3:d6:fe:dd:1f:38:59:f4:36:e1:1a:c1:5f:9c:
                    42:eb:9b:50:f6:d3:bf:18:35:b7:66:58:87:06:33:7a:
                    8a:b8:cd:51:9b:f8:f8:6d:20:b1:10:24:10:63:92:5e:
                    44:cd:3e:d0:03:90:2b:c6:71:ec:dd:51:67:35:9e:10:
                    83:f7:50:24:1c:61:aa:21:a4:ff:b3:8d:96:8b:36:b8:
                    4b:d9:3d:4b:c9:36:e7:aa:0d:c5:52:50:5f:d6:41:f9:
                    97:7b:60:cd:12:c1:5c:d7:d7:98:93:00:a9:91:d4:fb:
                    8e:51:43:52:0d:b5:bc:75:76:b6:ad:19:df:21:1a:98:
                    07:cc:c4:a4:1a:7d:46:10:3a:fe:e4:f1:51:ab:cc:f2:
                    a5:7a:ed:88:0d:c6:33:76:20:dd:e3:c1:52:14:2f:4b:
                    39:d7:3c:98:73:e9:e0:aa:9e:da:61:78:90:7c:90:39:
                    94:9c:0b:8a:c4:97:74:75:1e:2c:76:7a:80:cf:c4:3d:
                    ab:e4:d5:04:70:46:31:86:9b:09:bd:87:da:19:4a:eb:
                    5d:4c:f0:28:f7:82:8f:9f:f3:02:16:52:ba:10:b6:41:
                    2a:25:08:ca:47:86:a3:2a:d6:e9:d1:c9:51:b8:4b:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:93:5a:0d:59:ec:67:60:ed:69:47:7f:93:a8:f5:9f:
        7a:af:58:2d:d9:32:f8:17:d8:be:2b:3a:27:c8:09:e9:
        37:91:59:e6:78:d8:26:10:78:35:fa:46:38:1c:88:82:
        2c:de:86:2a:46:99:b2:a5:f7:d9:77:6a:b4:43:ba:ce:
        b4:10:17:80:01:81:dd:65:82:21:4f:d0:92:e3:bc:8c:
        11:f1:f7:22:d7:a0:db:e1:6b:0a:b0:d2:d3:29:57:ea:
        ff:8c:3e:64:b8:d3:ef:b2:48:71:e3:63:ea:94:bf:bd:
        ae:b6:7f:15:72:9a:0f:98:83:1d:5b:ff:54:b1:81:67:
        fb:94:74:e8:22:c5:73:0a:f7:1a:61:21:85:60:c3:31:
        50:0d:c3:41:56:8f:c1:96:ce:40:05:50:8c:91:b9:38:
        2b:57:30:03:71:b6:ce:da:53:9f:ba:87:1f:44:04:de:
        7b:2f:db:f3:b1:81:49:40:50:97:4f:bd:8d:77:88:65:
        a5:51:7f:a8:9f:2c:72:a2:c6:7b:79:bb:95:85:a4:01:
        3c:c4:6f:42:26:e2:81:7f:28:64:34:2d:11:0b:02:1d:
        dd:cb:8c:42:17:76:c4:ca:87:65:b5:b8:de:6f:e4:75:
        3b:61:7f:5f:f8:15:11:d3:56:27:2b:b6:52:c6:d0:ba
    Fingerprint (SHA-256):
        1E:66:A5:E0:D2:56:4E:60:F3:F1:9C:2C:38:CA:D0:02:DE:07:C9:04:1A:BA:D1:2D:EE:78:B3:5D:00:F4:AE:18
    Fingerprint (SHA1):
        B9:8D:B3:EF:90:03:0D:C5:C4:63:6C:1A:4F:D7:A3:0D:8C:9D:C5:E8
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3689: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3690: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173991 (0x25712ca7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:29 2016
            Not After : Mon Jun 28 17:44:29 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:9a:38:49:41:8f:c4:90:b0:ef:7f:b3:2b:36:5a:84:
                    84:61:7d:56:89:19:b1:5f:e7:99:31:c6:06:d2:48:16:
                    79:bb:b9:26:f9:8f:c5:36:af:55:b5:2f:16:78:fd:81:
                    2f:c5:bd:6d:66:cf:d2:39:f1:89:f0:54:bb:ac:9f:27:
                    ea:7a:dd:b6:7c:cf:3c:99:5c:13:52:b1:4b:95:4d:49:
                    d7:81:73:91:cf:7a:f0:9e:aa:c5:0b:c5:55:76:6e:1f:
                    46:71:6a:35:73:06:f7:40:7b:58:7d:c7:1a:41:a7:8c:
                    d2:51:9c:fd:79:06:00:5d:c5:d9:7f:9b:48:3f:7d:b9:
                    1a:1b:77:2a:17:f3:d7:da:f6:71:44:00:4d:91:79:d9:
                    52:c7:28:12:87:68:ba:c4:16:a4:db:33:1c:8c:2f:a9:
                    0c:65:f3:38:70:cc:ae:bd:64:16:46:a7:cb:1a:30:2e:
                    f8:25:75:09:90:4e:d8:dd:ba:01:a8:5b:65:72:bd:78:
                    42:76:34:fd:78:e6:45:f9:71:79:52:e5:da:02:41:f6:
                    14:b6:ce:d2:c1:b9:34:0d:ff:09:01:ab:69:55:d5:3a:
                    dc:00:8a:36:50:73:43:97:7f:c5:ea:9e:83:9e:f7:65:
                    48:e2:86:9f:65:a4:f9:19:6e:ec:c6:3b:ed:c7:ee:1f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a7:8c:07:ff:67:9c:85:ec:8e:ba:29:5d:07:ea:c9:eb:
        69:e2:4e:af:01:14:48:78:13:d4:24:a7:9c:55:9c:96:
        c6:58:99:e6:94:52:a3:5e:f8:94:9a:59:5c:e9:48:46:
        f7:b3:31:82:34:5d:5f:75:c0:a5:c2:05:c3:67:04:9f:
        2b:fc:46:92:7e:96:c4:6e:9c:01:7f:53:35:6f:ae:b1:
        6a:55:15:cd:38:35:a5:56:ba:1e:85:67:26:52:18:0e:
        b7:35:ae:b2:b5:07:1d:32:e3:f3:1e:fa:8d:d3:2c:16:
        29:6c:77:4f:dc:50:d9:c0:96:96:bf:c6:a7:2a:98:51:
        05:a4:ea:7d:7b:bc:b5:b8:4a:cc:f4:14:e8:f8:f6:bb:
        c6:1c:48:8a:b1:d2:18:70:3c:13:1b:2f:64:e3:b3:90:
        6e:e2:90:02:7b:38:76:12:ce:08:c0:ba:91:da:b8:8a:
        54:5e:0e:b5:3d:f5:66:b8:51:99:85:7c:b7:fa:d8:9c:
        15:e2:9e:4b:bc:52:72:24:6c:4f:95:67:f8:c1:65:74:
        3f:98:2f:ca:2d:3b:90:75:44:09:db:82:76:7b:60:44:
        e6:60:79:18:96:d5:d7:4a:1d:5a:63:02:26:a6:10:71:
        9d:8e:70:81:d7:19:d5:6e:bc:08:50:eb:f3:ff:f3:6e
    Fingerprint (SHA-256):
        2D:58:F2:D3:FB:00:F2:3A:45:1C:6E:26:EF:F9:6C:2B:58:48:E4:1F:49:FF:37:04:78:6B:1A:06:14:35:A9:52
    Fingerprint (SHA1):
        8F:EA:11:57:7B:D2:0C:C9:A2:A0:F9:72:42:3D:A3:01:22:9A:02:7A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3691: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3692: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173989 (0x25712ca5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:15 2016
            Not After : Mon Jun 28 17:44:15 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:99:31:e0:01:07:5d:86:4d:47:72:19:16:d8:3d:ca:
                    eb:e0:ba:17:0f:80:8b:4e:f0:fa:17:86:f9:8e:26:37:
                    4e:be:9c:af:58:30:17:45:5c:b4:aa:a9:87:ab:73:3c:
                    07:a0:90:cc:62:b7:13:76:29:fa:89:fd:5b:67:2f:6d:
                    81:d0:32:ea:c7:1e:1f:f7:86:8f:69:27:b9:e0:98:38:
                    e4:2f:80:23:81:91:0d:a6:30:ba:81:5c:0a:2e:69:5e:
                    ee:9f:96:37:e3:04:6e:d1:3b:3c:8b:32:93:f5:51:0d:
                    db:44:99:8f:f2:b4:95:2d:68:8b:c8:79:6c:98:67:f0:
                    4f:6b:15:42:da:ba:bb:58:82:2a:76:4a:a1:78:49:47:
                    6b:79:5b:0c:27:84:66:57:cf:7d:68:b9:b9:91:83:d6:
                    6a:26:6f:d4:b0:40:69:f2:b7:1e:87:04:79:42:f0:28:
                    c8:66:30:60:8e:50:bd:71:aa:5a:23:2c:8a:bf:f3:6c:
                    d6:b5:1c:83:1c:6e:96:e6:c8:3c:79:9a:dc:c2:c0:9b:
                    12:36:77:32:e9:2d:5f:5b:86:3a:b8:ca:b2:d2:9f:3c:
                    ae:43:76:bc:9c:20:d1:69:ab:62:09:32:a6:8f:4f:50:
                    e2:66:e7:f6:d7:7d:94:e2:fa:9a:60:fe:f4:0d:c1:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6a:9c:e0:de:fd:ab:1f:01:23:57:b8:05:82:97:63:ba:
        df:13:10:79:9d:3f:14:b6:2f:71:b5:6b:99:da:96:f8:
        79:f0:22:ea:d1:b7:86:18:aa:46:40:ab:e1:d4:ed:08:
        d5:f9:8c:83:4f:c0:cd:f0:14:ec:4e:2b:b0:1f:9a:6a:
        33:06:f8:6c:0b:77:c0:2f:ec:52:9a:6a:3e:f7:27:08:
        d3:9a:b4:a7:09:ed:61:7f:b2:7b:1a:25:27:5e:33:61:
        88:82:f1:f1:68:cf:1c:af:b9:43:c4:73:ee:94:b9:97:
        65:cd:d7:fb:80:54:d8:03:85:fb:a9:8e:0d:d2:ef:35:
        48:b3:1a:ac:9a:4a:db:e3:ea:c7:ba:0a:0b:c9:a8:a7:
        e5:f3:d5:af:26:cc:3c:c1:92:68:82:02:e4:51:97:30:
        4a:d8:ca:9f:72:c7:d7:5d:7a:94:6e:6c:b9:dc:3a:12:
        40:3a:3b:c1:51:5c:ee:40:3d:ed:d0:c6:24:8d:8e:55:
        81:0d:a8:fc:1c:48:81:b2:6c:c1:ed:a3:ba:31:60:ce:
        19:8d:92:6c:9b:24:78:e2:de:b8:1e:db:f6:9d:b6:9d:
        2f:ae:6b:97:6e:21:6b:dd:9c:f1:37:d3:4d:e8:fb:d6:
        fb:93:a3:6e:2c:8b:9a:ea:63:d6:67:ab:9e:f6:65:c4
    Fingerprint (SHA-256):
        C0:2A:02:88:AC:CE:27:44:6F:9C:28:BF:73:F1:01:BB:90:D3:8D:BD:60:8D:E4:3E:FE:9E:59:43:78:F6:71:9D
    Fingerprint (SHA1):
        74:55:49:8B:40:67:23:C8:F1:6C:64:1C:9F:13:CC:A2:69:0E:F9:1A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3693: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173989 (0x25712ca5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:15 2016
            Not After : Mon Jun 28 17:44:15 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:99:31:e0:01:07:5d:86:4d:47:72:19:16:d8:3d:ca:
                    eb:e0:ba:17:0f:80:8b:4e:f0:fa:17:86:f9:8e:26:37:
                    4e:be:9c:af:58:30:17:45:5c:b4:aa:a9:87:ab:73:3c:
                    07:a0:90:cc:62:b7:13:76:29:fa:89:fd:5b:67:2f:6d:
                    81:d0:32:ea:c7:1e:1f:f7:86:8f:69:27:b9:e0:98:38:
                    e4:2f:80:23:81:91:0d:a6:30:ba:81:5c:0a:2e:69:5e:
                    ee:9f:96:37:e3:04:6e:d1:3b:3c:8b:32:93:f5:51:0d:
                    db:44:99:8f:f2:b4:95:2d:68:8b:c8:79:6c:98:67:f0:
                    4f:6b:15:42:da:ba:bb:58:82:2a:76:4a:a1:78:49:47:
                    6b:79:5b:0c:27:84:66:57:cf:7d:68:b9:b9:91:83:d6:
                    6a:26:6f:d4:b0:40:69:f2:b7:1e:87:04:79:42:f0:28:
                    c8:66:30:60:8e:50:bd:71:aa:5a:23:2c:8a:bf:f3:6c:
                    d6:b5:1c:83:1c:6e:96:e6:c8:3c:79:9a:dc:c2:c0:9b:
                    12:36:77:32:e9:2d:5f:5b:86:3a:b8:ca:b2:d2:9f:3c:
                    ae:43:76:bc:9c:20:d1:69:ab:62:09:32:a6:8f:4f:50:
                    e2:66:e7:f6:d7:7d:94:e2:fa:9a:60:fe:f4:0d:c1:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6a:9c:e0:de:fd:ab:1f:01:23:57:b8:05:82:97:63:ba:
        df:13:10:79:9d:3f:14:b6:2f:71:b5:6b:99:da:96:f8:
        79:f0:22:ea:d1:b7:86:18:aa:46:40:ab:e1:d4:ed:08:
        d5:f9:8c:83:4f:c0:cd:f0:14:ec:4e:2b:b0:1f:9a:6a:
        33:06:f8:6c:0b:77:c0:2f:ec:52:9a:6a:3e:f7:27:08:
        d3:9a:b4:a7:09:ed:61:7f:b2:7b:1a:25:27:5e:33:61:
        88:82:f1:f1:68:cf:1c:af:b9:43:c4:73:ee:94:b9:97:
        65:cd:d7:fb:80:54:d8:03:85:fb:a9:8e:0d:d2:ef:35:
        48:b3:1a:ac:9a:4a:db:e3:ea:c7:ba:0a:0b:c9:a8:a7:
        e5:f3:d5:af:26:cc:3c:c1:92:68:82:02:e4:51:97:30:
        4a:d8:ca:9f:72:c7:d7:5d:7a:94:6e:6c:b9:dc:3a:12:
        40:3a:3b:c1:51:5c:ee:40:3d:ed:d0:c6:24:8d:8e:55:
        81:0d:a8:fc:1c:48:81:b2:6c:c1:ed:a3:ba:31:60:ce:
        19:8d:92:6c:9b:24:78:e2:de:b8:1e:db:f6:9d:b6:9d:
        2f:ae:6b:97:6e:21:6b:dd:9c:f1:37:d3:4d:e8:fb:d6:
        fb:93:a3:6e:2c:8b:9a:ea:63:d6:67:ab:9e:f6:65:c4
    Fingerprint (SHA-256):
        C0:2A:02:88:AC:CE:27:44:6F:9C:28:BF:73:F1:01:BB:90:D3:8D:BD:60:8D:E4:3E:FE:9E:59:43:78:F6:71:9D
    Fingerprint (SHA1):
        74:55:49:8B:40:67:23:C8:F1:6C:64:1C:9F:13:CC:A2:69:0E:F9:1A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3694: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173990 (0x25712ca6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:24 2016
            Not After : Mon Jun 28 17:44:24 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:09:1a:f9:ef:a6:c6:17:d7:e8:44:e0:58:ef:22:83:
                    92:98:f3:d6:fe:dd:1f:38:59:f4:36:e1:1a:c1:5f:9c:
                    42:eb:9b:50:f6:d3:bf:18:35:b7:66:58:87:06:33:7a:
                    8a:b8:cd:51:9b:f8:f8:6d:20:b1:10:24:10:63:92:5e:
                    44:cd:3e:d0:03:90:2b:c6:71:ec:dd:51:67:35:9e:10:
                    83:f7:50:24:1c:61:aa:21:a4:ff:b3:8d:96:8b:36:b8:
                    4b:d9:3d:4b:c9:36:e7:aa:0d:c5:52:50:5f:d6:41:f9:
                    97:7b:60:cd:12:c1:5c:d7:d7:98:93:00:a9:91:d4:fb:
                    8e:51:43:52:0d:b5:bc:75:76:b6:ad:19:df:21:1a:98:
                    07:cc:c4:a4:1a:7d:46:10:3a:fe:e4:f1:51:ab:cc:f2:
                    a5:7a:ed:88:0d:c6:33:76:20:dd:e3:c1:52:14:2f:4b:
                    39:d7:3c:98:73:e9:e0:aa:9e:da:61:78:90:7c:90:39:
                    94:9c:0b:8a:c4:97:74:75:1e:2c:76:7a:80:cf:c4:3d:
                    ab:e4:d5:04:70:46:31:86:9b:09:bd:87:da:19:4a:eb:
                    5d:4c:f0:28:f7:82:8f:9f:f3:02:16:52:ba:10:b6:41:
                    2a:25:08:ca:47:86:a3:2a:d6:e9:d1:c9:51:b8:4b:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:93:5a:0d:59:ec:67:60:ed:69:47:7f:93:a8:f5:9f:
        7a:af:58:2d:d9:32:f8:17:d8:be:2b:3a:27:c8:09:e9:
        37:91:59:e6:78:d8:26:10:78:35:fa:46:38:1c:88:82:
        2c:de:86:2a:46:99:b2:a5:f7:d9:77:6a:b4:43:ba:ce:
        b4:10:17:80:01:81:dd:65:82:21:4f:d0:92:e3:bc:8c:
        11:f1:f7:22:d7:a0:db:e1:6b:0a:b0:d2:d3:29:57:ea:
        ff:8c:3e:64:b8:d3:ef:b2:48:71:e3:63:ea:94:bf:bd:
        ae:b6:7f:15:72:9a:0f:98:83:1d:5b:ff:54:b1:81:67:
        fb:94:74:e8:22:c5:73:0a:f7:1a:61:21:85:60:c3:31:
        50:0d:c3:41:56:8f:c1:96:ce:40:05:50:8c:91:b9:38:
        2b:57:30:03:71:b6:ce:da:53:9f:ba:87:1f:44:04:de:
        7b:2f:db:f3:b1:81:49:40:50:97:4f:bd:8d:77:88:65:
        a5:51:7f:a8:9f:2c:72:a2:c6:7b:79:bb:95:85:a4:01:
        3c:c4:6f:42:26:e2:81:7f:28:64:34:2d:11:0b:02:1d:
        dd:cb:8c:42:17:76:c4:ca:87:65:b5:b8:de:6f:e4:75:
        3b:61:7f:5f:f8:15:11:d3:56:27:2b:b6:52:c6:d0:ba
    Fingerprint (SHA-256):
        1E:66:A5:E0:D2:56:4E:60:F3:F1:9C:2C:38:CA:D0:02:DE:07:C9:04:1A:BA:D1:2D:EE:78:B3:5D:00:F4:AE:18
    Fingerprint (SHA1):
        B9:8D:B3:EF:90:03:0D:C5:C4:63:6C:1A:4F:D7:A3:0D:8C:9D:C5:E8
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3695: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173990 (0x25712ca6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:24 2016
            Not After : Mon Jun 28 17:44:24 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:09:1a:f9:ef:a6:c6:17:d7:e8:44:e0:58:ef:22:83:
                    92:98:f3:d6:fe:dd:1f:38:59:f4:36:e1:1a:c1:5f:9c:
                    42:eb:9b:50:f6:d3:bf:18:35:b7:66:58:87:06:33:7a:
                    8a:b8:cd:51:9b:f8:f8:6d:20:b1:10:24:10:63:92:5e:
                    44:cd:3e:d0:03:90:2b:c6:71:ec:dd:51:67:35:9e:10:
                    83:f7:50:24:1c:61:aa:21:a4:ff:b3:8d:96:8b:36:b8:
                    4b:d9:3d:4b:c9:36:e7:aa:0d:c5:52:50:5f:d6:41:f9:
                    97:7b:60:cd:12:c1:5c:d7:d7:98:93:00:a9:91:d4:fb:
                    8e:51:43:52:0d:b5:bc:75:76:b6:ad:19:df:21:1a:98:
                    07:cc:c4:a4:1a:7d:46:10:3a:fe:e4:f1:51:ab:cc:f2:
                    a5:7a:ed:88:0d:c6:33:76:20:dd:e3:c1:52:14:2f:4b:
                    39:d7:3c:98:73:e9:e0:aa:9e:da:61:78:90:7c:90:39:
                    94:9c:0b:8a:c4:97:74:75:1e:2c:76:7a:80:cf:c4:3d:
                    ab:e4:d5:04:70:46:31:86:9b:09:bd:87:da:19:4a:eb:
                    5d:4c:f0:28:f7:82:8f:9f:f3:02:16:52:ba:10:b6:41:
                    2a:25:08:ca:47:86:a3:2a:d6:e9:d1:c9:51:b8:4b:d3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:93:5a:0d:59:ec:67:60:ed:69:47:7f:93:a8:f5:9f:
        7a:af:58:2d:d9:32:f8:17:d8:be:2b:3a:27:c8:09:e9:
        37:91:59:e6:78:d8:26:10:78:35:fa:46:38:1c:88:82:
        2c:de:86:2a:46:99:b2:a5:f7:d9:77:6a:b4:43:ba:ce:
        b4:10:17:80:01:81:dd:65:82:21:4f:d0:92:e3:bc:8c:
        11:f1:f7:22:d7:a0:db:e1:6b:0a:b0:d2:d3:29:57:ea:
        ff:8c:3e:64:b8:d3:ef:b2:48:71:e3:63:ea:94:bf:bd:
        ae:b6:7f:15:72:9a:0f:98:83:1d:5b:ff:54:b1:81:67:
        fb:94:74:e8:22:c5:73:0a:f7:1a:61:21:85:60:c3:31:
        50:0d:c3:41:56:8f:c1:96:ce:40:05:50:8c:91:b9:38:
        2b:57:30:03:71:b6:ce:da:53:9f:ba:87:1f:44:04:de:
        7b:2f:db:f3:b1:81:49:40:50:97:4f:bd:8d:77:88:65:
        a5:51:7f:a8:9f:2c:72:a2:c6:7b:79:bb:95:85:a4:01:
        3c:c4:6f:42:26:e2:81:7f:28:64:34:2d:11:0b:02:1d:
        dd:cb:8c:42:17:76:c4:ca:87:65:b5:b8:de:6f:e4:75:
        3b:61:7f:5f:f8:15:11:d3:56:27:2b:b6:52:c6:d0:ba
    Fingerprint (SHA-256):
        1E:66:A5:E0:D2:56:4E:60:F3:F1:9C:2C:38:CA:D0:02:DE:07:C9:04:1A:BA:D1:2D:EE:78:B3:5D:00:F4:AE:18
    Fingerprint (SHA1):
        B9:8D:B3:EF:90:03:0D:C5:C4:63:6C:1A:4F:D7:A3:0D:8C:9D:C5:E8
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3696: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173991 (0x25712ca7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:29 2016
            Not After : Mon Jun 28 17:44:29 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:9a:38:49:41:8f:c4:90:b0:ef:7f:b3:2b:36:5a:84:
                    84:61:7d:56:89:19:b1:5f:e7:99:31:c6:06:d2:48:16:
                    79:bb:b9:26:f9:8f:c5:36:af:55:b5:2f:16:78:fd:81:
                    2f:c5:bd:6d:66:cf:d2:39:f1:89:f0:54:bb:ac:9f:27:
                    ea:7a:dd:b6:7c:cf:3c:99:5c:13:52:b1:4b:95:4d:49:
                    d7:81:73:91:cf:7a:f0:9e:aa:c5:0b:c5:55:76:6e:1f:
                    46:71:6a:35:73:06:f7:40:7b:58:7d:c7:1a:41:a7:8c:
                    d2:51:9c:fd:79:06:00:5d:c5:d9:7f:9b:48:3f:7d:b9:
                    1a:1b:77:2a:17:f3:d7:da:f6:71:44:00:4d:91:79:d9:
                    52:c7:28:12:87:68:ba:c4:16:a4:db:33:1c:8c:2f:a9:
                    0c:65:f3:38:70:cc:ae:bd:64:16:46:a7:cb:1a:30:2e:
                    f8:25:75:09:90:4e:d8:dd:ba:01:a8:5b:65:72:bd:78:
                    42:76:34:fd:78:e6:45:f9:71:79:52:e5:da:02:41:f6:
                    14:b6:ce:d2:c1:b9:34:0d:ff:09:01:ab:69:55:d5:3a:
                    dc:00:8a:36:50:73:43:97:7f:c5:ea:9e:83:9e:f7:65:
                    48:e2:86:9f:65:a4:f9:19:6e:ec:c6:3b:ed:c7:ee:1f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a7:8c:07:ff:67:9c:85:ec:8e:ba:29:5d:07:ea:c9:eb:
        69:e2:4e:af:01:14:48:78:13:d4:24:a7:9c:55:9c:96:
        c6:58:99:e6:94:52:a3:5e:f8:94:9a:59:5c:e9:48:46:
        f7:b3:31:82:34:5d:5f:75:c0:a5:c2:05:c3:67:04:9f:
        2b:fc:46:92:7e:96:c4:6e:9c:01:7f:53:35:6f:ae:b1:
        6a:55:15:cd:38:35:a5:56:ba:1e:85:67:26:52:18:0e:
        b7:35:ae:b2:b5:07:1d:32:e3:f3:1e:fa:8d:d3:2c:16:
        29:6c:77:4f:dc:50:d9:c0:96:96:bf:c6:a7:2a:98:51:
        05:a4:ea:7d:7b:bc:b5:b8:4a:cc:f4:14:e8:f8:f6:bb:
        c6:1c:48:8a:b1:d2:18:70:3c:13:1b:2f:64:e3:b3:90:
        6e:e2:90:02:7b:38:76:12:ce:08:c0:ba:91:da:b8:8a:
        54:5e:0e:b5:3d:f5:66:b8:51:99:85:7c:b7:fa:d8:9c:
        15:e2:9e:4b:bc:52:72:24:6c:4f:95:67:f8:c1:65:74:
        3f:98:2f:ca:2d:3b:90:75:44:09:db:82:76:7b:60:44:
        e6:60:79:18:96:d5:d7:4a:1d:5a:63:02:26:a6:10:71:
        9d:8e:70:81:d7:19:d5:6e:bc:08:50:eb:f3:ff:f3:6e
    Fingerprint (SHA-256):
        2D:58:F2:D3:FB:00:F2:3A:45:1C:6E:26:EF:F9:6C:2B:58:48:E4:1F:49:FF:37:04:78:6B:1A:06:14:35:A9:52
    Fingerprint (SHA1):
        8F:EA:11:57:7B:D2:0C:C9:A2:A0:F9:72:42:3D:A3:01:22:9A:02:7A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3697: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173991 (0x25712ca7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:29 2016
            Not After : Mon Jun 28 17:44:29 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:9a:38:49:41:8f:c4:90:b0:ef:7f:b3:2b:36:5a:84:
                    84:61:7d:56:89:19:b1:5f:e7:99:31:c6:06:d2:48:16:
                    79:bb:b9:26:f9:8f:c5:36:af:55:b5:2f:16:78:fd:81:
                    2f:c5:bd:6d:66:cf:d2:39:f1:89:f0:54:bb:ac:9f:27:
                    ea:7a:dd:b6:7c:cf:3c:99:5c:13:52:b1:4b:95:4d:49:
                    d7:81:73:91:cf:7a:f0:9e:aa:c5:0b:c5:55:76:6e:1f:
                    46:71:6a:35:73:06:f7:40:7b:58:7d:c7:1a:41:a7:8c:
                    d2:51:9c:fd:79:06:00:5d:c5:d9:7f:9b:48:3f:7d:b9:
                    1a:1b:77:2a:17:f3:d7:da:f6:71:44:00:4d:91:79:d9:
                    52:c7:28:12:87:68:ba:c4:16:a4:db:33:1c:8c:2f:a9:
                    0c:65:f3:38:70:cc:ae:bd:64:16:46:a7:cb:1a:30:2e:
                    f8:25:75:09:90:4e:d8:dd:ba:01:a8:5b:65:72:bd:78:
                    42:76:34:fd:78:e6:45:f9:71:79:52:e5:da:02:41:f6:
                    14:b6:ce:d2:c1:b9:34:0d:ff:09:01:ab:69:55:d5:3a:
                    dc:00:8a:36:50:73:43:97:7f:c5:ea:9e:83:9e:f7:65:
                    48:e2:86:9f:65:a4:f9:19:6e:ec:c6:3b:ed:c7:ee:1f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a7:8c:07:ff:67:9c:85:ec:8e:ba:29:5d:07:ea:c9:eb:
        69:e2:4e:af:01:14:48:78:13:d4:24:a7:9c:55:9c:96:
        c6:58:99:e6:94:52:a3:5e:f8:94:9a:59:5c:e9:48:46:
        f7:b3:31:82:34:5d:5f:75:c0:a5:c2:05:c3:67:04:9f:
        2b:fc:46:92:7e:96:c4:6e:9c:01:7f:53:35:6f:ae:b1:
        6a:55:15:cd:38:35:a5:56:ba:1e:85:67:26:52:18:0e:
        b7:35:ae:b2:b5:07:1d:32:e3:f3:1e:fa:8d:d3:2c:16:
        29:6c:77:4f:dc:50:d9:c0:96:96:bf:c6:a7:2a:98:51:
        05:a4:ea:7d:7b:bc:b5:b8:4a:cc:f4:14:e8:f8:f6:bb:
        c6:1c:48:8a:b1:d2:18:70:3c:13:1b:2f:64:e3:b3:90:
        6e:e2:90:02:7b:38:76:12:ce:08:c0:ba:91:da:b8:8a:
        54:5e:0e:b5:3d:f5:66:b8:51:99:85:7c:b7:fa:d8:9c:
        15:e2:9e:4b:bc:52:72:24:6c:4f:95:67:f8:c1:65:74:
        3f:98:2f:ca:2d:3b:90:75:44:09:db:82:76:7b:60:44:
        e6:60:79:18:96:d5:d7:4a:1d:5a:63:02:26:a6:10:71:
        9d:8e:70:81:d7:19:d5:6e:bc:08:50:eb:f3:ff:f3:6e
    Fingerprint (SHA-256):
        2D:58:F2:D3:FB:00:F2:3A:45:1C:6E:26:EF:F9:6C:2B:58:48:E4:1F:49:FF:37:04:78:6B:1A:06:14:35:A9:52
    Fingerprint (SHA1):
        8F:EA:11:57:7B:D2:0C:C9:A2:A0:F9:72:42:3D:A3:01:22:9A:02:7A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3698: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #3699: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628173994 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3700: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #3701: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3702: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3703: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628173995   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3704: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3705: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3706: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3707: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628173996   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #3708: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3709: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #3710: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3711: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628173997   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3712: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3713: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #3714: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3715: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628173998   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3716: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3717: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #3718: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3719: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628173999   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3720: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3721: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #3722: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3723: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628174000   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3724: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3725: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3726: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #3727: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #3728: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #3729: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #3730: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173994 (0x25712caa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:46 2016
            Not After : Mon Jun 28 17:44:46 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f2:fc:65:c3:d8:94:55:9b:75:da:c0:d2:29:e7:e1:eb:
                    8f:b0:5e:43:80:5e:0b:7b:98:a3:a6:87:4c:24:7f:bd:
                    14:7e:00:1c:91:7f:72:4f:19:65:ba:c1:8f:4d:7b:52:
                    f9:77:e9:df:c9:c8:bb:c0:95:11:94:9a:5d:a4:34:f6:
                    8c:91:28:cb:92:0f:02:7d:d4:64:d5:70:71:ae:12:8c:
                    6c:8f:b7:e1:eb:a5:f0:86:a4:8b:2b:71:96:e6:0b:66:
                    66:e1:91:d7:22:4e:35:90:61:45:1b:50:60:7f:4a:42:
                    c7:8a:16:57:67:75:7d:36:0f:4d:5b:f0:e2:c4:0c:03:
                    db:de:ec:25:6b:90:f8:41:1b:71:e7:cd:34:99:e4:d3:
                    1e:2f:4a:2c:b5:c1:b4:24:53:85:e2:c8:8d:23:92:df:
                    cb:ec:68:5a:8a:dc:07:15:16:94:10:f6:64:95:43:4a:
                    d1:8f:38:ec:d7:5b:2b:bb:34:a2:00:29:cb:1c:db:c0:
                    15:bb:09:4b:3c:a6:b2:06:84:44:82:59:2f:4a:0d:93:
                    ef:4a:19:78:2e:6f:e2:5e:76:0d:a2:99:8e:87:68:60:
                    34:c3:62:20:57:25:1b:73:df:46:46:13:50:5f:91:16:
                    61:7b:db:6a:a8:f6:0a:64:36:d7:62:d0:30:2e:e7:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        10:68:e2:98:fe:74:1b:eb:d2:a4:66:37:7c:c4:b9:b4:
        87:94:92:7b:e2:72:b7:6d:98:c9:e4:21:a4:6d:de:c0:
        bd:be:0a:8c:98:d7:25:14:93:5c:97:68:44:71:37:26:
        5a:e7:99:63:88:15:6d:42:29:dc:26:34:26:5a:b2:72:
        a0:6b:49:07:c3:e2:e2:5c:fe:78:4e:ed:7c:b1:70:4f:
        5c:d2:48:d7:00:3a:da:da:54:e5:07:a3:75:23:b4:d4:
        b5:b5:e7:61:15:7c:76:92:ea:b6:8d:46:b3:65:87:81:
        16:0b:9b:d2:33:13:07:d1:c2:16:1a:36:20:30:c1:12:
        d2:90:d0:76:36:fa:20:16:06:06:6d:29:72:31:5b:75:
        60:7a:49:78:23:6f:c2:67:a5:d2:63:bc:63:da:8e:b9:
        9e:07:7d:36:8b:99:b6:16:47:ca:44:e0:66:e7:52:56:
        dd:45:9f:ac:88:21:37:45:47:85:a8:b9:8f:15:c9:8e:
        65:68:14:41:f8:3b:0a:ad:c8:f4:10:77:fe:9c:73:5b:
        a0:a4:d4:a7:12:cb:b6:2e:7b:5a:3b:5e:1e:c2:8d:25:
        1a:bd:3b:aa:20:d8:2e:0b:fa:81:aa:3f:e7:60:4d:50:
        1f:b4:46:c2:70:08:ab:25:6e:3b:71:ad:3a:ca:dd:fc
    Fingerprint (SHA-256):
        85:0B:9D:96:3B:C8:6B:3F:88:7C:79:DC:95:80:1A:27:D8:1A:AC:2D:CD:2C:10:A2:3F:43:E0:C1:66:B3:37:7D
    Fingerprint (SHA1):
        38:81:7B:7E:EF:81:0E:4E:4D:CB:FA:09:43:05:C8:BC:C3:27:B8:21
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3731: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3732: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3733: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3734: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628173994 (0x25712caa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:44:46 2016
            Not After : Mon Jun 28 17:44:46 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f2:fc:65:c3:d8:94:55:9b:75:da:c0:d2:29:e7:e1:eb:
                    8f:b0:5e:43:80:5e:0b:7b:98:a3:a6:87:4c:24:7f:bd:
                    14:7e:00:1c:91:7f:72:4f:19:65:ba:c1:8f:4d:7b:52:
                    f9:77:e9:df:c9:c8:bb:c0:95:11:94:9a:5d:a4:34:f6:
                    8c:91:28:cb:92:0f:02:7d:d4:64:d5:70:71:ae:12:8c:
                    6c:8f:b7:e1:eb:a5:f0:86:a4:8b:2b:71:96:e6:0b:66:
                    66:e1:91:d7:22:4e:35:90:61:45:1b:50:60:7f:4a:42:
                    c7:8a:16:57:67:75:7d:36:0f:4d:5b:f0:e2:c4:0c:03:
                    db:de:ec:25:6b:90:f8:41:1b:71:e7:cd:34:99:e4:d3:
                    1e:2f:4a:2c:b5:c1:b4:24:53:85:e2:c8:8d:23:92:df:
                    cb:ec:68:5a:8a:dc:07:15:16:94:10:f6:64:95:43:4a:
                    d1:8f:38:ec:d7:5b:2b:bb:34:a2:00:29:cb:1c:db:c0:
                    15:bb:09:4b:3c:a6:b2:06:84:44:82:59:2f:4a:0d:93:
                    ef:4a:19:78:2e:6f:e2:5e:76:0d:a2:99:8e:87:68:60:
                    34:c3:62:20:57:25:1b:73:df:46:46:13:50:5f:91:16:
                    61:7b:db:6a:a8:f6:0a:64:36:d7:62:d0:30:2e:e7:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        10:68:e2:98:fe:74:1b:eb:d2:a4:66:37:7c:c4:b9:b4:
        87:94:92:7b:e2:72:b7:6d:98:c9:e4:21:a4:6d:de:c0:
        bd:be:0a:8c:98:d7:25:14:93:5c:97:68:44:71:37:26:
        5a:e7:99:63:88:15:6d:42:29:dc:26:34:26:5a:b2:72:
        a0:6b:49:07:c3:e2:e2:5c:fe:78:4e:ed:7c:b1:70:4f:
        5c:d2:48:d7:00:3a:da:da:54:e5:07:a3:75:23:b4:d4:
        b5:b5:e7:61:15:7c:76:92:ea:b6:8d:46:b3:65:87:81:
        16:0b:9b:d2:33:13:07:d1:c2:16:1a:36:20:30:c1:12:
        d2:90:d0:76:36:fa:20:16:06:06:6d:29:72:31:5b:75:
        60:7a:49:78:23:6f:c2:67:a5:d2:63:bc:63:da:8e:b9:
        9e:07:7d:36:8b:99:b6:16:47:ca:44:e0:66:e7:52:56:
        dd:45:9f:ac:88:21:37:45:47:85:a8:b9:8f:15:c9:8e:
        65:68:14:41:f8:3b:0a:ad:c8:f4:10:77:fe:9c:73:5b:
        a0:a4:d4:a7:12:cb:b6:2e:7b:5a:3b:5e:1e:c2:8d:25:
        1a:bd:3b:aa:20:d8:2e:0b:fa:81:aa:3f:e7:60:4d:50:
        1f:b4:46:c2:70:08:ab:25:6e:3b:71:ad:3a:ca:dd:fc
    Fingerprint (SHA-256):
        85:0B:9D:96:3B:C8:6B:3F:88:7C:79:DC:95:80:1A:27:D8:1A:AC:2D:CD:2C:10:A2:3F:43:E0:C1:66:B3:37:7D
    Fingerprint (SHA1):
        38:81:7B:7E:EF:81:0E:4E:4D:CB:FA:09:43:05:C8:BC:C3:27:B8:21
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3735: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3736: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #3737: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174001 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3738: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #3739: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3740: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3741: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628174002   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #3742: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3743: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #3744: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3745: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628174003   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3746: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3747: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #3748: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3749: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628174004   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3750: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3751: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #3752: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3753: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628174005   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3754: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3755: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #3756: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3757: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628174006   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3758: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3759: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #3760: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3761: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628174007   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3762: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3763: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #3764: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3765: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628174008   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3766: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3767: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #3768: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3769: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628174009   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #3770: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3771: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #3772: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3773: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628174010   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3774: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3775: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #3776: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3777: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628174011   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3778: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3779: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #3780: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3781: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628174012   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3782: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3783: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #3784: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3785: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628174013   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3786: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3787: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #3788: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3789: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628174014   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3790: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3791: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #3792: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3793: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628174015   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3794: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3795: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #3796: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3797: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628174016   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3798: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3799: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #3800: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3801: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628174017   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3802: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3803: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #3804: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3805: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628174018   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #3806: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3807: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #3808: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3809: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628174019   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3810: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3811: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #3812: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3813: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628174020   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3814: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3815: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #3816: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3817: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628174021   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3818: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3819: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #3820: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3821: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628174022   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3822: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3823: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #3824: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3825: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628174023   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3826: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3827: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #3828: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3829: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628174024   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3830: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3831: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #3832: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3833: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628174025   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3834: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3835: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #3836: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3837: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628174026   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3838: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3839: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #3840: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3841: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628174027   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3842: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3843: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #3844: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3845: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628174028   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3846: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3847: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #3848: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3849: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628174029   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3850: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3851: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #3852: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3853: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628174030   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3854: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3855: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3856: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3857: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3858: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3859: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3860: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3861: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3862: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3863: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3864: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3865: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3866: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3867: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3868: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3869: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3870: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3871: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3872: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3873: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3874: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #3875: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #3876: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #3877: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #3878: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174001 (0x25712cb1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:45:21 2016
            Not After : Mon Jun 28 17:45:21 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c8:e3:cc:d3:65:0f:3a:95:86:df:8a:08:90:69:5f:23:
                    fc:6c:61:30:02:a2:d3:f2:b4:d7:04:df:7c:4d:c1:5c:
                    04:64:52:a1:64:b7:3f:aa:f7:cb:c9:fa:db:c4:07:54:
                    03:2c:fd:71:7b:27:ef:49:dc:54:37:3b:36:16:98:0a:
                    72:80:51:08:5e:34:d9:72:21:46:43:5c:6e:af:aa:f5:
                    97:0d:fc:64:33:9f:79:7d:cb:9c:2f:ba:0d:c3:d9:dc:
                    44:e6:9d:9f:a2:ae:93:c5:e4:e9:7a:a2:dc:1d:72:60:
                    cb:b3:03:5a:39:3e:6e:32:5b:ae:0a:a8:fb:aa:eb:24:
                    41:99:55:d5:38:2e:4b:9c:13:8c:63:5e:21:34:18:20:
                    65:e2:f1:02:d4:1b:2e:90:7f:b2:b7:c9:12:b1:aa:ec:
                    b7:33:5f:2a:b0:68:fa:d8:11:78:2e:4c:16:7e:c9:9b:
                    c7:28:a5:32:a0:fc:11:d7:ad:6d:28:d1:23:a5:21:cd:
                    a6:61:13:a1:67:28:8e:e0:03:7f:fd:77:29:2e:24:65:
                    33:97:34:b8:ef:1f:1c:c2:e0:fe:d8:03:43:c5:ad:fc:
                    fb:1f:63:0a:de:c6:c2:08:12:7e:82:d4:a7:2e:74:f1:
                    dd:65:93:d2:4d:6e:e3:c3:fe:02:6d:6e:65:b3:f9:c1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b9:b3:95:fa:eb:e1:73:06:00:e9:f8:73:15:a8:4e:6c:
        50:20:99:68:42:f4:2e:64:3e:60:93:2b:12:22:08:07:
        67:76:70:2e:85:8f:ce:c8:53:b9:34:31:95:e5:d2:71:
        8f:ad:33:5f:2e:ac:a1:eb:96:21:29:2c:c5:a5:c7:16:
        f0:38:7c:62:22:17:56:2a:54:80:7f:a6:83:e6:8b:18:
        58:01:ed:bc:69:9a:12:3e:06:cc:75:2a:24:61:08:10:
        68:4f:5c:a1:57:17:88:2f:2e:15:2c:39:fd:65:5e:56:
        f2:f7:21:ba:c9:a0:93:6e:f4:6b:2a:d8:75:71:ad:d5:
        98:d3:8d:91:1e:6c:5e:65:49:9e:56:bc:53:1a:ef:07:
        fd:20:5f:13:ef:94:3a:c1:fa:b7:31:53:55:31:64:0a:
        ee:34:e2:f8:33:a6:3a:7c:11:55:93:88:58:0e:61:ad:
        9d:f5:f7:b6:db:f2:3b:fe:75:ef:b2:c9:60:7f:0e:ea:
        79:45:fb:bd:74:43:61:c6:aa:3a:8f:b2:7a:14:4e:04:
        93:51:70:1e:17:70:fb:24:45:22:b1:38:37:26:41:d9:
        8a:80:2e:e2:fa:aa:ab:38:b8:58:95:2c:1c:7a:c4:e2:
        15:72:aa:fe:e8:20:04:eb:38:58:ec:65:02:e5:9a:39
    Fingerprint (SHA-256):
        A8:3B:E9:84:AD:82:81:6B:C6:85:B2:CC:1B:CB:98:6B:FC:2A:3E:02:7D:F1:46:64:41:F7:9A:D3:2C:FD:9A:F3
    Fingerprint (SHA1):
        DE:19:D5:85:2F:3C:E5:58:E1:AC:8D:22:DD:12:FD:76:14:74:CD:E1
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #3879: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3880: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3881: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174031 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3882: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3883: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #3884: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3885: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628174032   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3886: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3887: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #3888: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3889: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628174033   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3890: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3891: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #3892: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3893: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628174034   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3894: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3895: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #3896: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3897: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628174035   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3898: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3899: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #3900: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3901: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628174036   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3902: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3903: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #3904: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3905: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628174037   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3906: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3907: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3908: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174031 (0x25712ccf)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:48:35 2016
            Not After : Mon Jun 28 17:48:35 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:e0:79:dc:0b:23:0d:c8:a8:5f:50:b6:85:de:74:01:
                    7e:7c:e4:e6:56:3a:b3:32:b6:c5:b7:c6:21:db:0b:a0:
                    32:9e:51:77:5c:a8:fa:19:00:ef:09:12:d8:9f:02:3a:
                    f9:6c:1b:b4:5e:25:15:88:8f:48:c2:d6:f1:14:89:dc:
                    2f:c3:44:a0:c6:f5:45:57:c0:8d:7e:2d:83:d5:75:69:
                    cc:80:3c:26:37:35:62:6c:58:47:29:11:70:35:e0:24:
                    74:7f:53:c8:ec:9b:ce:d5:f7:2d:56:a9:ef:a6:fd:2e:
                    2e:94:02:06:74:88:55:53:1f:41:61:1a:ee:7a:f4:0f:
                    ba:fb:94:00:87:88:6b:d8:b4:39:e0:5a:40:5d:8c:1c:
                    a4:a9:90:5d:ef:6c:ca:61:aa:9a:d9:6d:fa:bd:fe:36:
                    3b:da:d1:9d:69:79:28:98:d2:2b:b7:76:91:47:bd:d7:
                    6d:d1:3a:b6:32:10:91:da:92:7e:a2:2f:38:4a:50:16:
                    81:50:05:4b:64:5f:19:a5:ff:67:7b:89:f6:a4:cd:66:
                    05:b5:a7:03:6e:8d:b2:0d:a5:c8:09:df:78:eb:85:9e:
                    2f:7f:5d:61:db:59:1f:cf:d6:a2:7c:23:61:d0:f9:a3:
                    ee:63:51:8d:c7:f1:4b:d3:82:bf:50:8f:b4:ad:9a:a3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:75:bd:6a:41:53:99:3a:f8:7e:96:66:43:1d:de:38:
        57:df:66:2a:46:4b:91:43:30:a8:fa:f5:d4:9b:a4:d1:
        8c:b3:2b:9c:00:a3:3b:04:d1:97:c9:e5:1d:e8:f8:1b:
        61:ea:ee:06:01:55:fa:aa:4a:4d:3d:84:8b:94:18:73:
        37:5f:6c:3a:1c:58:49:71:f4:88:4d:8e:87:5e:8a:f2:
        ed:87:7e:8a:54:2e:dc:35:b4:7c:04:70:c2:99:1e:6a:
        1d:a0:19:0d:8b:2d:ae:4a:39:15:49:42:13:32:25:55:
        5c:bb:94:3f:15:99:57:40:32:b8:e8:f3:be:11:c1:0a:
        32:5e:76:b6:2f:3e:ae:88:5d:2a:ce:f6:0b:ee:60:96:
        12:88:2d:cb:ff:be:e9:1f:e0:27:67:05:08:15:66:f9:
        cf:a1:b1:d8:d0:cd:f9:5f:4e:e9:ba:4a:43:04:cb:8a:
        56:bd:de:2d:49:af:28:52:3a:ce:28:37:6e:8e:46:3c:
        bd:72:80:98:04:56:a6:78:1b:32:ed:c2:49:18:4c:4b:
        27:c7:da:c3:86:5d:09:9b:b3:e6:2e:8c:75:af:83:e7:
        15:e0:ce:0b:0d:e2:c6:b2:3b:36:6e:be:1f:85:3a:34:
        8a:7e:25:28:40:04:2f:6a:50:6b:74:60:63:e0:da:3c
    Fingerprint (SHA-256):
        50:77:B6:7F:99:6A:59:8E:F4:B1:34:48:52:B0:B0:73:57:96:8F:72:A2:87:12:CC:50:E4:B3:9B:F4:1A:2C:5A
    Fingerprint (SHA1):
        80:66:CC:50:F7:81:85:B2:13:2F:D4:F8:A1:02:39:64:1D:C8:2B:E3
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #3909: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3910: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3911: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #3912: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174031 (0x25712ccf)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:48:35 2016
            Not After : Mon Jun 28 17:48:35 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:e0:79:dc:0b:23:0d:c8:a8:5f:50:b6:85:de:74:01:
                    7e:7c:e4:e6:56:3a:b3:32:b6:c5:b7:c6:21:db:0b:a0:
                    32:9e:51:77:5c:a8:fa:19:00:ef:09:12:d8:9f:02:3a:
                    f9:6c:1b:b4:5e:25:15:88:8f:48:c2:d6:f1:14:89:dc:
                    2f:c3:44:a0:c6:f5:45:57:c0:8d:7e:2d:83:d5:75:69:
                    cc:80:3c:26:37:35:62:6c:58:47:29:11:70:35:e0:24:
                    74:7f:53:c8:ec:9b:ce:d5:f7:2d:56:a9:ef:a6:fd:2e:
                    2e:94:02:06:74:88:55:53:1f:41:61:1a:ee:7a:f4:0f:
                    ba:fb:94:00:87:88:6b:d8:b4:39:e0:5a:40:5d:8c:1c:
                    a4:a9:90:5d:ef:6c:ca:61:aa:9a:d9:6d:fa:bd:fe:36:
                    3b:da:d1:9d:69:79:28:98:d2:2b:b7:76:91:47:bd:d7:
                    6d:d1:3a:b6:32:10:91:da:92:7e:a2:2f:38:4a:50:16:
                    81:50:05:4b:64:5f:19:a5:ff:67:7b:89:f6:a4:cd:66:
                    05:b5:a7:03:6e:8d:b2:0d:a5:c8:09:df:78:eb:85:9e:
                    2f:7f:5d:61:db:59:1f:cf:d6:a2:7c:23:61:d0:f9:a3:
                    ee:63:51:8d:c7:f1:4b:d3:82:bf:50:8f:b4:ad:9a:a3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:75:bd:6a:41:53:99:3a:f8:7e:96:66:43:1d:de:38:
        57:df:66:2a:46:4b:91:43:30:a8:fa:f5:d4:9b:a4:d1:
        8c:b3:2b:9c:00:a3:3b:04:d1:97:c9:e5:1d:e8:f8:1b:
        61:ea:ee:06:01:55:fa:aa:4a:4d:3d:84:8b:94:18:73:
        37:5f:6c:3a:1c:58:49:71:f4:88:4d:8e:87:5e:8a:f2:
        ed:87:7e:8a:54:2e:dc:35:b4:7c:04:70:c2:99:1e:6a:
        1d:a0:19:0d:8b:2d:ae:4a:39:15:49:42:13:32:25:55:
        5c:bb:94:3f:15:99:57:40:32:b8:e8:f3:be:11:c1:0a:
        32:5e:76:b6:2f:3e:ae:88:5d:2a:ce:f6:0b:ee:60:96:
        12:88:2d:cb:ff:be:e9:1f:e0:27:67:05:08:15:66:f9:
        cf:a1:b1:d8:d0:cd:f9:5f:4e:e9:ba:4a:43:04:cb:8a:
        56:bd:de:2d:49:af:28:52:3a:ce:28:37:6e:8e:46:3c:
        bd:72:80:98:04:56:a6:78:1b:32:ed:c2:49:18:4c:4b:
        27:c7:da:c3:86:5d:09:9b:b3:e6:2e:8c:75:af:83:e7:
        15:e0:ce:0b:0d:e2:c6:b2:3b:36:6e:be:1f:85:3a:34:
        8a:7e:25:28:40:04:2f:6a:50:6b:74:60:63:e0:da:3c
    Fingerprint (SHA-256):
        50:77:B6:7F:99:6A:59:8E:F4:B1:34:48:52:B0:B0:73:57:96:8F:72:A2:87:12:CC:50:E4:B3:9B:F4:1A:2C:5A
    Fingerprint (SHA1):
        80:66:CC:50:F7:81:85:B2:13:2F:D4:F8:A1:02:39:64:1D:C8:2B:E3
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #3913: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3914: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3915: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3916: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174038 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3917: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3918: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3919: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3920: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174039   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #3921: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3922: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3923: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3924: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174040   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3925: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3926: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #3927: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3928: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628174041   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3929: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3930: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3931: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #3932: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #3933: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #3934: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174038 (0x25712cd6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:10 2016
            Not After : Mon Jun 28 17:49:10 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d9:e0:13:3c:02:72:8b:d7:0f:16:fc:a4:93:20:5c:1e:
                    33:e3:21:ff:1d:4a:45:6e:7f:c6:a2:91:67:a7:a9:95:
                    c3:66:c7:16:97:b0:5f:db:93:48:49:a6:f3:5c:47:bc:
                    c5:27:dd:36:45:54:99:92:f4:cd:40:41:2d:c5:c3:51:
                    59:e3:9a:7a:01:01:a7:5f:16:8a:f1:06:7b:e2:a1:85:
                    ec:31:92:8f:b3:0e:ec:a5:5f:a3:c5:09:b7:c6:42:94:
                    f8:68:d4:b8:84:79:4c:41:76:ed:6b:78:52:f4:0c:fd:
                    22:15:47:22:de:5f:1d:55:5f:38:3e:4a:2e:dc:70:48:
                    59:06:a2:02:3a:89:52:33:04:0c:90:6c:ee:1a:84:e1:
                    fd:93:06:0a:89:5c:ee:e1:4f:72:06:cb:ab:93:f1:a4:
                    14:f5:75:13:ac:38:16:4a:5d:eb:31:28:d0:a0:6f:f9:
                    f7:ca:3f:2a:51:40:55:55:6b:8b:ff:79:98:ec:74:dc:
                    dd:49:5f:2d:de:c7:3b:af:84:d9:c0:71:7e:7d:b6:0b:
                    88:79:a3:c2:1a:21:bc:28:d0:84:18:f5:05:c7:9a:fe:
                    6e:88:51:f6:b7:eb:65:26:af:1f:6e:88:54:ca:1e:4a:
                    6b:ab:ee:e3:f7:6e:dd:25:ec:69:e7:ec:73:2d:26:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        cf:0a:2d:f3:bd:ed:88:08:5c:2d:63:53:60:59:44:ac:
        46:2d:69:71:24:54:79:04:6c:95:6d:0f:20:ef:57:22:
        f1:6d:22:fe:0d:6a:30:88:a2:c9:3e:b0:cb:f6:64:fe:
        1e:ba:f5:00:65:d5:56:96:5b:7c:bc:cb:82:6e:3a:0e:
        9d:02:23:dc:24:a2:d0:31:61:ee:0a:9d:ce:ae:9e:d7:
        a2:bd:68:52:72:3e:eb:0c:73:6d:b9:fd:a7:66:a9:dc:
        25:9f:ba:65:f4:d3:8a:01:40:23:01:50:07:c1:81:00:
        8c:9e:c0:03:d2:f6:96:b8:06:f9:1d:3a:18:47:f3:06:
        73:df:45:c8:29:30:19:75:a9:a3:f2:05:9d:65:ce:69:
        18:49:b8:cb:4f:29:48:81:12:69:6b:ac:42:4b:1e:02:
        7d:26:92:96:43:5e:e0:5a:96:29:33:b7:5f:91:de:5f:
        5c:b8:94:8c:63:57:9d:4d:cb:d7:74:9e:ad:59:e6:18:
        9e:c9:0d:e5:3c:08:47:b4:a6:7e:e2:0d:65:67:c8:82:
        0f:cd:34:a3:d4:68:87:95:19:af:b1:8a:f4:8b:a7:34:
        21:88:17:71:ad:95:bb:60:63:f1:91:48:79:9f:4c:5f:
        ed:8b:13:ed:ae:ae:bb:57:ac:ab:b7:03:d5:df:6c:44
    Fingerprint (SHA-256):
        29:6B:27:00:A0:09:4A:74:04:D1:06:ED:1C:68:23:71:37:B0:6E:F0:8B:A7:E5:4F:D8:E3:51:67:E0:C4:82:74
    Fingerprint (SHA1):
        AE:9D:F8:54:9B:2B:3E:AD:61:C8:AD:05:0F:9E:A4:81:10:85:2D:C7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3935: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3936: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3937: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174039 (0x25712cd7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:15 2016
            Not After : Mon Jun 28 17:49:15 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b0:20:f6:7a:95:b3:d7:24:91:c5:85:a7:ab:35:a7:36:
                    f1:6a:49:82:71:aa:dd:79:5b:8a:bd:08:41:b0:0f:6f:
                    a2:51:e0:79:fe:e2:d5:26:46:94:12:79:70:47:d1:43:
                    c2:22:1b:d1:80:c4:e5:d2:5c:9e:ee:19:b8:87:26:19:
                    cb:f2:c5:c2:98:4b:f8:a1:bd:e8:ed:f1:dc:e1:83:26:
                    8a:a2:33:dd:c7:6f:2c:e9:96:4b:93:eb:3e:11:73:bc:
                    48:60:27:a5:09:e8:49:8f:30:3f:ad:6b:d6:39:72:42:
                    27:72:e9:ff:d1:04:f4:c9:5e:89:7c:10:a5:21:10:47:
                    d4:3c:31:ff:4e:86:c2:0a:34:dc:4f:68:bc:84:f6:cf:
                    54:fb:fc:59:93:a1:f9:65:b5:51:1e:d1:f1:14:9c:a6:
                    e8:9f:29:ac:6d:d7:1e:1d:c5:bb:4a:25:ae:6c:fb:18:
                    35:ef:aa:2b:7a:d6:9f:33:be:44:40:08:a0:9a:57:b9:
                    61:7d:2c:fc:21:ba:61:c0:51:f4:d7:e3:e8:d1:aa:9f:
                    f8:80:d4:66:64:bd:d5:16:53:42:72:89:9b:34:4a:6a:
                    82:b6:65:d6:88:ee:45:ee:50:8b:f9:66:75:59:e6:05:
                    70:bc:fb:d5:69:8c:f7:6a:68:3c:db:9d:a6:9c:48:d9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        08:eb:e3:7a:3d:bc:47:31:ad:c5:ac:f2:14:b1:be:96:
        9c:c4:aa:56:bf:39:6c:0b:33:b4:61:34:01:48:3a:aa:
        fb:87:4c:11:a9:0a:29:b4:1b:62:4a:72:df:f1:d7:8d:
        05:66:13:95:2a:00:67:53:af:2d:33:55:0b:f7:2b:61:
        a7:1a:8a:dd:0c:9d:d1:23:7d:46:40:07:e0:d5:d3:98:
        36:9a:09:4b:e8:97:a4:da:54:6e:fb:a9:6a:31:a3:79:
        b8:1a:ed:68:38:9d:39:e8:3a:2f:71:e1:fe:ff:53:d7:
        14:b3:8c:17:07:76:e9:2a:4b:88:f9:6c:32:39:af:78:
        93:97:8c:91:0b:31:35:9e:67:e4:34:ba:c5:b5:81:dc:
        16:e4:65:82:9f:f9:a3:e4:6f:c9:84:6c:91:be:bd:38:
        33:64:ca:08:c9:ea:92:2d:dd:44:eb:4f:32:83:0f:e2:
        0f:c1:6c:22:4a:1e:1d:23:b9:7c:36:a9:85:43:c2:65:
        e0:47:34:9f:6a:a7:44:0f:ea:84:ba:15:78:d0:37:67:
        6c:f4:30:60:84:c0:ff:9d:cd:02:0e:80:7b:1b:59:3e:
        33:15:4b:12:c4:2f:f1:d0:a7:66:2b:c1:35:cd:1c:fa:
        e7:86:42:e2:e8:8b:81:aa:13:30:4e:07:51:79:f5:31
    Fingerprint (SHA-256):
        AC:DA:05:98:CB:9E:99:2A:56:9E:60:DF:BC:03:73:D3:0A:A1:9E:CB:1E:02:36:50:01:14:8B:71:6F:95:A4:D3
    Fingerprint (SHA1):
        E3:20:9D:DA:38:8C:8D:1A:C0:B1:F9:33:39:1C:90:CF:0D:05:09:57
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3938: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3939: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174040 (0x25712cd8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:22 2016
            Not After : Mon Jun 28 17:49:22 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:a2:25:98:e8:93:15:c3:1f:54:cb:21:63:62:36:c6:
                    ac:8f:86:3f:6c:2d:36:2f:ff:95:f4:e9:f0:b3:01:09:
                    8d:cc:06:35:ba:2f:46:b4:e0:ae:e3:29:05:14:a3:2c:
                    17:db:eb:c5:d7:ed:f4:64:4b:f7:51:ed:7f:da:e9:62:
                    c8:81:5b:70:b1:29:ca:91:0e:bd:41:26:db:87:f0:d1:
                    e2:e0:97:f9:6e:1f:91:33:28:3b:b5:22:54:93:59:a7:
                    6a:60:1e:b9:ae:cb:57:2c:23:71:a5:09:85:2f:16:81:
                    b5:f8:d1:78:35:09:2a:55:9a:28:47:ae:20:be:30:4a:
                    66:d9:2c:40:34:71:75:71:78:4d:83:1e:5b:c4:75:ce:
                    04:a0:dc:96:ba:39:be:3d:d7:e0:cb:25:1c:1c:66:83:
                    40:95:de:e5:20:a5:ac:1f:07:cc:24:5f:f7:e5:c5:84:
                    ad:84:00:3f:59:83:0d:99:ae:19:74:e4:03:30:03:d7:
                    1e:22:d7:11:4e:47:90:cb:85:f5:cc:05:91:b6:63:fe:
                    63:85:07:51:12:f3:a8:d2:d4:78:e9:3f:3c:90:62:90:
                    0c:5a:25:e6:73:67:ba:2c:4c:6e:bb:13:14:11:b1:02:
                    5c:40:05:ad:2d:de:68:f0:e3:97:74:be:0b:d9:83:45
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:d5:cb:96:cc:dc:40:c5:bc:fb:d0:f6:54:f5:e7:75:
        9d:f2:33:f3:aa:eb:df:f4:97:ff:3c:e8:c3:6e:6b:c9:
        69:49:c5:27:23:c9:fe:c5:f4:32:76:76:b0:58:6b:d5:
        5d:07:6b:a8:6b:12:cb:7b:20:f7:78:5a:04:7f:0c:9e:
        7a:b2:00:89:20:90:56:c6:64:b0:c7:c4:62:cd:12:b6:
        ff:d0:b2:c2:51:ed:a4:4d:b6:6d:c1:5e:4e:d7:eb:ce:
        81:89:d0:cd:b1:d2:82:b4:ca:6c:eb:c8:7e:e4:e4:7f:
        a8:e0:46:26:17:bb:00:32:70:55:ab:62:00:9a:ad:66:
        e9:ea:16:97:d5:fc:b3:42:57:fc:a4:49:11:e4:7b:85:
        74:7f:e4:d5:ef:53:d7:af:a3:34:ba:41:c7:49:e2:9f:
        4f:13:39:32:2f:b0:1e:fc:d8:64:88:77:e8:12:aa:d7:
        ef:23:99:b4:73:ce:0c:93:94:ee:33:cf:be:f1:1a:51:
        70:bf:05:04:b5:47:eb:2f:73:80:c5:00:b9:a2:78:37:
        c3:97:f4:54:5c:82:c6:df:04:6b:19:a7:f1:b1:8b:34:
        7a:f6:3f:9e:ad:21:ae:2b:f6:6f:17:ca:7c:1d:03:5a:
        4d:f5:e4:b6:06:a1:43:88:07:f8:cb:31:21:88:37:f3
    Fingerprint (SHA-256):
        C5:55:66:B6:C4:84:5E:2A:D3:47:FB:92:B5:48:C9:B6:3E:C5:BC:37:6B:13:3A:F0:96:B1:9A:C0:B8:FD:1D:77
    Fingerprint (SHA1):
        17:AD:46:50:CC:6E:84:77:86:12:1C:30:5D:E0:EF:FE:A7:B7:A8:AA
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #3940: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3941: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174042 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3942: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3943: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3944: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3945: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174043   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3946: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3947: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3948: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3949: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174044   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #3950: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3951: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #3952: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3953: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628174045   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3954: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3955: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #3956: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3957: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628174046   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #3958: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3959: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #3960: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #3961: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #3962: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #3963: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #3964: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174042 (0x25712cda)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:30 2016
            Not After : Mon Jun 28 17:49:30 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:bd:b0:23:42:93:1f:06:cb:ff:ea:39:1f:1f:0e:bd:
                    7d:dc:7b:20:a3:af:34:75:e3:2a:d5:ac:8e:47:48:87:
                    fe:6f:3a:df:b8:62:84:81:02:09:b5:38:67:db:3e:33:
                    f5:98:b1:34:6e:a1:3c:16:b8:7c:e4:a8:80:64:59:29:
                    1f:6b:dc:86:b4:48:9b:34:7a:d4:b3:21:14:a3:08:3a:
                    38:8c:4c:c7:d1:cc:db:72:aa:6c:a2:ea:c6:59:29:60:
                    3a:99:46:93:8b:34:7e:48:05:1f:1d:8f:37:e6:81:23:
                    ce:85:7b:06:42:58:bc:15:d9:86:5b:c5:ac:1b:38:8a:
                    75:21:a3:62:52:c2:64:da:07:99:60:51:3d:fa:bd:52:
                    28:73:c6:5c:6b:34:59:6a:eb:99:f5:fa:d5:af:12:44:
                    90:8c:64:00:c7:81:1b:79:47:4a:df:99:2f:65:4a:88:
                    58:c6:d2:7a:97:e5:25:03:4b:30:e4:e7:b5:97:7a:c5:
                    71:5c:64:ab:4e:a1:78:95:16:cb:31:40:82:cc:c4:13:
                    11:48:76:db:ee:4b:a7:7c:69:19:28:04:8b:6e:0b:d8:
                    9c:99:22:4b:50:eb:31:30:af:18:0f:c8:09:9a:de:10:
                    41:92:13:a7:fc:9f:37:0e:8e:b9:9a:e9:42:ab:6e:05
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        83:d3:a3:42:16:62:90:ce:8d:81:2d:5a:04:39:65:81:
        fc:ca:55:38:a5:72:0c:a2:b7:23:6c:bd:38:8a:be:94:
        ac:fe:75:e1:ae:4c:d7:24:53:c9:e1:71:74:f0:f5:ef:
        58:6c:20:31:e7:2b:b1:41:75:b0:1b:ea:36:3e:bd:e2:
        4b:17:5a:52:2f:e0:e5:77:d2:75:88:59:e7:7b:b0:7c:
        40:58:0e:2d:35:62:d9:0a:e1:f9:8d:54:1b:fe:5d:47:
        ef:20:58:07:5a:3a:ad:d4:97:7b:f8:c4:32:d8:4e:35:
        6f:a2:42:1e:fd:2d:87:53:c7:86:2e:0e:f8:41:7b:54:
        19:e3:3b:61:c0:23:35:76:24:3e:6b:2c:1e:20:32:81:
        01:14:5c:b0:55:f1:83:ac:4e:7f:33:65:f4:2d:05:5b:
        4c:0d:2d:c0:51:61:d7:86:ee:ba:96:66:af:65:e0:40:
        6c:bc:6e:e6:18:0a:c1:b8:11:52:8e:c8:3d:47:06:5f:
        62:4f:2a:3e:85:aa:0d:e7:b3:57:57:f8:22:bf:18:4c:
        96:6e:98:0a:24:45:47:e9:82:48:71:e9:2b:66:5d:97:
        15:e2:89:39:31:68:9a:70:6d:17:f2:da:66:4a:00:ad:
        cc:b0:29:a6:bf:9d:4a:3b:8f:1b:c7:2b:c6:82:08:d3
    Fingerprint (SHA-256):
        E9:C6:65:3E:1E:E2:91:B3:01:B9:41:EA:22:89:1E:E0:4B:61:EA:2A:EE:C7:3D:8A:25:3A:D5:6C:B1:ED:E3:00
    Fingerprint (SHA1):
        64:13:2C:A0:93:C9:68:9A:07:F4:6E:02:8D:1F:B0:37:9C:18:60:8A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3965: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3966: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174043 (0x25712cdb)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:37 2016
            Not After : Mon Jun 28 17:49:37 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:1d:1b:7f:55:28:bb:98:a9:e0:ea:21:74:2a:a3:b2:
                    97:42:e4:29:6b:ed:5c:5f:41:a9:ae:95:91:4f:f4:47:
                    67:33:e2:c8:43:b7:84:1e:50:d3:e6:51:4e:a2:e0:5d:
                    02:ef:4e:69:4e:5a:5b:5d:19:db:77:d9:da:a4:02:be:
                    53:f6:62:ad:40:e6:1f:04:b1:aa:4f:b4:cb:16:e5:62:
                    9a:5e:cd:c4:be:b8:4f:f8:1c:76:57:7f:01:f5:cb:f0:
                    d9:1e:e9:c8:6a:7a:ae:58:c2:dc:12:b9:b5:9d:56:3f:
                    b6:f3:6a:b5:95:7e:07:fc:90:e1:65:cb:89:d3:6a:08:
                    e1:cb:9c:3c:f0:fd:5c:07:94:b0:90:6d:0e:f5:c6:ab:
                    ea:81:fc:35:d3:45:67:7c:97:f7:81:aa:58:a4:f8:52:
                    b4:cc:f7:95:dd:89:de:1f:53:d0:ea:58:a3:4e:25:84:
                    92:56:26:57:35:ec:e6:57:26:1a:74:ff:f8:ec:e7:8b:
                    f5:ca:bb:5a:4e:58:8b:a8:a5:60:38:a7:67:c4:6d:57:
                    a5:42:f8:ab:c7:3f:7a:c5:47:7f:c1:53:a5:9b:0a:b8:
                    93:ba:58:3b:03:24:35:cb:ec:14:c4:a8:bd:71:3f:76:
                    92:83:4a:df:22:79:34:e4:f6:19:df:23:cc:eb:9e:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:6e:32:bb:98:30:84:c0:d8:42:45:c9:cf:95:4e:02:
        8d:1c:66:b8:fd:ee:f3:f8:72:7d:fa:e0:36:b6:28:0f:
        65:da:85:98:e4:c4:a2:ae:16:05:4b:d8:48:c6:bb:44:
        fb:36:08:0f:47:c1:68:8e:94:ac:2e:9c:b0:e1:2f:f2:
        6f:df:b7:3d:db:34:71:80:39:21:17:63:a5:44:bc:27:
        3e:51:4e:4b:f5:c3:9e:0d:c9:ef:fc:47:a8:5c:eb:1c:
        da:c4:8f:42:ec:40:6d:e5:99:17:48:64:68:dc:3e:42:
        75:6d:31:02:d0:7c:b8:cc:95:57:73:a8:7c:be:d7:fb:
        35:ad:81:d6:61:5b:2a:e7:1a:b6:6a:88:ff:08:30:18:
        40:00:0f:83:03:f6:72:d9:23:a9:4f:6c:b0:7c:95:f5:
        dc:7b:46:11:7f:1c:60:bf:d6:8b:ba:11:0c:c5:59:66:
        10:87:a1:fa:5b:9d:c8:ff:c8:26:25:eb:1f:49:60:54:
        33:53:18:2e:1a:2f:00:e6:4d:c8:37:44:d2:90:cf:a8:
        b3:3c:b4:95:89:af:41:c2:4e:bb:0c:13:55:11:c9:b1:
        63:5a:c8:87:c6:a3:a7:88:57:bf:9d:a6:c0:9a:ee:b8:
        2d:fa:06:58:28:4f:f4:a4:f7:8c:1b:01:d1:38:83:81
    Fingerprint (SHA-256):
        A5:8E:D3:A5:4F:E4:1E:8F:28:B4:60:92:01:54:B6:D2:48:97:63:D4:FC:16:CE:54:47:02:16:B1:6C:8A:CE:1C
    Fingerprint (SHA1):
        9D:29:4E:85:64:8D:DE:4D:D2:B1:AF:C6:51:0D:C3:05:51:25:39:11
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #3967: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3968: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #3969: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174044 (0x25712cdc)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:49:41 2016
            Not After : Mon Jun 28 17:49:41 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:54:88:bb:78:3a:f5:93:5f:8c:8a:e2:20:de:dd:d7:
                    ba:27:bb:e4:b2:6e:d5:3c:8d:c4:db:6b:20:6c:a0:7d:
                    1f:bf:f2:ba:97:96:bc:a9:31:10:48:23:39:6b:d9:5b:
                    48:9e:f1:54:5d:08:97:58:da:0a:f5:e2:a1:13:d7:8a:
                    d1:5f:5d:41:42:98:36:25:cd:97:5a:9b:bf:39:95:93:
                    5b:fd:8a:7b:c1:bd:2b:65:89:a2:80:58:f6:90:d7:c9:
                    6f:b6:e1:97:9b:15:a7:07:54:3a:5e:29:fb:3f:83:62:
                    ca:51:0b:c6:38:e7:4e:43:72:a6:16:f7:ae:91:50:55:
                    7a:2d:e4:5b:c6:9f:2b:5e:e5:2e:c2:9f:d2:54:51:74:
                    2e:15:ee:ef:1b:21:1b:42:28:3b:52:2b:16:59:2f:bc:
                    ac:13:8a:10:9c:f8:88:56:37:e7:34:f6:9f:ee:ed:bd:
                    a9:1a:66:d9:26:dd:72:5c:ea:dd:19:c9:89:b2:0b:6a:
                    97:f3:bb:24:a4:e4:db:6e:7e:4a:8f:8e:47:a1:ed:a8:
                    ad:e8:ba:ac:f7:d2:9a:11:c6:59:2e:a5:df:64:4a:9e:
                    e3:a4:98:7b:d4:3a:bc:4e:de:f4:17:6d:8e:26:79:f3:
                    29:c7:97:08:3d:e6:4b:bd:10:3b:dd:ff:06:48:6f:21
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        80:b3:bd:8a:57:4e:62:5c:95:6c:15:e9:88:57:12:e7:
        2b:88:c8:a9:69:90:5b:60:a8:e7:44:9c:90:90:df:c2:
        16:ed:a4:aa:69:23:0d:7a:f3:3d:09:95:c4:7c:3f:09:
        a9:9a:fb:21:4d:a2:92:42:0d:f9:51:7c:66:97:c8:20:
        ba:8a:72:13:f4:ef:dc:8b:06:73:50:bd:b7:00:a3:8f:
        b5:8a:19:1d:d8:02:57:37:f5:b4:95:85:72:d5:cb:1f:
        4d:4e:11:ac:1d:d6:8d:f4:4c:41:07:cc:2f:28:7a:7b:
        78:29:50:26:17:ef:0e:87:e8:68:4f:18:f3:94:ce:ee:
        ab:13:3d:00:66:0a:1c:1e:fd:03:65:b8:39:73:6b:a3:
        30:db:d4:65:37:f9:54:bf:cb:38:de:17:d5:77:b1:e2:
        9e:76:71:02:07:84:49:cf:db:3b:9d:39:69:ef:fc:bf:
        33:5e:53:fa:a0:10:c8:a2:fd:bf:01:02:e0:e2:e8:de:
        a7:f4:2d:38:c7:a1:21:e1:4f:8f:da:63:cb:1f:68:b4:
        d4:f4:d2:8a:00:9e:f2:4c:dd:62:d7:e0:c9:84:c3:28:
        bf:23:a7:ea:4f:5b:ff:7f:e8:ba:6b:21:52:d0:87:8a:
        6c:d0:96:5b:d5:16:d1:96:d0:ee:4d:fc:5e:17:cb:45
    Fingerprint (SHA-256):
        25:0B:84:83:19:B5:1C:B4:14:7F:BB:30:66:0F:3B:77:2E:83:28:7A:55:48:AB:69:25:82:D7:F6:E0:00:67:5C
    Fingerprint (SHA1):
        12:73:5A:41:7F:D7:B8:BF:11:45:BB:73:17:BB:81:1A:C4:DC:DB:D7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #3970: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #3971: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174047 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3972: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #3973: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #3974: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3975: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174048   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3976: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3977: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #3978: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3979: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174049   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628173956.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #3980: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3981: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #3982: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #3983: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628174050   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3984: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3985: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #3986: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174047 (0x25712cdf)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:50:21 2016
            Not After : Mon Jun 28 17:50:21 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:54:d2:54:d8:fb:14:6a:ba:32:10:02:49:8c:35:55:
                    d0:83:6f:5f:d4:b7:ee:5e:c8:6d:8e:f4:8d:bf:f7:ec:
                    24:69:f8:24:c4:bd:4e:8e:73:68:0f:f2:e7:16:c6:2a:
                    bc:c5:e9:c6:75:d1:24:c5:98:ff:84:01:2f:68:26:d3:
                    64:14:d5:64:94:b4:e5:df:d3:0d:ba:cc:17:1c:15:6a:
                    c6:81:b4:0a:f6:49:2f:72:ee:be:5d:0c:aa:79:a4:92:
                    0f:03:df:dc:e4:8d:ab:9a:75:59:1f:94:c9:ce:9c:a5:
                    2a:df:67:8d:77:d3:6f:fd:91:c5:b5:68:ae:16:fe:3b:
                    17:6e:70:85:38:90:37:d0:11:ad:8e:6d:e0:b3:b9:06:
                    fe:89:cf:02:36:66:0f:e7:32:09:e0:29:e4:f2:b7:28:
                    24:6e:d4:b1:d4:e7:0d:7d:f3:a2:ff:1f:c2:74:e0:da:
                    86:17:79:d1:57:5c:b3:2f:f5:28:5e:8d:e8:4b:8a:dc:
                    70:e1:81:40:d0:51:a7:f6:9d:e9:5f:21:03:29:c1:65:
                    70:d8:85:0e:7a:08:9f:21:cc:d6:df:5a:6d:c0:61:a7:
                    eb:64:40:25:01:35:1b:6f:70:1e:b1:be:a0:54:a0:21:
                    e3:96:6b:0c:1c:a3:4e:24:a3:a2:1a:8f:c1:e1:6e:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a3:5d:42:61:72:52:a9:b1:a1:fa:e0:35:78:1e:ee:a1:
        7e:f2:1f:58:27:9e:48:83:21:de:26:dd:18:a1:bd:6c:
        e5:77:a5:cf:ca:e5:b5:6f:92:99:23:54:05:77:53:3f:
        96:3b:d7:89:c8:c3:22:6f:76:a4:54:ee:0b:7e:18:3a:
        b8:b2:ed:63:af:65:4b:99:e3:2c:db:b9:b5:0b:d7:58:
        1f:bd:ab:0a:51:b2:c2:af:3c:18:72:e3:6b:34:4e:a8:
        8e:b2:c1:39:0a:3c:c0:41:22:e6:02:4c:32:90:78:d8:
        b5:c9:9f:e0:2e:70:a8:c8:28:47:2d:9c:e4:73:42:ce:
        3d:75:e5:dc:e7:54:86:77:75:f3:b7:e3:6c:b6:3d:bf:
        98:3e:0d:6b:39:1b:dc:ab:89:fc:ec:dc:4c:43:fa:c1:
        90:e7:a1:bb:73:a3:9f:04:2d:b4:f0:fc:6d:d3:03:1d:
        f8:33:c5:1a:88:ef:c4:18:19:65:ea:78:c4:1c:b2:4e:
        81:7f:7f:5b:18:00:cb:4f:31:99:c0:14:c2:7b:33:61:
        3a:9b:7a:35:de:b5:9b:d6:b2:b8:59:91:ec:62:16:a1:
        96:5d:ac:a0:c0:c2:f9:f7:35:50:3e:6b:40:86:6a:be:
        a7:33:c8:e7:0d:89:3f:b3:4a:e2:38:0d:ae:67:f6:3b
    Fingerprint (SHA-256):
        A4:F9:F6:1B:E4:B9:EA:F7:50:F8:CC:EB:6F:E7:B4:AE:E1:AF:8B:E5:01:FC:A7:5E:C4:37:86:EC:39:7D:6F:5D
    Fingerprint (SHA1):
        2D:E4:EC:73:F7:B3:F4:9D:17:0C:6F:0E:E0:B5:01:19:28:15:CB:5A
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #3987: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #3988: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174051 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3989: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #3990: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #3991: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174052 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #3992: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #3993: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #3994: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #3995: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628174053 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3996: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3997: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628174054 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #3998: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #3999: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #4000: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4001: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4002: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174055   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628173957.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4003: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4004: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4005: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4006: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174056   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4007: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4008: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4009: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4010: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174052 (0x25712ce4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:50:48 2016
            Not After : Mon Jun 28 17:50:48 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:7b:ac:b0:3d:1e:d9:0e:64:6c:db:2a:ff:e8:0c:c2:
                    06:09:bc:be:40:b0:e5:39:69:c9:89:a7:e0:e0:28:5b:
                    56:19:ec:2b:d5:61:66:06:38:89:37:f0:47:5a:52:7e:
                    d7:95:eb:03:f4:f7:41:6d:fc:54:b4:e7:6c:63:f2:67:
                    22:58:ff:0b:39:84:48:15:16:0a:c8:a9:18:87:2f:e6:
                    cb:9e:38:05:bf:29:1b:8c:ae:09:ec:56:b3:71:a7:86:
                    b9:4f:9f:ab:71:a4:a9:fd:27:77:0d:18:87:9e:d4:09:
                    10:d6:55:b1:20:5d:bb:ad:fc:2a:f0:44:9b:fd:8e:66:
                    07:b2:10:2f:c0:b6:81:db:71:01:c0:e6:7a:c8:bb:96:
                    e6:a3:cc:c6:93:42:8e:75:97:95:d9:d1:ac:68:3c:14:
                    1d:ef:01:23:1e:4e:9e:c6:87:26:41:2b:4c:1d:62:e7:
                    99:59:53:6b:94:b4:8f:b2:8f:2d:4c:9f:65:93:ed:b4:
                    80:86:2a:8d:ec:2e:48:73:2a:80:3b:86:8b:e2:83:58:
                    de:ce:fb:72:9b:54:32:43:df:18:21:7d:5d:bd:1c:64:
                    05:e6:d3:51:ff:f0:1e:ce:fb:c7:9b:8d:26:28:3c:0e:
                    60:80:7b:6a:9b:8f:6c:d0:83:36:57:22:72:c2:5d:07
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2a:7c:9f:4e:95:89:21:88:e0:c3:a6:fc:f8:eb:f5:7d:
        7b:80:8d:08:dc:bd:76:4c:5b:ba:0e:0d:81:86:f5:61:
        d3:e2:2d:c3:0d:36:e7:50:43:f3:6c:ff:a0:c5:20:3d:
        36:42:e3:9e:05:f7:cc:04:5a:11:95:e0:d7:ac:51:0a:
        77:97:a6:1e:92:c1:78:20:cd:81:c4:fa:b8:f1:77:13:
        cc:48:61:bf:ff:9d:2d:88:44:bf:b0:a1:84:d1:6b:bc:
        6f:4e:1a:69:f0:5f:c3:a1:a7:6b:4d:3b:7f:54:1c:9e:
        8c:9a:e6:b2:1e:c4:35:d5:a4:80:d7:e3:c9:c4:2e:8f:
        6b:26:61:09:54:c3:9c:d6:3e:9b:a7:22:86:66:46:20:
        8a:7a:46:f1:cf:16:59:77:c8:59:69:84:86:7f:f8:b0:
        0a:21:8d:30:25:d7:98:0e:92:ee:56:0d:e5:37:69:62:
        cc:f5:9e:d8:bd:c4:d9:e9:b9:c8:f2:7c:61:d7:94:fa:
        97:9d:26:d5:e4:a2:e3:8d:f4:6e:62:e1:61:0e:d9:2d:
        f0:c2:1b:bc:2f:d9:01:61:61:fb:13:ee:03:12:ad:b0:
        1d:e4:6c:bd:89:39:18:81:bc:82:08:10:5b:a9:ef:43:
        22:32:33:17:84:bf:ce:41:11:2d:30:13:b4:ab:5e:6d
    Fingerprint (SHA-256):
        6D:DF:55:5D:24:C1:9C:66:F1:4F:45:52:4A:97:FB:01:6F:C0:8F:A7:7A:6F:36:45:89:A0:14:F5:AF:51:ED:58
    Fingerprint (SHA1):
        57:3B:97:B3:7B:57:F3:FF:C5:6E:26:7B:75:6F:DE:9A:84:F8:74:45
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4011: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174052 (0x25712ce4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:50:48 2016
            Not After : Mon Jun 28 17:50:48 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:7b:ac:b0:3d:1e:d9:0e:64:6c:db:2a:ff:e8:0c:c2:
                    06:09:bc:be:40:b0:e5:39:69:c9:89:a7:e0:e0:28:5b:
                    56:19:ec:2b:d5:61:66:06:38:89:37:f0:47:5a:52:7e:
                    d7:95:eb:03:f4:f7:41:6d:fc:54:b4:e7:6c:63:f2:67:
                    22:58:ff:0b:39:84:48:15:16:0a:c8:a9:18:87:2f:e6:
                    cb:9e:38:05:bf:29:1b:8c:ae:09:ec:56:b3:71:a7:86:
                    b9:4f:9f:ab:71:a4:a9:fd:27:77:0d:18:87:9e:d4:09:
                    10:d6:55:b1:20:5d:bb:ad:fc:2a:f0:44:9b:fd:8e:66:
                    07:b2:10:2f:c0:b6:81:db:71:01:c0:e6:7a:c8:bb:96:
                    e6:a3:cc:c6:93:42:8e:75:97:95:d9:d1:ac:68:3c:14:
                    1d:ef:01:23:1e:4e:9e:c6:87:26:41:2b:4c:1d:62:e7:
                    99:59:53:6b:94:b4:8f:b2:8f:2d:4c:9f:65:93:ed:b4:
                    80:86:2a:8d:ec:2e:48:73:2a:80:3b:86:8b:e2:83:58:
                    de:ce:fb:72:9b:54:32:43:df:18:21:7d:5d:bd:1c:64:
                    05:e6:d3:51:ff:f0:1e:ce:fb:c7:9b:8d:26:28:3c:0e:
                    60:80:7b:6a:9b:8f:6c:d0:83:36:57:22:72:c2:5d:07
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2a:7c:9f:4e:95:89:21:88:e0:c3:a6:fc:f8:eb:f5:7d:
        7b:80:8d:08:dc:bd:76:4c:5b:ba:0e:0d:81:86:f5:61:
        d3:e2:2d:c3:0d:36:e7:50:43:f3:6c:ff:a0:c5:20:3d:
        36:42:e3:9e:05:f7:cc:04:5a:11:95:e0:d7:ac:51:0a:
        77:97:a6:1e:92:c1:78:20:cd:81:c4:fa:b8:f1:77:13:
        cc:48:61:bf:ff:9d:2d:88:44:bf:b0:a1:84:d1:6b:bc:
        6f:4e:1a:69:f0:5f:c3:a1:a7:6b:4d:3b:7f:54:1c:9e:
        8c:9a:e6:b2:1e:c4:35:d5:a4:80:d7:e3:c9:c4:2e:8f:
        6b:26:61:09:54:c3:9c:d6:3e:9b:a7:22:86:66:46:20:
        8a:7a:46:f1:cf:16:59:77:c8:59:69:84:86:7f:f8:b0:
        0a:21:8d:30:25:d7:98:0e:92:ee:56:0d:e5:37:69:62:
        cc:f5:9e:d8:bd:c4:d9:e9:b9:c8:f2:7c:61:d7:94:fa:
        97:9d:26:d5:e4:a2:e3:8d:f4:6e:62:e1:61:0e:d9:2d:
        f0:c2:1b:bc:2f:d9:01:61:61:fb:13:ee:03:12:ad:b0:
        1d:e4:6c:bd:89:39:18:81:bc:82:08:10:5b:a9:ef:43:
        22:32:33:17:84:bf:ce:41:11:2d:30:13:b4:ab:5e:6d
    Fingerprint (SHA-256):
        6D:DF:55:5D:24:C1:9C:66:F1:4F:45:52:4A:97:FB:01:6F:C0:8F:A7:7A:6F:36:45:89:A0:14:F5:AF:51:ED:58
    Fingerprint (SHA1):
        57:3B:97:B3:7B:57:F3:FF:C5:6E:26:7B:75:6F:DE:9A:84:F8:74:45
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4012: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4013: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174057 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4014: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4015: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4016: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174058 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4017: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4018: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4019: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4020: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628174059 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4021: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4022: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628174060 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4023: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4024: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #4025: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4026: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4027: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174061   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628173958.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4028: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4029: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4030: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4031: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174062   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4032: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4033: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4034: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4035: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628174063   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628173959.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4036: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4037: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4038: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4039: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174064   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4040: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4041: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4042: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4043: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174058 (0x25712cea)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:16 2016
            Not After : Mon Jun 28 17:51:16 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:94:d0:cb:40:aa:8c:ba:77:ed:d7:d2:69:9f:c0:43:
                    b8:92:04:05:a6:33:6c:cc:b5:39:ed:fb:1d:58:7b:0a:
                    46:3d:ab:8a:8c:c7:70:21:7b:6f:3e:43:c9:e8:0f:70:
                    75:56:cf:d5:45:07:19:c2:14:47:94:ce:b7:f9:48:73:
                    3f:a0:a3:f3:c9:56:a7:22:0d:25:10:77:78:ba:2d:00:
                    47:80:c5:a4:08:9e:fd:26:4f:c1:d7:4b:ca:ff:ce:12:
                    62:83:d8:01:e8:3b:5e:60:bb:e8:06:56:87:51:11:ef:
                    c0:ab:cd:c5:5c:20:90:84:0b:28:76:03:dd:f6:4c:18:
                    bc:25:e6:5c:12:98:0f:ee:88:80:a3:c2:81:19:19:c2:
                    d7:fa:6e:d0:79:89:9c:fa:f8:3e:d6:32:16:26:75:a8:
                    58:0a:47:c6:c7:f4:d6:01:56:13:01:e3:73:b6:31:08:
                    aa:51:da:ea:82:80:b5:98:d7:71:d1:64:73:28:e6:ac:
                    3a:eb:bb:7e:5c:8f:c8:50:c5:f0:2a:a5:b5:d3:54:07:
                    19:cf:13:68:7a:23:f5:cf:24:b3:8e:ca:7c:43:1c:91:
                    50:75:7a:07:37:bd:2e:0f:fa:e8:9f:03:8e:f9:63:ae:
                    6e:a2:57:14:30:90:f0:f8:c3:a0:85:5f:db:61:93:fd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:4d:52:9a:87:6e:80:2d:3d:73:81:74:01:9d:e4:44:
        f6:99:74:7a:21:cb:25:5d:a7:4e:a9:30:2f:bc:8d:64:
        a2:1e:d6:b7:d2:6a:18:3f:15:1e:6c:1e:df:57:3e:84:
        17:61:df:bf:84:92:6f:ed:f0:0e:46:c5:a6:9e:e8:02:
        3a:03:4d:50:5b:1e:31:3f:3a:b4:2c:1d:e5:a6:76:11:
        1c:bf:2c:b0:cf:b4:23:3d:a9:11:8e:52:cc:d3:ee:10:
        b9:89:89:a3:ed:74:46:fc:f5:8a:7c:b2:57:ec:9b:04:
        6a:cc:56:96:6a:54:d1:31:f6:e9:b7:56:1e:1c:8a:1c:
        a6:e2:d3:0e:72:aa:db:11:92:25:e9:63:28:b4:9d:33:
        f7:5f:b1:96:eb:49:54:73:5a:73:eb:ce:9a:71:0d:e4:
        05:44:59:b3:3b:fb:62:f9:c6:69:ef:45:80:30:da:73:
        55:7d:b8:78:6d:2b:36:44:10:50:84:fa:2f:11:69:1f:
        b1:c5:e7:3a:78:9f:62:6c:c9:6b:37:ba:f0:b9:a4:49:
        b9:25:b3:62:69:7a:67:da:58:82:a2:19:75:92:65:40:
        01:f8:e5:2b:08:4b:13:71:26:e7:d1:98:87:9d:7f:7f:
        d6:eb:5f:bb:a6:60:89:bb:39:c1:11:1d:1c:e9:9f:d4
    Fingerprint (SHA-256):
        AF:F3:90:93:94:C0:65:69:08:95:A3:FE:00:3F:EA:6C:D9:BB:0C:D6:D9:AC:3C:86:E2:63:43:6B:AF:5A:92:06
    Fingerprint (SHA1):
        DC:FA:4F:BD:17:7A:EE:C8:BE:84:78:C1:AD:0C:D1:90:00:AC:1D:93
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4044: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174058 (0x25712cea)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:16 2016
            Not After : Mon Jun 28 17:51:16 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:94:d0:cb:40:aa:8c:ba:77:ed:d7:d2:69:9f:c0:43:
                    b8:92:04:05:a6:33:6c:cc:b5:39:ed:fb:1d:58:7b:0a:
                    46:3d:ab:8a:8c:c7:70:21:7b:6f:3e:43:c9:e8:0f:70:
                    75:56:cf:d5:45:07:19:c2:14:47:94:ce:b7:f9:48:73:
                    3f:a0:a3:f3:c9:56:a7:22:0d:25:10:77:78:ba:2d:00:
                    47:80:c5:a4:08:9e:fd:26:4f:c1:d7:4b:ca:ff:ce:12:
                    62:83:d8:01:e8:3b:5e:60:bb:e8:06:56:87:51:11:ef:
                    c0:ab:cd:c5:5c:20:90:84:0b:28:76:03:dd:f6:4c:18:
                    bc:25:e6:5c:12:98:0f:ee:88:80:a3:c2:81:19:19:c2:
                    d7:fa:6e:d0:79:89:9c:fa:f8:3e:d6:32:16:26:75:a8:
                    58:0a:47:c6:c7:f4:d6:01:56:13:01:e3:73:b6:31:08:
                    aa:51:da:ea:82:80:b5:98:d7:71:d1:64:73:28:e6:ac:
                    3a:eb:bb:7e:5c:8f:c8:50:c5:f0:2a:a5:b5:d3:54:07:
                    19:cf:13:68:7a:23:f5:cf:24:b3:8e:ca:7c:43:1c:91:
                    50:75:7a:07:37:bd:2e:0f:fa:e8:9f:03:8e:f9:63:ae:
                    6e:a2:57:14:30:90:f0:f8:c3:a0:85:5f:db:61:93:fd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:4d:52:9a:87:6e:80:2d:3d:73:81:74:01:9d:e4:44:
        f6:99:74:7a:21:cb:25:5d:a7:4e:a9:30:2f:bc:8d:64:
        a2:1e:d6:b7:d2:6a:18:3f:15:1e:6c:1e:df:57:3e:84:
        17:61:df:bf:84:92:6f:ed:f0:0e:46:c5:a6:9e:e8:02:
        3a:03:4d:50:5b:1e:31:3f:3a:b4:2c:1d:e5:a6:76:11:
        1c:bf:2c:b0:cf:b4:23:3d:a9:11:8e:52:cc:d3:ee:10:
        b9:89:89:a3:ed:74:46:fc:f5:8a:7c:b2:57:ec:9b:04:
        6a:cc:56:96:6a:54:d1:31:f6:e9:b7:56:1e:1c:8a:1c:
        a6:e2:d3:0e:72:aa:db:11:92:25:e9:63:28:b4:9d:33:
        f7:5f:b1:96:eb:49:54:73:5a:73:eb:ce:9a:71:0d:e4:
        05:44:59:b3:3b:fb:62:f9:c6:69:ef:45:80:30:da:73:
        55:7d:b8:78:6d:2b:36:44:10:50:84:fa:2f:11:69:1f:
        b1:c5:e7:3a:78:9f:62:6c:c9:6b:37:ba:f0:b9:a4:49:
        b9:25:b3:62:69:7a:67:da:58:82:a2:19:75:92:65:40:
        01:f8:e5:2b:08:4b:13:71:26:e7:d1:98:87:9d:7f:7f:
        d6:eb:5f:bb:a6:60:89:bb:39:c1:11:1d:1c:e9:9f:d4
    Fingerprint (SHA-256):
        AF:F3:90:93:94:C0:65:69:08:95:A3:FE:00:3F:EA:6C:D9:BB:0C:D6:D9:AC:3C:86:E2:63:43:6B:AF:5A:92:06
    Fingerprint (SHA1):
        DC:FA:4F:BD:17:7A:EE:C8:BE:84:78:C1:AD:0C:D1:90:00:AC:1D:93
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4045: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #4046: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174057 (0x25712ce9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:08 2016
            Not After : Mon Jun 28 17:51:08 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    af:0c:ba:38:2c:3c:89:96:0b:48:a6:be:8e:0c:82:1a:
                    4c:3a:63:20:f8:08:6c:39:5e:15:be:e9:68:11:b3:a7:
                    43:a2:56:db:f6:43:20:3a:18:82:0c:af:7e:45:a4:24:
                    e8:43:9f:82:ba:1e:98:e3:53:61:94:67:51:a6:a8:88:
                    e8:83:35:64:a7:2f:03:8c:70:75:fd:be:fd:28:90:f1:
                    63:04:ca:e6:7c:52:df:cf:8d:87:81:fc:58:83:54:7b:
                    d8:0e:4e:56:07:35:e0:34:b0:e9:f3:34:32:ce:ea:02:
                    26:e4:a2:20:8c:0c:bd:b3:f1:ea:81:f0:02:83:dd:92:
                    7a:2d:ce:b3:f0:ae:f4:00:f2:94:1a:26:ef:7e:bf:1b:
                    0d:f7:77:19:49:87:15:7e:df:59:ac:7c:89:46:49:df:
                    03:67:d6:d5:0c:08:53:dc:e3:8e:08:cc:37:d0:d7:0d:
                    64:c1:0f:6c:3d:ca:fe:89:af:22:38:c2:3a:2c:a8:12:
                    92:a2:32:75:59:78:7c:9f:07:68:16:47:b2:2f:e6:a2:
                    5f:a4:9b:72:74:b5:5b:da:cf:aa:db:81:82:df:0f:5d:
                    9b:97:17:a9:e1:fe:7f:7a:ae:80:67:7d:78:61:90:8b:
                    82:6d:0c:35:68:04:6d:9c:c2:85:06:93:a4:ae:8a:45
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        82:32:b9:eb:5e:74:f4:95:8f:6d:39:e5:6c:e2:5f:8e:
        79:2b:36:4d:ed:d6:0c:3c:73:2e:74:f5:6c:e8:d3:6b:
        c7:db:20:1e:f3:d6:93:4c:cc:3e:64:1d:33:30:e4:9e:
        35:ab:2a:ed:69:01:cf:e0:30:a9:3f:cb:9a:89:8d:8b:
        29:1b:db:3a:a7:ed:e1:41:e3:9d:b1:bf:a5:21:88:34:
        b1:f1:b5:25:9e:be:e7:17:4d:bc:7b:96:d8:ac:b9:28:
        df:77:05:49:75:79:bc:11:06:b9:b7:84:74:02:02:62:
        04:23:ac:34:6d:47:a5:fb:d7:5f:65:01:c6:ce:bf:25:
        32:78:f7:f9:28:49:36:ff:b9:a6:5a:40:5e:82:ba:b6:
        5c:2c:58:81:3c:84:c4:e5:8d:da:52:a6:6d:3e:dd:12:
        8d:2c:fb:64:fc:c9:4d:fb:e7:08:26:48:e7:40:78:c7:
        96:ae:23:e0:e9:4d:53:5b:f0:b8:18:fd:ec:04:0a:ad:
        51:48:0e:fc:c9:07:4a:1b:1c:8d:9c:8c:6f:f7:5b:bd:
        16:0b:04:e1:ca:62:0b:45:dd:d7:ed:10:14:75:36:dc:
        c4:b2:3d:d1:42:09:fb:7a:52:b8:28:35:b3:35:77:f2:
        12:3c:a6:e2:63:95:a5:70:32:6f:31:48:c8:94:57:60
    Fingerprint (SHA-256):
        01:D9:7F:2D:D6:8A:A0:2B:E7:CC:5C:81:65:BF:2C:FD:04:E5:16:0E:77:DF:FE:E2:EC:1D:FD:01:36:98:A8:22
    Fingerprint (SHA1):
        3C:6B:06:86:B6:AD:84:38:80:85:85:46:D0:CE:87:01:F3:20:98:AF
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4047: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174058 (0x25712cea)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:16 2016
            Not After : Mon Jun 28 17:51:16 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:94:d0:cb:40:aa:8c:ba:77:ed:d7:d2:69:9f:c0:43:
                    b8:92:04:05:a6:33:6c:cc:b5:39:ed:fb:1d:58:7b:0a:
                    46:3d:ab:8a:8c:c7:70:21:7b:6f:3e:43:c9:e8:0f:70:
                    75:56:cf:d5:45:07:19:c2:14:47:94:ce:b7:f9:48:73:
                    3f:a0:a3:f3:c9:56:a7:22:0d:25:10:77:78:ba:2d:00:
                    47:80:c5:a4:08:9e:fd:26:4f:c1:d7:4b:ca:ff:ce:12:
                    62:83:d8:01:e8:3b:5e:60:bb:e8:06:56:87:51:11:ef:
                    c0:ab:cd:c5:5c:20:90:84:0b:28:76:03:dd:f6:4c:18:
                    bc:25:e6:5c:12:98:0f:ee:88:80:a3:c2:81:19:19:c2:
                    d7:fa:6e:d0:79:89:9c:fa:f8:3e:d6:32:16:26:75:a8:
                    58:0a:47:c6:c7:f4:d6:01:56:13:01:e3:73:b6:31:08:
                    aa:51:da:ea:82:80:b5:98:d7:71:d1:64:73:28:e6:ac:
                    3a:eb:bb:7e:5c:8f:c8:50:c5:f0:2a:a5:b5:d3:54:07:
                    19:cf:13:68:7a:23:f5:cf:24:b3:8e:ca:7c:43:1c:91:
                    50:75:7a:07:37:bd:2e:0f:fa:e8:9f:03:8e:f9:63:ae:
                    6e:a2:57:14:30:90:f0:f8:c3:a0:85:5f:db:61:93:fd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:4d:52:9a:87:6e:80:2d:3d:73:81:74:01:9d:e4:44:
        f6:99:74:7a:21:cb:25:5d:a7:4e:a9:30:2f:bc:8d:64:
        a2:1e:d6:b7:d2:6a:18:3f:15:1e:6c:1e:df:57:3e:84:
        17:61:df:bf:84:92:6f:ed:f0:0e:46:c5:a6:9e:e8:02:
        3a:03:4d:50:5b:1e:31:3f:3a:b4:2c:1d:e5:a6:76:11:
        1c:bf:2c:b0:cf:b4:23:3d:a9:11:8e:52:cc:d3:ee:10:
        b9:89:89:a3:ed:74:46:fc:f5:8a:7c:b2:57:ec:9b:04:
        6a:cc:56:96:6a:54:d1:31:f6:e9:b7:56:1e:1c:8a:1c:
        a6:e2:d3:0e:72:aa:db:11:92:25:e9:63:28:b4:9d:33:
        f7:5f:b1:96:eb:49:54:73:5a:73:eb:ce:9a:71:0d:e4:
        05:44:59:b3:3b:fb:62:f9:c6:69:ef:45:80:30:da:73:
        55:7d:b8:78:6d:2b:36:44:10:50:84:fa:2f:11:69:1f:
        b1:c5:e7:3a:78:9f:62:6c:c9:6b:37:ba:f0:b9:a4:49:
        b9:25:b3:62:69:7a:67:da:58:82:a2:19:75:92:65:40:
        01:f8:e5:2b:08:4b:13:71:26:e7:d1:98:87:9d:7f:7f:
        d6:eb:5f:bb:a6:60:89:bb:39:c1:11:1d:1c:e9:9f:d4
    Fingerprint (SHA-256):
        AF:F3:90:93:94:C0:65:69:08:95:A3:FE:00:3F:EA:6C:D9:BB:0C:D6:D9:AC:3C:86:E2:63:43:6B:AF:5A:92:06
    Fingerprint (SHA1):
        DC:FA:4F:BD:17:7A:EE:C8:BE:84:78:C1:AD:0C:D1:90:00:AC:1D:93
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4048: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174058 (0x25712cea)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:16 2016
            Not After : Mon Jun 28 17:51:16 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:94:d0:cb:40:aa:8c:ba:77:ed:d7:d2:69:9f:c0:43:
                    b8:92:04:05:a6:33:6c:cc:b5:39:ed:fb:1d:58:7b:0a:
                    46:3d:ab:8a:8c:c7:70:21:7b:6f:3e:43:c9:e8:0f:70:
                    75:56:cf:d5:45:07:19:c2:14:47:94:ce:b7:f9:48:73:
                    3f:a0:a3:f3:c9:56:a7:22:0d:25:10:77:78:ba:2d:00:
                    47:80:c5:a4:08:9e:fd:26:4f:c1:d7:4b:ca:ff:ce:12:
                    62:83:d8:01:e8:3b:5e:60:bb:e8:06:56:87:51:11:ef:
                    c0:ab:cd:c5:5c:20:90:84:0b:28:76:03:dd:f6:4c:18:
                    bc:25:e6:5c:12:98:0f:ee:88:80:a3:c2:81:19:19:c2:
                    d7:fa:6e:d0:79:89:9c:fa:f8:3e:d6:32:16:26:75:a8:
                    58:0a:47:c6:c7:f4:d6:01:56:13:01:e3:73:b6:31:08:
                    aa:51:da:ea:82:80:b5:98:d7:71:d1:64:73:28:e6:ac:
                    3a:eb:bb:7e:5c:8f:c8:50:c5:f0:2a:a5:b5:d3:54:07:
                    19:cf:13:68:7a:23:f5:cf:24:b3:8e:ca:7c:43:1c:91:
                    50:75:7a:07:37:bd:2e:0f:fa:e8:9f:03:8e:f9:63:ae:
                    6e:a2:57:14:30:90:f0:f8:c3:a0:85:5f:db:61:93:fd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:4d:52:9a:87:6e:80:2d:3d:73:81:74:01:9d:e4:44:
        f6:99:74:7a:21:cb:25:5d:a7:4e:a9:30:2f:bc:8d:64:
        a2:1e:d6:b7:d2:6a:18:3f:15:1e:6c:1e:df:57:3e:84:
        17:61:df:bf:84:92:6f:ed:f0:0e:46:c5:a6:9e:e8:02:
        3a:03:4d:50:5b:1e:31:3f:3a:b4:2c:1d:e5:a6:76:11:
        1c:bf:2c:b0:cf:b4:23:3d:a9:11:8e:52:cc:d3:ee:10:
        b9:89:89:a3:ed:74:46:fc:f5:8a:7c:b2:57:ec:9b:04:
        6a:cc:56:96:6a:54:d1:31:f6:e9:b7:56:1e:1c:8a:1c:
        a6:e2:d3:0e:72:aa:db:11:92:25:e9:63:28:b4:9d:33:
        f7:5f:b1:96:eb:49:54:73:5a:73:eb:ce:9a:71:0d:e4:
        05:44:59:b3:3b:fb:62:f9:c6:69:ef:45:80:30:da:73:
        55:7d:b8:78:6d:2b:36:44:10:50:84:fa:2f:11:69:1f:
        b1:c5:e7:3a:78:9f:62:6c:c9:6b:37:ba:f0:b9:a4:49:
        b9:25:b3:62:69:7a:67:da:58:82:a2:19:75:92:65:40:
        01:f8:e5:2b:08:4b:13:71:26:e7:d1:98:87:9d:7f:7f:
        d6:eb:5f:bb:a6:60:89:bb:39:c1:11:1d:1c:e9:9f:d4
    Fingerprint (SHA-256):
        AF:F3:90:93:94:C0:65:69:08:95:A3:FE:00:3F:EA:6C:D9:BB:0C:D6:D9:AC:3C:86:E2:63:43:6B:AF:5A:92:06
    Fingerprint (SHA1):
        DC:FA:4F:BD:17:7A:EE:C8:BE:84:78:C1:AD:0C:D1:90:00:AC:1D:93
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4049: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4050: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174065 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4051: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4052: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4053: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174066 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4054: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4055: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #4056: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4057: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628174067   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4058: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4059: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #4060: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4061: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628174068   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4062: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4063: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4064: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4065: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628174069 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4066: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4067: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628174070 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4068: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4069: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #4070: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4071: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4072: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174071   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4073: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4074: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4075: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4076: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628174072   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4077: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4078: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4079: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4080: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174073   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4081: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4082: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4083: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4084: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174074   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4085: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4086: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4087: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174065 (0x25712cf1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:51:49 2016
            Not After : Mon Jun 28 17:51:49 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:65:85:76:ec:1f:ee:9c:9e:6f:d5:66:07:d0:b0:a9:
                    e4:c0:01:5e:ec:e6:91:92:bb:a6:7a:81:cc:61:2d:3c:
                    72:f3:fc:4a:e9:dc:7e:71:fb:9a:c9:9a:bc:32:40:a1:
                    81:2f:3b:0c:5e:4d:37:dc:b2:88:96:df:b9:b4:6e:3e:
                    4c:66:19:0f:7a:55:3b:84:c0:1a:60:cd:ef:c7:80:c9:
                    56:0e:1c:9f:a3:49:75:3d:d0:ea:93:28:5e:2f:4e:d2:
                    01:d5:dc:bd:cb:e4:c0:8d:31:b4:6e:cc:f9:90:f4:3a:
                    64:d6:4d:2e:62:88:b0:64:2b:25:4c:85:4f:08:45:22:
                    7c:c0:cd:cb:c2:83:7b:a3:3e:b8:61:3e:7d:a5:77:92:
                    2f:21:dc:bb:24:65:41:fb:ac:d5:50:77:63:9d:be:26:
                    15:84:d2:d6:0b:9e:c2:e1:52:ff:10:15:88:14:63:06:
                    f9:2d:65:5a:30:45:25:2e:d4:29:e3:57:20:3e:74:d0:
                    a6:b0:7b:47:7d:20:8e:05:ce:17:0c:34:63:5b:21:d7:
                    62:3f:fc:aa:9f:1a:05:a7:e4:48:16:01:5c:48:87:ae:
                    ef:df:8e:0a:ed:08:a7:1c:42:d7:d9:e5:f0:ce:66:cb:
                    77:34:bb:fb:0f:c1:bd:07:13:d1:a1:f6:09:73:e2:0b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:57:d6:43:a6:81:81:10:cd:2f:78:18:83:da:b5:71:
        ff:75:d2:04:7d:83:98:47:4f:3a:3b:4e:51:52:62:1b:
        15:23:ad:1f:52:a6:a6:14:3c:3c:64:7b:9d:9e:ca:91:
        02:0b:bb:a0:fb:76:c6:73:c2:eb:9d:e0:96:7c:01:69:
        8a:c2:6b:5a:de:9c:54:f3:28:1a:4a:5e:fe:a1:1e:41:
        0e:e6:35:d9:01:81:95:be:6c:6f:52:76:ea:e6:d0:38:
        e2:19:e2:eb:4f:2c:c9:7b:58:ab:c6:c3:a2:c7:a9:96:
        e0:c6:04:5d:77:db:b0:58:49:fc:ad:88:b5:30:fa:39:
        c7:5e:8a:48:64:7a:31:ad:5e:ca:7f:f4:36:71:06:a7:
        8b:5a:13:9b:9f:1e:17:08:63:d4:21:de:71:57:21:b7:
        79:05:b9:64:40:f5:56:65:2d:a0:cf:0f:6d:ae:1f:57:
        36:a5:bb:ac:4a:11:47:db:03:2b:27:51:68:7e:9f:4a:
        87:8e:06:9b:c7:2f:32:a5:2c:1c:8a:6a:57:10:7f:3e:
        e6:3c:39:db:74:f8:d5:e2:c7:67:dd:d2:89:ce:84:af:
        57:b7:db:d6:16:48:33:53:69:7b:12:41:bf:91:25:07:
        e8:63:12:96:44:22:cb:37:8f:5f:91:8f:e7:7f:05:8b
    Fingerprint (SHA-256):
        18:50:FA:81:6A:64:85:33:84:98:9B:ED:7C:38:D4:C6:25:31:77:70:9D:A2:C3:D4:19:B9:6F:46:4C:55:EB:C9
    Fingerprint (SHA1):
        B6:9A:35:36:CF:2B:BA:08:5E:D2:3F:7C:35:CF:6F:8A:24:0F:0D:CE
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #4088: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4089: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4090: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4091: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4092: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4093: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4094: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4095: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4096: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174066 (0x25712cf2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:52:02 2016
            Not After : Mon Jun 28 17:52:02 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:a1:cc:49:57:8e:b0:ed:08:c7:08:6b:32:98:13:cd:
                    84:b3:68:7b:16:ff:1e:5f:a9:6f:78:13:41:6f:c9:7e:
                    a6:65:e5:50:f5:79:ca:b2:47:df:20:87:2a:14:d6:a8:
                    62:35:36:99:9d:0b:c4:01:bd:c5:6c:83:88:77:c8:55:
                    8b:99:38:82:5b:99:e3:81:37:90:9b:d4:57:dd:36:9e:
                    fa:53:76:15:f6:e1:66:55:13:75:69:4b:a6:d2:45:ea:
                    09:07:1b:9f:27:f1:30:ca:9b:9e:82:cf:69:83:59:13:
                    02:b9:00:a8:a5:e9:c6:d3:0e:ac:9f:1e:03:3c:9e:15:
                    22:9a:4f:c2:bc:8a:c1:a3:2c:f0:44:66:41:7a:51:c9:
                    b4:df:d2:46:fb:54:ec:d7:66:9c:25:42:0d:63:81:94:
                    22:dc:ae:93:d6:e8:5d:5e:65:dd:6d:2a:c4:6b:6c:85:
                    af:c7:83:36:05:da:91:67:7f:17:68:6e:a1:c2:4a:fd:
                    fe:48:2b:5a:ec:7f:66:51:15:68:51:40:f1:c6:4d:ff:
                    4f:14:7f:79:2f:2f:6d:16:bf:8c:68:43:3c:81:83:1d:
                    52:d3:56:36:1b:5b:d6:27:70:26:99:df:26:16:3e:81:
                    79:f4:ff:ca:56:2b:34:a1:56:42:3c:b9:c9:7f:d5:07
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b0:81:79:8b:e7:40:13:51:80:9b:b8:54:2d:c9:51:0b:
        26:9c:05:fa:24:29:d0:64:98:8d:64:6c:df:b9:9b:0d:
        76:30:3f:d5:e1:23:95:81:fb:d1:4c:c0:df:70:00:29:
        62:ce:78:51:d0:59:cd:59:59:51:82:16:26:8b:1d:08:
        4b:49:78:f4:67:45:1d:10:23:a2:57:73:c2:d3:c2:af:
        99:89:b0:00:75:93:e3:76:3c:c6:1d:fc:a0:91:6d:4d:
        0c:e1:3a:21:26:96:73:0a:9d:a3:47:30:52:1e:6b:e1:
        84:8c:a0:59:dd:dc:39:bb:5d:18:96:42:1e:07:0e:b7:
        a3:27:3b:ee:d7:8c:49:b0:fc:6c:15:df:be:c6:c1:f7:
        22:cb:63:76:31:df:35:8b:22:d7:9f:42:8b:9b:c8:30:
        8f:8a:af:81:4b:51:93:a2:dc:96:96:80:eb:35:e1:e3:
        5f:58:68:e7:1c:89:5c:68:d2:67:82:bb:82:eb:b9:df:
        9e:96:0c:a0:9b:73:a6:a3:90:b9:68:fc:a6:60:ce:6b:
        2f:d8:6c:da:6a:43:d6:45:56:51:a5:92:dc:be:74:01:
        9d:ff:7a:51:1d:73:f5:b0:5b:24:d3:16:2c:a9:99:d3:
        30:9c:8b:07:d0:30:3c:6f:14:9f:9f:13:9c:99:a2:d9
    Fingerprint (SHA-256):
        F6:4D:D0:5E:07:68:17:CF:55:28:99:AB:BA:02:7B:88:80:D2:D4:8A:45:36:35:E2:F0:2D:69:1F:56:A1:3F:D1
    Fingerprint (SHA1):
        E9:56:3C:4A:15:CF:94:12:E4:96:33:3C:88:85:FB:65:2D:8F:3C:71
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #4097: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4098: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4099: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4100: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4101: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4102: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4103: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #4104: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #4105: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #4106: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #4107: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #4108: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #4109: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #4110: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4111: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4112: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #4113: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #4114: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4115: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174075 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4116: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4117: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4118: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4119: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174076   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4120: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4121: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4122: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4123: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174077   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4124: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4125: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4126: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4127: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628174078   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4128: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4129: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4130: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4131: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174079   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4132: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4133: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #4134: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4135: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628174080   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4136: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4137: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #4138: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4139: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628174081   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4140: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4141: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #4142: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4143: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628174082   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4144: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4145: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #4146: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4147: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628174083   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4148: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4149: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4150: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174075 (0x25712cfb)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:52:54 2016
            Not After : Mon Jun 28 17:52:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:92:82:d9:89:26:08:35:0d:08:22:2f:52:99:58:f7:
                    b5:80:b8:30:cc:22:cf:8a:10:1a:35:c3:99:87:00:43:
                    0f:63:59:8a:7f:d8:2b:76:11:a1:fa:4c:73:70:ca:14:
                    97:85:f6:55:e8:e1:58:75:80:5d:4b:e7:2a:25:e4:01:
                    6e:4e:52:df:e8:90:7e:e8:67:76:1b:ad:e6:a2:b0:f1:
                    99:e8:09:e4:5c:8c:92:ae:e2:dc:f4:ab:ba:05:e0:ce:
                    54:43:7e:87:d4:5e:7c:9d:c4:28:79:4e:de:90:32:16:
                    87:2a:3a:fc:3e:49:8d:2b:72:6c:7e:34:fe:9d:3b:7c:
                    70:c2:87:f3:a1:ae:40:44:04:70:f2:49:0b:e0:ec:6b:
                    53:fa:58:e0:09:fe:b5:a6:ee:68:a1:a8:bf:f0:f4:d5:
                    e3:55:f3:b6:d7:dd:ff:7a:ce:bc:5e:86:b3:7d:64:da:
                    89:fb:7d:8c:93:d3:28:ec:2f:f7:28:62:18:94:e4:b1:
                    df:f5:18:cf:6c:be:91:be:20:84:f7:41:7b:06:ca:18:
                    19:36:34:b8:33:58:4d:6b:de:10:ac:e0:c8:79:ab:e4:
                    c4:20:32:f8:c2:52:7d:e8:bf:ef:54:4c:40:96:48:6a:
                    8f:6d:00:c6:11:0f:91:48:ba:00:97:3b:35:38:26:b4
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3c:02:1c:57:9a:ad:8e:bd:85:48:54:4d:dd:e0:f8:
        6c:30:92:62:26:2a:f3:66:46:09:2d:83:ca:3e:5d:5c:
        02:1c:50:26:86:52:c2:11:3d:8c:03:60:b4:3c:ef:a2:
        56:83:0c:91:55:39:8c:fe:c2:fc:2e:04:fd:69
    Fingerprint (SHA-256):
        38:C9:66:7E:FA:67:EC:24:61:BA:59:96:7B:E0:5D:87:7A:B9:44:01:2D:1D:0B:1F:92:BE:8A:02:D1:AB:D2:BC
    Fingerprint (SHA1):
        AC:F0:3C:4C:9C:D7:CF:71:95:BB:35:3C:0D:AE:58:01:E5:6D:13:23
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4151: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174075 (0x25712cfb)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:52:54 2016
            Not After : Mon Jun 28 17:52:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:92:82:d9:89:26:08:35:0d:08:22:2f:52:99:58:f7:
                    b5:80:b8:30:cc:22:cf:8a:10:1a:35:c3:99:87:00:43:
                    0f:63:59:8a:7f:d8:2b:76:11:a1:fa:4c:73:70:ca:14:
                    97:85:f6:55:e8:e1:58:75:80:5d:4b:e7:2a:25:e4:01:
                    6e:4e:52:df:e8:90:7e:e8:67:76:1b:ad:e6:a2:b0:f1:
                    99:e8:09:e4:5c:8c:92:ae:e2:dc:f4:ab:ba:05:e0:ce:
                    54:43:7e:87:d4:5e:7c:9d:c4:28:79:4e:de:90:32:16:
                    87:2a:3a:fc:3e:49:8d:2b:72:6c:7e:34:fe:9d:3b:7c:
                    70:c2:87:f3:a1:ae:40:44:04:70:f2:49:0b:e0:ec:6b:
                    53:fa:58:e0:09:fe:b5:a6:ee:68:a1:a8:bf:f0:f4:d5:
                    e3:55:f3:b6:d7:dd:ff:7a:ce:bc:5e:86:b3:7d:64:da:
                    89:fb:7d:8c:93:d3:28:ec:2f:f7:28:62:18:94:e4:b1:
                    df:f5:18:cf:6c:be:91:be:20:84:f7:41:7b:06:ca:18:
                    19:36:34:b8:33:58:4d:6b:de:10:ac:e0:c8:79:ab:e4:
                    c4:20:32:f8:c2:52:7d:e8:bf:ef:54:4c:40:96:48:6a:
                    8f:6d:00:c6:11:0f:91:48:ba:00:97:3b:35:38:26:b4
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3c:02:1c:57:9a:ad:8e:bd:85:48:54:4d:dd:e0:f8:
        6c:30:92:62:26:2a:f3:66:46:09:2d:83:ca:3e:5d:5c:
        02:1c:50:26:86:52:c2:11:3d:8c:03:60:b4:3c:ef:a2:
        56:83:0c:91:55:39:8c:fe:c2:fc:2e:04:fd:69
    Fingerprint (SHA-256):
        38:C9:66:7E:FA:67:EC:24:61:BA:59:96:7B:E0:5D:87:7A:B9:44:01:2D:1D:0B:1F:92:BE:8A:02:D1:AB:D2:BC
    Fingerprint (SHA1):
        AC:F0:3C:4C:9C:D7:CF:71:95:BB:35:3C:0D:AE:58:01:E5:6D:13:23
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4152: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174075 (0x25712cfb)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:52:54 2016
            Not After : Mon Jun 28 17:52:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:92:82:d9:89:26:08:35:0d:08:22:2f:52:99:58:f7:
                    b5:80:b8:30:cc:22:cf:8a:10:1a:35:c3:99:87:00:43:
                    0f:63:59:8a:7f:d8:2b:76:11:a1:fa:4c:73:70:ca:14:
                    97:85:f6:55:e8:e1:58:75:80:5d:4b:e7:2a:25:e4:01:
                    6e:4e:52:df:e8:90:7e:e8:67:76:1b:ad:e6:a2:b0:f1:
                    99:e8:09:e4:5c:8c:92:ae:e2:dc:f4:ab:ba:05:e0:ce:
                    54:43:7e:87:d4:5e:7c:9d:c4:28:79:4e:de:90:32:16:
                    87:2a:3a:fc:3e:49:8d:2b:72:6c:7e:34:fe:9d:3b:7c:
                    70:c2:87:f3:a1:ae:40:44:04:70:f2:49:0b:e0:ec:6b:
                    53:fa:58:e0:09:fe:b5:a6:ee:68:a1:a8:bf:f0:f4:d5:
                    e3:55:f3:b6:d7:dd:ff:7a:ce:bc:5e:86:b3:7d:64:da:
                    89:fb:7d:8c:93:d3:28:ec:2f:f7:28:62:18:94:e4:b1:
                    df:f5:18:cf:6c:be:91:be:20:84:f7:41:7b:06:ca:18:
                    19:36:34:b8:33:58:4d:6b:de:10:ac:e0:c8:79:ab:e4:
                    c4:20:32:f8:c2:52:7d:e8:bf:ef:54:4c:40:96:48:6a:
                    8f:6d:00:c6:11:0f:91:48:ba:00:97:3b:35:38:26:b4
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3c:02:1c:57:9a:ad:8e:bd:85:48:54:4d:dd:e0:f8:
        6c:30:92:62:26:2a:f3:66:46:09:2d:83:ca:3e:5d:5c:
        02:1c:50:26:86:52:c2:11:3d:8c:03:60:b4:3c:ef:a2:
        56:83:0c:91:55:39:8c:fe:c2:fc:2e:04:fd:69
    Fingerprint (SHA-256):
        38:C9:66:7E:FA:67:EC:24:61:BA:59:96:7B:E0:5D:87:7A:B9:44:01:2D:1D:0B:1F:92:BE:8A:02:D1:AB:D2:BC
    Fingerprint (SHA1):
        AC:F0:3C:4C:9C:D7:CF:71:95:BB:35:3C:0D:AE:58:01:E5:6D:13:23
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #4153: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174075 (0x25712cfb)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:52:54 2016
            Not After : Mon Jun 28 17:52:54 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:92:82:d9:89:26:08:35:0d:08:22:2f:52:99:58:f7:
                    b5:80:b8:30:cc:22:cf:8a:10:1a:35:c3:99:87:00:43:
                    0f:63:59:8a:7f:d8:2b:76:11:a1:fa:4c:73:70:ca:14:
                    97:85:f6:55:e8:e1:58:75:80:5d:4b:e7:2a:25:e4:01:
                    6e:4e:52:df:e8:90:7e:e8:67:76:1b:ad:e6:a2:b0:f1:
                    99:e8:09:e4:5c:8c:92:ae:e2:dc:f4:ab:ba:05:e0:ce:
                    54:43:7e:87:d4:5e:7c:9d:c4:28:79:4e:de:90:32:16:
                    87:2a:3a:fc:3e:49:8d:2b:72:6c:7e:34:fe:9d:3b:7c:
                    70:c2:87:f3:a1:ae:40:44:04:70:f2:49:0b:e0:ec:6b:
                    53:fa:58:e0:09:fe:b5:a6:ee:68:a1:a8:bf:f0:f4:d5:
                    e3:55:f3:b6:d7:dd:ff:7a:ce:bc:5e:86:b3:7d:64:da:
                    89:fb:7d:8c:93:d3:28:ec:2f:f7:28:62:18:94:e4:b1:
                    df:f5:18:cf:6c:be:91:be:20:84:f7:41:7b:06:ca:18:
                    19:36:34:b8:33:58:4d:6b:de:10:ac:e0:c8:79:ab:e4:
                    c4:20:32:f8:c2:52:7d:e8:bf:ef:54:4c:40:96:48:6a:
                    8f:6d:00:c6:11:0f:91:48:ba:00:97:3b:35:38:26:b4
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3c:02:1c:57:9a:ad:8e:bd:85:48:54:4d:dd:e0:f8:
        6c:30:92:62:26:2a:f3:66:46:09:2d:83:ca:3e:5d:5c:
        02:1c:50:26:86:52:c2:11:3d:8c:03:60:b4:3c:ef:a2:
        56:83:0c:91:55:39:8c:fe:c2:fc:2e:04:fd:69
    Fingerprint (SHA-256):
        38:C9:66:7E:FA:67:EC:24:61:BA:59:96:7B:E0:5D:87:7A:B9:44:01:2D:1D:0B:1F:92:BE:8A:02:D1:AB:D2:BC
    Fingerprint (SHA1):
        AC:F0:3C:4C:9C:D7:CF:71:95:BB:35:3C:0D:AE:58:01:E5:6D:13:23
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #4154: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4155: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4156: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4157: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #4158: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4159: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4160: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4161: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4162: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4163: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4164: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4165: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #4166: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4167: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4168: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4169: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #4170: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4171: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4172: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4173: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4174: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4175: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4176: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4177: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #4178: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4179: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4180: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4181: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628175353Z
nextupdate=20170628175353Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:53:53 2016
    Next Update: Wed Jun 28 17:53:53 2017
    CRL Extensions:
chains.sh: #4182: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628175354Z
nextupdate=20170628175354Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:53:54 2016
    Next Update: Wed Jun 28 17:53:54 2017
    CRL Extensions:
chains.sh: #4183: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628175354Z
nextupdate=20170628175354Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:53:54 2016
    Next Update: Wed Jun 28 17:53:54 2017
    CRL Extensions:
chains.sh: #4184: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628175354Z
nextupdate=20170628175354Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:53:54 2016
    Next Update: Wed Jun 28 17:53:54 2017
    CRL Extensions:
chains.sh: #4185: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628175355Z
addcert 14 20160628175355Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:53:55 2016
    Next Update: Wed Jun 28 17:53:54 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 17:53:55 2016
    CRL Extensions:
chains.sh: #4186: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628175356Z
addcert 15 20160628175356Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:53:56 2016
    Next Update: Wed Jun 28 17:53:54 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 17:53:56 2016
    CRL Extensions:
chains.sh: #4187: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4188: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4189: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #4190: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #4191: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #4192: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #4193: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #4194: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #4195: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #4196: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:53:25 2016
            Not After : Mon Jun 28 17:53:25 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:32:58:8e:04:c2:79:4e:b0:8c:0b:86:a6:62:4e:d5:
                    18:53:70:91:04:e9:21:50:00:e8:d6:c9:6a:be:93:bb:
                    8c:ad:1d:e0:51:91:dd:f4:77:de:ce:1a:9f:93:ef:eb:
                    cb:70:2b:de:47:de:3f:62:16:a4:94:f8:93:ae:19:4c:
                    45:90:7b:db:6e:8e:82:45:b8:ad:00:81:d8:85:a7:d2:
                    98:d4:58:ef:51:e1:94:c3:0e:1c:90:c1:be:62:d6:2f:
                    d3:93:4b:e7:ec:0d:af:e4:d1:2b:f9:59:47:22:23:75:
                    37:13:f6:76:5c:b6:78:0b:05:ba:da:b2:1d:a4:7c:7d:
                    31:3e:6b:ce:da:5e:d9:dd:1e:59:f9:60:9f:86:b5:e7:
                    4d:58:27:ff:0a:49:36:bf:55:d4:34:cc:cf:99:65:1e:
                    ba:51:cf:74:76:09:20:7e:c9:d0:c7:ff:a3:84:61:56:
                    ac:12:8b:fe:ed:8a:5c:cb:c3:a2:c6:a3:23:f8:6a:ee:
                    c5:1c:ab:92:93:c7:56:7a:c3:e4:34:52:a2:26:95:03:
                    a0:bd:5c:f3:ca:c7:6b:53:e2:36:8c:db:0f:19:01:a0:
                    5e:53:02:5b:72:bb:36:81:83:10:b8:91:37:f0:80:07:
                    ac:11:b8:29:4c:cb:93:9e:18:15:b7:c2:11:3a:60:0f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5a:26:f1:5a:e9:a6:27:88:74:f0:43:35:ea:0b:db:8f:
        88:43:14:0a:63:ed:82:51:b1:c2:12:6b:04:72:55:dd:
        b4:a0:36:ea:f4:c7:59:83:28:57:d7:17:a4:d1:ce:79:
        3f:e9:fd:42:95:80:6d:1a:09:70:fd:84:2e:c9:66:d9:
        fd:4f:6c:67:52:eb:e5:71:1f:cd:14:1c:f1:da:b0:cc:
        0f:58:62:22:5e:9c:da:13:a1:ee:2a:8e:af:3c:33:ce:
        69:79:52:cd:1a:c4:10:7a:de:41:64:a4:8e:43:3a:3e:
        7d:8b:e3:a4:e2:70:19:11:c0:c4:95:0d:3c:d8:66:cf:
        b8:c3:c8:a9:56:54:dd:5f:59:a8:68:61:ea:68:18:85:
        20:41:8e:a1:21:5e:69:7c:7a:15:38:c7:25:3e:e2:2d:
        c4:8b:14:93:56:40:1d:d1:f3:f7:cb:c1:3f:9c:cc:09:
        c1:6d:0c:82:84:8a:8b:e9:5a:6f:42:e2:cd:ae:36:8e:
        90:a2:f8:73:73:4a:75:96:13:f1:8a:2a:ed:da:f6:d1:
        5d:a4:6a:d5:4c:09:83:a7:98:db:94:7c:46:46:36:63:
        4a:e6:4c:49:24:48:1d:c8:97:b5:90:70:b4:26:0e:33:
        bf:e2:59:33:57:fc:9b:28:4b:4f:60:3f:c7:80:7a:01
    Fingerprint (SHA-256):
        03:48:60:8F:A4:C9:FE:8F:E0:FA:48:8E:A8:FA:DE:62:0D:ED:FF:5F:A3:77:B4:E0:E7:98:44:EE:DD:2C:AA:88
    Fingerprint (SHA1):
        9B:42:01:34:08:C9:A1:C6:9C:A3:9C:11:49:86:63:11:16:BB:93:29
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #4197: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #4198: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:53:25 2016
            Not After : Mon Jun 28 17:53:25 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:32:58:8e:04:c2:79:4e:b0:8c:0b:86:a6:62:4e:d5:
                    18:53:70:91:04:e9:21:50:00:e8:d6:c9:6a:be:93:bb:
                    8c:ad:1d:e0:51:91:dd:f4:77:de:ce:1a:9f:93:ef:eb:
                    cb:70:2b:de:47:de:3f:62:16:a4:94:f8:93:ae:19:4c:
                    45:90:7b:db:6e:8e:82:45:b8:ad:00:81:d8:85:a7:d2:
                    98:d4:58:ef:51:e1:94:c3:0e:1c:90:c1:be:62:d6:2f:
                    d3:93:4b:e7:ec:0d:af:e4:d1:2b:f9:59:47:22:23:75:
                    37:13:f6:76:5c:b6:78:0b:05:ba:da:b2:1d:a4:7c:7d:
                    31:3e:6b:ce:da:5e:d9:dd:1e:59:f9:60:9f:86:b5:e7:
                    4d:58:27:ff:0a:49:36:bf:55:d4:34:cc:cf:99:65:1e:
                    ba:51:cf:74:76:09:20:7e:c9:d0:c7:ff:a3:84:61:56:
                    ac:12:8b:fe:ed:8a:5c:cb:c3:a2:c6:a3:23:f8:6a:ee:
                    c5:1c:ab:92:93:c7:56:7a:c3:e4:34:52:a2:26:95:03:
                    a0:bd:5c:f3:ca:c7:6b:53:e2:36:8c:db:0f:19:01:a0:
                    5e:53:02:5b:72:bb:36:81:83:10:b8:91:37:f0:80:07:
                    ac:11:b8:29:4c:cb:93:9e:18:15:b7:c2:11:3a:60:0f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5a:26:f1:5a:e9:a6:27:88:74:f0:43:35:ea:0b:db:8f:
        88:43:14:0a:63:ed:82:51:b1:c2:12:6b:04:72:55:dd:
        b4:a0:36:ea:f4:c7:59:83:28:57:d7:17:a4:d1:ce:79:
        3f:e9:fd:42:95:80:6d:1a:09:70:fd:84:2e:c9:66:d9:
        fd:4f:6c:67:52:eb:e5:71:1f:cd:14:1c:f1:da:b0:cc:
        0f:58:62:22:5e:9c:da:13:a1:ee:2a:8e:af:3c:33:ce:
        69:79:52:cd:1a:c4:10:7a:de:41:64:a4:8e:43:3a:3e:
        7d:8b:e3:a4:e2:70:19:11:c0:c4:95:0d:3c:d8:66:cf:
        b8:c3:c8:a9:56:54:dd:5f:59:a8:68:61:ea:68:18:85:
        20:41:8e:a1:21:5e:69:7c:7a:15:38:c7:25:3e:e2:2d:
        c4:8b:14:93:56:40:1d:d1:f3:f7:cb:c1:3f:9c:cc:09:
        c1:6d:0c:82:84:8a:8b:e9:5a:6f:42:e2:cd:ae:36:8e:
        90:a2:f8:73:73:4a:75:96:13:f1:8a:2a:ed:da:f6:d1:
        5d:a4:6a:d5:4c:09:83:a7:98:db:94:7c:46:46:36:63:
        4a:e6:4c:49:24:48:1d:c8:97:b5:90:70:b4:26:0e:33:
        bf:e2:59:33:57:fc:9b:28:4b:4f:60:3f:c7:80:7a:01
    Fingerprint (SHA-256):
        03:48:60:8F:A4:C9:FE:8F:E0:FA:48:8E:A8:FA:DE:62:0D:ED:FF:5F:A3:77:B4:E0:E7:98:44:EE:DD:2C:AA:88
    Fingerprint (SHA1):
        9B:42:01:34:08:C9:A1:C6:9C:A3:9C:11:49:86:63:11:16:BB:93:29
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #4199: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #4200: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4201: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174084 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4202: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4203: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #4204: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4205: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628174085   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4206: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4207: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4208: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173975.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4209: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173960.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4210: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4211: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #4212: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173975.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4213: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628174086   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4214: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4215: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4216: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173975.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4217: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173961.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4218: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4219: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #4220: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4221: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628174087   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4222: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4223: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4224: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173975.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4225: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173962.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4226: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4227: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4228: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173975.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4229: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173963.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4230: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4231: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628175457Z
nextupdate=20170628175457Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 17:54:57 2016
    Next Update: Wed Jun 28 17:54:57 2017
    CRL Extensions:
chains.sh: #4232: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628175458Z
nextupdate=20170628175458Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:54:58 2016
    Next Update: Wed Jun 28 17:54:58 2017
    CRL Extensions:
chains.sh: #4233: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628175458Z
nextupdate=20170628175458Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 17:54:58 2016
    Next Update: Wed Jun 28 17:54:58 2017
    CRL Extensions:
chains.sh: #4234: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628175458Z
nextupdate=20170628175458Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 17:54:58 2016
    Next Update: Wed Jun 28 17:54:58 2017
    CRL Extensions:
chains.sh: #4235: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628175459Z
addcert 20 20160628175459Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:54:59 2016
    Next Update: Wed Jun 28 17:54:58 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:54:59 2016
    CRL Extensions:
chains.sh: #4236: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628175500Z
addcert 40 20160628175500Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 17:55:00 2016
    Next Update: Wed Jun 28 17:54:58 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 17:54:59 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 17:55:00 2016
    CRL Extensions:
chains.sh: #4237: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4238: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4239: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #4240: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174084 (0x25712d04)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:54:01 2016
            Not After : Mon Jun 28 17:54:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:32:c2:a3:95:a7:8c:0f:c3:99:d5:ab:67:5e:03:e8:
                    d4:68:db:92:8d:28:da:cd:6c:5b:2d:03:8d:86:cb:18:
                    86:d9:a3:22:42:cc:8b:89:17:b0:5e:b0:8b:f9:bc:72:
                    7b:2f:8a:b8:9b:15:03:65:55:bc:4f:37:92:de:34:e5:
                    ec:77:c1:e4:4e:ab:d6:0e:63:c0:39:3f:94:29:8b:a6:
                    ae:5a:4c:87:1d:00:74:67:01:30:25:17:e4:11:f1:d6:
                    2a:de:65:c3:7b:18:64:97:b6:41:79:66:ab:8b:89:56:
                    c5:92:a9:ad:fe:6e:85:cb:5f:d1:fc:bb:d7:9f:98:85:
                    39:44:4f:f1:09:8b:12:fa:ec:72:a6:87:ad:f0:f8:7f:
                    b6:dd:0e:c7:e9:c3:83:32:1a:fb:e1:34:3b:c7:92:ed:
                    a6:e5:20:9e:ea:45:ba:eb:c4:20:0a:99:eb:57:a6:17:
                    3e:47:2c:00:d9:1d:1d:06:98:70:33:27:34:a6:c4:9f:
                    67:bc:31:d7:a5:44:35:22:a7:67:c6:47:4e:fa:48:ac:
                    4c:6a:d4:7d:04:97:a0:0e:8b:6b:25:da:63:af:68:11:
                    d4:09:7c:d3:7f:7a:f2:c1:b3:11:ef:38:ea:1f:2f:42:
                    0c:1d:c5:66:07:a4:27:f1:38:4c:b7:d2:e1:84:e6:45
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1b:3a:e0:40:1d:90:3d:ef:aa:e2:15:14:9f:b1:93:cb:
        de:f0:7d:bc:f1:8e:30:dc:6a:e6:69:9b:20:03:32:dd:
        72:c3:93:e4:62:92:58:35:ce:99:7f:03:42:de:f3:cd:
        7e:c1:92:cf:bb:52:cb:ae:9d:e9:4e:65:8a:2b:cb:a2:
        e7:a7:0a:53:e3:3f:17:e5:f4:f8:29:6c:b0:c2:c5:f5:
        b1:e6:51:8c:6a:eb:ca:d8:c2:5c:fe:af:fc:79:f5:6f:
        2b:be:1e:d0:14:e0:9d:ca:f7:df:99:87:01:75:4b:8f:
        be:83:64:ff:34:cf:63:a1:10:9d:76:8a:a7:40:bb:5a:
        b0:f4:d6:ae:7d:9d:23:5a:9a:4c:f8:11:35:c5:59:83:
        59:14:cf:3d:62:18:82:36:b2:82:d8:2b:b1:cf:7b:12:
        ff:0d:f7:02:48:03:31:7a:f0:6c:b5:f2:29:f4:b5:9f:
        8d:6a:e0:18:d4:6f:98:97:95:fa:da:7d:f9:7f:fd:7a:
        3e:f9:19:bf:b8:94:fe:67:63:9e:99:22:9c:c7:76:b7:
        72:2e:43:4a:cb:ff:cb:ef:6f:26:09:96:01:f9:ab:f6:
        5e:84:00:73:9d:da:7c:7f:75:68:5d:60:a4:62:5d:42:
        5d:5f:b6:8a:b2:be:91:72:0f:10:2f:2e:93:ef:b0:6d
    Fingerprint (SHA-256):
        B1:B0:1D:03:39:71:FC:5C:3E:C7:A1:D7:11:4F:97:86:66:66:EA:61:82:29:B3:8F:52:A9:8D:06:0C:31:CA:ED
    Fingerprint (SHA1):
        47:4C:13:5A:E7:B3:DB:16:86:90:A9:3A:A3:18:5C:DA:29:DB:47:53
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #4241: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #4242: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174084 (0x25712d04)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:54:01 2016
            Not After : Mon Jun 28 17:54:01 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:32:c2:a3:95:a7:8c:0f:c3:99:d5:ab:67:5e:03:e8:
                    d4:68:db:92:8d:28:da:cd:6c:5b:2d:03:8d:86:cb:18:
                    86:d9:a3:22:42:cc:8b:89:17:b0:5e:b0:8b:f9:bc:72:
                    7b:2f:8a:b8:9b:15:03:65:55:bc:4f:37:92:de:34:e5:
                    ec:77:c1:e4:4e:ab:d6:0e:63:c0:39:3f:94:29:8b:a6:
                    ae:5a:4c:87:1d:00:74:67:01:30:25:17:e4:11:f1:d6:
                    2a:de:65:c3:7b:18:64:97:b6:41:79:66:ab:8b:89:56:
                    c5:92:a9:ad:fe:6e:85:cb:5f:d1:fc:bb:d7:9f:98:85:
                    39:44:4f:f1:09:8b:12:fa:ec:72:a6:87:ad:f0:f8:7f:
                    b6:dd:0e:c7:e9:c3:83:32:1a:fb:e1:34:3b:c7:92:ed:
                    a6:e5:20:9e:ea:45:ba:eb:c4:20:0a:99:eb:57:a6:17:
                    3e:47:2c:00:d9:1d:1d:06:98:70:33:27:34:a6:c4:9f:
                    67:bc:31:d7:a5:44:35:22:a7:67:c6:47:4e:fa:48:ac:
                    4c:6a:d4:7d:04:97:a0:0e:8b:6b:25:da:63:af:68:11:
                    d4:09:7c:d3:7f:7a:f2:c1:b3:11:ef:38:ea:1f:2f:42:
                    0c:1d:c5:66:07:a4:27:f1:38:4c:b7:d2:e1:84:e6:45
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1b:3a:e0:40:1d:90:3d:ef:aa:e2:15:14:9f:b1:93:cb:
        de:f0:7d:bc:f1:8e:30:dc:6a:e6:69:9b:20:03:32:dd:
        72:c3:93:e4:62:92:58:35:ce:99:7f:03:42:de:f3:cd:
        7e:c1:92:cf:bb:52:cb:ae:9d:e9:4e:65:8a:2b:cb:a2:
        e7:a7:0a:53:e3:3f:17:e5:f4:f8:29:6c:b0:c2:c5:f5:
        b1:e6:51:8c:6a:eb:ca:d8:c2:5c:fe:af:fc:79:f5:6f:
        2b:be:1e:d0:14:e0:9d:ca:f7:df:99:87:01:75:4b:8f:
        be:83:64:ff:34:cf:63:a1:10:9d:76:8a:a7:40:bb:5a:
        b0:f4:d6:ae:7d:9d:23:5a:9a:4c:f8:11:35:c5:59:83:
        59:14:cf:3d:62:18:82:36:b2:82:d8:2b:b1:cf:7b:12:
        ff:0d:f7:02:48:03:31:7a:f0:6c:b5:f2:29:f4:b5:9f:
        8d:6a:e0:18:d4:6f:98:97:95:fa:da:7d:f9:7f:fd:7a:
        3e:f9:19:bf:b8:94:fe:67:63:9e:99:22:9c:c7:76:b7:
        72:2e:43:4a:cb:ff:cb:ef:6f:26:09:96:01:f9:ab:f6:
        5e:84:00:73:9d:da:7c:7f:75:68:5d:60:a4:62:5d:42:
        5d:5f:b6:8a:b2:be:91:72:0f:10:2f:2e:93:ef:b0:6d
    Fingerprint (SHA-256):
        B1:B0:1D:03:39:71:FC:5C:3E:C7:A1:D7:11:4F:97:86:66:66:EA:61:82:29:B3:8F:52:A9:8D:06:0C:31:CA:ED
    Fingerprint (SHA1):
        47:4C:13:5A:E7:B3:DB:16:86:90:A9:3A:A3:18:5C:DA:29:DB:47:53
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #4243: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #4244: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #4245: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174088 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4246: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #4247: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4248: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4249: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628174089   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4250: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4251: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4252: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4253: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174090   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4254: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4255: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4256: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4257: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628174091   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4258: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4259: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #4260: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174092 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4261: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #4262: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #4263: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4264: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628174093   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4265: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4266: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4267: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4268: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628174094   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4269: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4270: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #4271: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #4272: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #4273: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174088 (0x25712d08)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:05 2016
            Not After : Mon Jun 28 17:55:05 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:f8:74:07:cd:13:fd:88:0c:91:fb:12:69:fa:f5:40:
                    08:fc:fa:49:64:ea:01:b3:b4:31:f8:8a:c8:9b:10:63:
                    fb:f5:33:32:e0:d5:1c:41:51:03:80:4c:0d:89:07:3f:
                    61:03:c1:ad:e9:54:55:49:4a:19:5b:e0:8c:2a:3b:7f:
                    8f:de:ef:d8:20:1d:9b:b5:9d:41:8b:9d:06:63:79:b4:
                    7c:e8:a9:37:dc:43:18:45:0f:72:c2:92:7b:f8:70:16:
                    b9:4a:a0:ef:cf:a7:00:13:a6:cb:d9:bd:29:7d:c0:ba:
                    61:44:49:4c:b1:ea:5e:44:b3:04:a7:ef:e9:5d:65:e0:
                    69:2d:a5:31:97:f2:b7:56:2e:f8:58:83:af:fa:3d:7a:
                    a7:3a:d8:96:e8:cc:86:bd:43:13:76:8d:a7:b1:53:02:
                    12:8e:75:b5:76:93:d2:e3:12:7e:34:3e:d7:34:5c:cc:
                    1c:21:19:0e:f7:58:a3:9b:ce:ce:4b:30:25:60:1a:6f:
                    39:99:df:c8:39:e3:7c:f4:3e:b1:40:df:e8:1d:63:f9:
                    da:1b:fd:33:cc:66:b1:3d:7c:62:5a:de:2c:b4:6f:68:
                    d9:b6:ce:72:99:f1:6e:52:8a:a0:a1:bc:e4:d0:00:e8:
                    9e:10:d1:ce:6a:94:98:78:c2:59:a5:aa:00:45:be:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3e:de:4a:37:ac:c7:3a:1e:0c:58:87:b3:75:a7:de:b6:
        12:2c:e8:98:ee:bf:7c:33:09:37:85:39:cf:ec:02:82:
        a8:45:3b:a6:97:9e:ff:f7:3e:bc:d7:e5:36:5d:ce:e0:
        30:e8:a2:24:47:1b:ad:3c:6e:d5:3c:63:a0:50:31:ca:
        3d:99:cf:29:4c:0a:65:68:87:f9:78:86:e4:40:58:48:
        f7:dd:6a:34:c8:04:ff:a3:28:c6:57:8d:0e:bb:01:04:
        10:1a:10:06:76:4d:5f:9b:b4:99:f3:79:c4:40:47:cd:
        9c:21:2e:51:c4:f5:7d:a5:d1:40:db:04:41:4a:7c:77:
        a7:a8:ee:3c:80:35:20:92:02:01:f0:6c:b3:72:dd:f1:
        fb:0d:0c:b8:65:95:bf:3a:a3:97:fa:82:ad:54:1b:3f:
        81:d7:be:9a:88:42:af:2f:d7:10:c6:26:8e:73:92:d9:
        79:94:c8:2a:47:56:a6:54:10:78:ee:0b:3e:37:4a:70:
        fc:ec:96:2d:47:40:b6:dc:e0:82:95:3a:ba:0e:8f:61:
        4a:1f:7e:a0:ff:97:c8:85:e9:3a:83:da:32:ee:4c:bf:
        e1:1c:9c:5a:66:76:f5:6f:4b:bb:c1:4f:01:7f:bd:4f:
        f9:91:9a:a8:61:3b:4d:5a:86:ae:5e:51:e1:bb:37:d2
    Fingerprint (SHA-256):
        F8:89:70:EB:2B:C7:B2:A6:CC:F1:CA:B8:40:C5:0B:1C:7A:96:6D:CC:F9:E3:A9:B8:3D:F7:88:EC:0B:38:85:DB
    Fingerprint (SHA1):
        D9:34:E0:A6:06:BD:23:96:8C:FC:75:A9:7C:D7:8F:F8:D3:AD:4E:11
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4274: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174090 (0x25712d0a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:28 2016
            Not After : Mon Jun 28 17:55:28 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    da:4e:c1:1d:91:0a:47:dd:7e:5e:8f:a9:e8:37:16:7e:
                    81:b7:62:f0:d8:8b:20:ad:54:1c:91:7a:d2:ef:c5:ef:
                    b5:8a:5b:b1:70:e2:6d:2f:e3:ec:cb:4b:c2:84:82:7b:
                    16:8c:bc:41:5f:e1:bb:06:52:60:fc:1d:13:93:2a:d7:
                    4c:fd:4e:b1:27:ff:cc:b0:08:af:43:6e:58:50:6f:a3:
                    df:51:18:59:2a:6c:19:89:8d:46:0e:7d:34:db:c3:f2:
                    4b:08:01:46:f2:a8:0e:5b:28:a5:0c:0d:76:8a:09:f7:
                    e9:a9:66:fd:db:ce:8b:19:66:95:bc:68:e7:3d:b1:58:
                    b5:0a:95:00:02:bc:f5:d0:c3:b8:27:b7:63:d4:fc:ba:
                    cb:7f:e2:ce:26:ff:49:b6:af:8b:8c:c3:ee:b5:09:df:
                    27:0b:11:ac:f0:08:98:e7:0a:90:69:17:22:5f:08:e3:
                    c4:3e:86:72:e3:70:c2:0c:dc:2f:aa:d2:35:8b:e9:9e:
                    f2:67:ce:e3:d7:f6:71:0e:47:63:91:d8:44:df:91:3d:
                    f5:a9:f7:71:00:fd:d7:a6:b5:3b:f4:b2:37:ed:f3:19:
                    b5:ff:bc:28:25:0c:88:34:32:85:f2:91:dd:4f:53:14:
                    dc:2a:f3:b7:a7:ff:85:eb:9c:c0:fc:91:cb:f3:85:17
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        82:bb:e5:59:22:27:c9:1a:9d:8e:25:ae:5c:d6:06:2e:
        9f:b1:44:5c:b2:5b:2e:e1:a6:f5:f4:32:b2:67:c1:4b:
        e2:cd:56:a6:c2:a9:a0:6e:57:e0:54:24:c6:a7:99:f2:
        bf:31:60:bb:4b:55:50:a8:d9:fc:e0:01:b4:b7:2e:6b:
        b1:65:92:e0:3c:84:4a:cd:a1:35:5d:77:de:a4:cc:44:
        51:25:a1:87:cf:08:e8:bf:01:64:be:83:65:98:e6:7c:
        b9:bd:25:25:a8:3c:91:6c:b5:aa:37:e1:df:99:0e:cf:
        96:56:e3:29:e5:f5:48:fa:58:53:79:6a:c7:6a:8f:e9:
        91:82:be:89:d2:ee:d4:c3:db:50:2b:7a:94:a9:8d:05:
        ab:33:da:81:e9:0e:2d:7f:ff:c1:17:b2:5b:99:8a:b9:
        ad:7c:9b:82:48:6f:ef:68:46:16:97:9a:db:c3:18:a4:
        1b:83:c2:30:0a:08:5d:3c:68:fa:2b:80:46:0e:7d:52:
        b4:2a:6f:9a:3e:af:c0:6c:3b:a3:52:d4:65:bf:ee:6b:
        6b:27:d6:93:e5:44:67:ed:da:05:65:30:3c:94:8d:bd:
        9d:19:08:56:0a:c9:25:cc:f1:23:1d:05:30:5c:b9:49:
        29:69:b9:45:29:f9:69:de:03:21:e2:28:f1:27:36:da
    Fingerprint (SHA-256):
        3E:F5:CA:AE:F5:1C:07:5F:58:17:0F:B5:E8:9B:58:83:CE:F4:4A:64:8D:FE:C3:DE:71:61:61:90:3B:68:67:11
    Fingerprint (SHA1):
        9B:41:70:B8:CC:50:2E:0E:CC:15:D5:6A:88:A3:75:3D:BA:54:97:AA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4275: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174088 (0x25712d08)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:05 2016
            Not After : Mon Jun 28 17:55:05 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:f8:74:07:cd:13:fd:88:0c:91:fb:12:69:fa:f5:40:
                    08:fc:fa:49:64:ea:01:b3:b4:31:f8:8a:c8:9b:10:63:
                    fb:f5:33:32:e0:d5:1c:41:51:03:80:4c:0d:89:07:3f:
                    61:03:c1:ad:e9:54:55:49:4a:19:5b:e0:8c:2a:3b:7f:
                    8f:de:ef:d8:20:1d:9b:b5:9d:41:8b:9d:06:63:79:b4:
                    7c:e8:a9:37:dc:43:18:45:0f:72:c2:92:7b:f8:70:16:
                    b9:4a:a0:ef:cf:a7:00:13:a6:cb:d9:bd:29:7d:c0:ba:
                    61:44:49:4c:b1:ea:5e:44:b3:04:a7:ef:e9:5d:65:e0:
                    69:2d:a5:31:97:f2:b7:56:2e:f8:58:83:af:fa:3d:7a:
                    a7:3a:d8:96:e8:cc:86:bd:43:13:76:8d:a7:b1:53:02:
                    12:8e:75:b5:76:93:d2:e3:12:7e:34:3e:d7:34:5c:cc:
                    1c:21:19:0e:f7:58:a3:9b:ce:ce:4b:30:25:60:1a:6f:
                    39:99:df:c8:39:e3:7c:f4:3e:b1:40:df:e8:1d:63:f9:
                    da:1b:fd:33:cc:66:b1:3d:7c:62:5a:de:2c:b4:6f:68:
                    d9:b6:ce:72:99:f1:6e:52:8a:a0:a1:bc:e4:d0:00:e8:
                    9e:10:d1:ce:6a:94:98:78:c2:59:a5:aa:00:45:be:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3e:de:4a:37:ac:c7:3a:1e:0c:58:87:b3:75:a7:de:b6:
        12:2c:e8:98:ee:bf:7c:33:09:37:85:39:cf:ec:02:82:
        a8:45:3b:a6:97:9e:ff:f7:3e:bc:d7:e5:36:5d:ce:e0:
        30:e8:a2:24:47:1b:ad:3c:6e:d5:3c:63:a0:50:31:ca:
        3d:99:cf:29:4c:0a:65:68:87:f9:78:86:e4:40:58:48:
        f7:dd:6a:34:c8:04:ff:a3:28:c6:57:8d:0e:bb:01:04:
        10:1a:10:06:76:4d:5f:9b:b4:99:f3:79:c4:40:47:cd:
        9c:21:2e:51:c4:f5:7d:a5:d1:40:db:04:41:4a:7c:77:
        a7:a8:ee:3c:80:35:20:92:02:01:f0:6c:b3:72:dd:f1:
        fb:0d:0c:b8:65:95:bf:3a:a3:97:fa:82:ad:54:1b:3f:
        81:d7:be:9a:88:42:af:2f:d7:10:c6:26:8e:73:92:d9:
        79:94:c8:2a:47:56:a6:54:10:78:ee:0b:3e:37:4a:70:
        fc:ec:96:2d:47:40:b6:dc:e0:82:95:3a:ba:0e:8f:61:
        4a:1f:7e:a0:ff:97:c8:85:e9:3a:83:da:32:ee:4c:bf:
        e1:1c:9c:5a:66:76:f5:6f:4b:bb:c1:4f:01:7f:bd:4f:
        f9:91:9a:a8:61:3b:4d:5a:86:ae:5e:51:e1:bb:37:d2
    Fingerprint (SHA-256):
        F8:89:70:EB:2B:C7:B2:A6:CC:F1:CA:B8:40:C5:0B:1C:7A:96:6D:CC:F9:E3:A9:B8:3D:F7:88:EC:0B:38:85:DB
    Fingerprint (SHA1):
        D9:34:E0:A6:06:BD:23:96:8C:FC:75:A9:7C:D7:8F:F8:D3:AD:4E:11
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4276: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #4277: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174088 (0x25712d08)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:05 2016
            Not After : Mon Jun 28 17:55:05 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:f8:74:07:cd:13:fd:88:0c:91:fb:12:69:fa:f5:40:
                    08:fc:fa:49:64:ea:01:b3:b4:31:f8:8a:c8:9b:10:63:
                    fb:f5:33:32:e0:d5:1c:41:51:03:80:4c:0d:89:07:3f:
                    61:03:c1:ad:e9:54:55:49:4a:19:5b:e0:8c:2a:3b:7f:
                    8f:de:ef:d8:20:1d:9b:b5:9d:41:8b:9d:06:63:79:b4:
                    7c:e8:a9:37:dc:43:18:45:0f:72:c2:92:7b:f8:70:16:
                    b9:4a:a0:ef:cf:a7:00:13:a6:cb:d9:bd:29:7d:c0:ba:
                    61:44:49:4c:b1:ea:5e:44:b3:04:a7:ef:e9:5d:65:e0:
                    69:2d:a5:31:97:f2:b7:56:2e:f8:58:83:af:fa:3d:7a:
                    a7:3a:d8:96:e8:cc:86:bd:43:13:76:8d:a7:b1:53:02:
                    12:8e:75:b5:76:93:d2:e3:12:7e:34:3e:d7:34:5c:cc:
                    1c:21:19:0e:f7:58:a3:9b:ce:ce:4b:30:25:60:1a:6f:
                    39:99:df:c8:39:e3:7c:f4:3e:b1:40:df:e8:1d:63:f9:
                    da:1b:fd:33:cc:66:b1:3d:7c:62:5a:de:2c:b4:6f:68:
                    d9:b6:ce:72:99:f1:6e:52:8a:a0:a1:bc:e4:d0:00:e8:
                    9e:10:d1:ce:6a:94:98:78:c2:59:a5:aa:00:45:be:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3e:de:4a:37:ac:c7:3a:1e:0c:58:87:b3:75:a7:de:b6:
        12:2c:e8:98:ee:bf:7c:33:09:37:85:39:cf:ec:02:82:
        a8:45:3b:a6:97:9e:ff:f7:3e:bc:d7:e5:36:5d:ce:e0:
        30:e8:a2:24:47:1b:ad:3c:6e:d5:3c:63:a0:50:31:ca:
        3d:99:cf:29:4c:0a:65:68:87:f9:78:86:e4:40:58:48:
        f7:dd:6a:34:c8:04:ff:a3:28:c6:57:8d:0e:bb:01:04:
        10:1a:10:06:76:4d:5f:9b:b4:99:f3:79:c4:40:47:cd:
        9c:21:2e:51:c4:f5:7d:a5:d1:40:db:04:41:4a:7c:77:
        a7:a8:ee:3c:80:35:20:92:02:01:f0:6c:b3:72:dd:f1:
        fb:0d:0c:b8:65:95:bf:3a:a3:97:fa:82:ad:54:1b:3f:
        81:d7:be:9a:88:42:af:2f:d7:10:c6:26:8e:73:92:d9:
        79:94:c8:2a:47:56:a6:54:10:78:ee:0b:3e:37:4a:70:
        fc:ec:96:2d:47:40:b6:dc:e0:82:95:3a:ba:0e:8f:61:
        4a:1f:7e:a0:ff:97:c8:85:e9:3a:83:da:32:ee:4c:bf:
        e1:1c:9c:5a:66:76:f5:6f:4b:bb:c1:4f:01:7f:bd:4f:
        f9:91:9a:a8:61:3b:4d:5a:86:ae:5e:51:e1:bb:37:d2
    Fingerprint (SHA-256):
        F8:89:70:EB:2B:C7:B2:A6:CC:F1:CA:B8:40:C5:0B:1C:7A:96:6D:CC:F9:E3:A9:B8:3D:F7:88:EC:0B:38:85:DB
    Fingerprint (SHA1):
        D9:34:E0:A6:06:BD:23:96:8C:FC:75:A9:7C:D7:8F:F8:D3:AD:4E:11
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4278: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174090 (0x25712d0a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:28 2016
            Not After : Mon Jun 28 17:55:28 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    da:4e:c1:1d:91:0a:47:dd:7e:5e:8f:a9:e8:37:16:7e:
                    81:b7:62:f0:d8:8b:20:ad:54:1c:91:7a:d2:ef:c5:ef:
                    b5:8a:5b:b1:70:e2:6d:2f:e3:ec:cb:4b:c2:84:82:7b:
                    16:8c:bc:41:5f:e1:bb:06:52:60:fc:1d:13:93:2a:d7:
                    4c:fd:4e:b1:27:ff:cc:b0:08:af:43:6e:58:50:6f:a3:
                    df:51:18:59:2a:6c:19:89:8d:46:0e:7d:34:db:c3:f2:
                    4b:08:01:46:f2:a8:0e:5b:28:a5:0c:0d:76:8a:09:f7:
                    e9:a9:66:fd:db:ce:8b:19:66:95:bc:68:e7:3d:b1:58:
                    b5:0a:95:00:02:bc:f5:d0:c3:b8:27:b7:63:d4:fc:ba:
                    cb:7f:e2:ce:26:ff:49:b6:af:8b:8c:c3:ee:b5:09:df:
                    27:0b:11:ac:f0:08:98:e7:0a:90:69:17:22:5f:08:e3:
                    c4:3e:86:72:e3:70:c2:0c:dc:2f:aa:d2:35:8b:e9:9e:
                    f2:67:ce:e3:d7:f6:71:0e:47:63:91:d8:44:df:91:3d:
                    f5:a9:f7:71:00:fd:d7:a6:b5:3b:f4:b2:37:ed:f3:19:
                    b5:ff:bc:28:25:0c:88:34:32:85:f2:91:dd:4f:53:14:
                    dc:2a:f3:b7:a7:ff:85:eb:9c:c0:fc:91:cb:f3:85:17
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        82:bb:e5:59:22:27:c9:1a:9d:8e:25:ae:5c:d6:06:2e:
        9f:b1:44:5c:b2:5b:2e:e1:a6:f5:f4:32:b2:67:c1:4b:
        e2:cd:56:a6:c2:a9:a0:6e:57:e0:54:24:c6:a7:99:f2:
        bf:31:60:bb:4b:55:50:a8:d9:fc:e0:01:b4:b7:2e:6b:
        b1:65:92:e0:3c:84:4a:cd:a1:35:5d:77:de:a4:cc:44:
        51:25:a1:87:cf:08:e8:bf:01:64:be:83:65:98:e6:7c:
        b9:bd:25:25:a8:3c:91:6c:b5:aa:37:e1:df:99:0e:cf:
        96:56:e3:29:e5:f5:48:fa:58:53:79:6a:c7:6a:8f:e9:
        91:82:be:89:d2:ee:d4:c3:db:50:2b:7a:94:a9:8d:05:
        ab:33:da:81:e9:0e:2d:7f:ff:c1:17:b2:5b:99:8a:b9:
        ad:7c:9b:82:48:6f:ef:68:46:16:97:9a:db:c3:18:a4:
        1b:83:c2:30:0a:08:5d:3c:68:fa:2b:80:46:0e:7d:52:
        b4:2a:6f:9a:3e:af:c0:6c:3b:a3:52:d4:65:bf:ee:6b:
        6b:27:d6:93:e5:44:67:ed:da:05:65:30:3c:94:8d:bd:
        9d:19:08:56:0a:c9:25:cc:f1:23:1d:05:30:5c:b9:49:
        29:69:b9:45:29:f9:69:de:03:21:e2:28:f1:27:36:da
    Fingerprint (SHA-256):
        3E:F5:CA:AE:F5:1C:07:5F:58:17:0F:B5:E8:9B:58:83:CE:F4:4A:64:8D:FE:C3:DE:71:61:61:90:3B:68:67:11
    Fingerprint (SHA1):
        9B:41:70:B8:CC:50:2E:0E:CC:15:D5:6A:88:A3:75:3D:BA:54:97:AA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4279: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #4280: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #4281: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #4282: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174088 (0x25712d08)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:05 2016
            Not After : Mon Jun 28 17:55:05 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:f8:74:07:cd:13:fd:88:0c:91:fb:12:69:fa:f5:40:
                    08:fc:fa:49:64:ea:01:b3:b4:31:f8:8a:c8:9b:10:63:
                    fb:f5:33:32:e0:d5:1c:41:51:03:80:4c:0d:89:07:3f:
                    61:03:c1:ad:e9:54:55:49:4a:19:5b:e0:8c:2a:3b:7f:
                    8f:de:ef:d8:20:1d:9b:b5:9d:41:8b:9d:06:63:79:b4:
                    7c:e8:a9:37:dc:43:18:45:0f:72:c2:92:7b:f8:70:16:
                    b9:4a:a0:ef:cf:a7:00:13:a6:cb:d9:bd:29:7d:c0:ba:
                    61:44:49:4c:b1:ea:5e:44:b3:04:a7:ef:e9:5d:65:e0:
                    69:2d:a5:31:97:f2:b7:56:2e:f8:58:83:af:fa:3d:7a:
                    a7:3a:d8:96:e8:cc:86:bd:43:13:76:8d:a7:b1:53:02:
                    12:8e:75:b5:76:93:d2:e3:12:7e:34:3e:d7:34:5c:cc:
                    1c:21:19:0e:f7:58:a3:9b:ce:ce:4b:30:25:60:1a:6f:
                    39:99:df:c8:39:e3:7c:f4:3e:b1:40:df:e8:1d:63:f9:
                    da:1b:fd:33:cc:66:b1:3d:7c:62:5a:de:2c:b4:6f:68:
                    d9:b6:ce:72:99:f1:6e:52:8a:a0:a1:bc:e4:d0:00:e8:
                    9e:10:d1:ce:6a:94:98:78:c2:59:a5:aa:00:45:be:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3e:de:4a:37:ac:c7:3a:1e:0c:58:87:b3:75:a7:de:b6:
        12:2c:e8:98:ee:bf:7c:33:09:37:85:39:cf:ec:02:82:
        a8:45:3b:a6:97:9e:ff:f7:3e:bc:d7:e5:36:5d:ce:e0:
        30:e8:a2:24:47:1b:ad:3c:6e:d5:3c:63:a0:50:31:ca:
        3d:99:cf:29:4c:0a:65:68:87:f9:78:86:e4:40:58:48:
        f7:dd:6a:34:c8:04:ff:a3:28:c6:57:8d:0e:bb:01:04:
        10:1a:10:06:76:4d:5f:9b:b4:99:f3:79:c4:40:47:cd:
        9c:21:2e:51:c4:f5:7d:a5:d1:40:db:04:41:4a:7c:77:
        a7:a8:ee:3c:80:35:20:92:02:01:f0:6c:b3:72:dd:f1:
        fb:0d:0c:b8:65:95:bf:3a:a3:97:fa:82:ad:54:1b:3f:
        81:d7:be:9a:88:42:af:2f:d7:10:c6:26:8e:73:92:d9:
        79:94:c8:2a:47:56:a6:54:10:78:ee:0b:3e:37:4a:70:
        fc:ec:96:2d:47:40:b6:dc:e0:82:95:3a:ba:0e:8f:61:
        4a:1f:7e:a0:ff:97:c8:85:e9:3a:83:da:32:ee:4c:bf:
        e1:1c:9c:5a:66:76:f5:6f:4b:bb:c1:4f:01:7f:bd:4f:
        f9:91:9a:a8:61:3b:4d:5a:86:ae:5e:51:e1:bb:37:d2
    Fingerprint (SHA-256):
        F8:89:70:EB:2B:C7:B2:A6:CC:F1:CA:B8:40:C5:0B:1C:7A:96:6D:CC:F9:E3:A9:B8:3D:F7:88:EC:0B:38:85:DB
    Fingerprint (SHA1):
        D9:34:E0:A6:06:BD:23:96:8C:FC:75:A9:7C:D7:8F:F8:D3:AD:4E:11
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4283: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174092 (0x25712d0c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:40 2016
            Not After : Mon Jun 28 17:55:40 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c7:a8:b8:14:6c:da:48:04:96:3f:38:6d:f6:2c:ee:f3:
                    7e:98:3c:88:f8:1d:68:39:ab:79:62:a6:e3:20:b6:cf:
                    a0:e6:78:58:3d:e8:f8:bd:f5:07:dc:47:a2:f2:ca:14:
                    15:67:71:35:96:ae:d6:90:e0:19:b6:cc:5e:09:b6:6a:
                    71:c8:83:2b:21:16:42:f7:b2:f3:65:31:ce:74:ba:1a:
                    14:41:34:3e:54:88:c0:b8:c1:86:05:f5:08:91:bf:78:
                    82:7e:59:b2:96:14:b7:7f:2e:b9:32:72:e6:8d:61:8f:
                    a5:79:90:f0:4b:05:fa:3b:c3:66:8f:56:1a:66:31:e3:
                    b8:4d:c5:a3:00:3e:90:4f:56:7e:1a:0c:6e:7b:26:2c:
                    ed:d0:83:e5:40:13:96:21:5b:67:66:5f:af:d0:63:7b:
                    63:91:02:6f:1a:bc:11:30:94:12:d7:01:4d:97:61:1d:
                    d4:0c:9a:11:c3:89:86:f2:fc:cf:38:e2:5e:d9:5f:31:
                    a3:7a:ae:ac:10:c0:1c:bd:9f:5f:a1:14:c8:e8:d6:c7:
                    64:e9:24:7b:76:c0:81:ac:6c:5b:9c:3c:c6:81:78:fa:
                    df:04:0d:e0:b8:1c:09:ab:b2:be:33:9f:bb:f7:13:5a:
                    2f:a3:15:71:aa:0b:95:60:6b:e4:75:fe:e3:c3:ce:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7b:f4:e8:c9:ad:b0:b6:eb:f4:ce:f5:ca:a5:03:9a:e2:
        ab:a3:41:f1:09:32:0f:c8:f2:67:05:f9:97:5d:3b:32:
        90:9f:1e:3c:92:cb:96:d5:00:3c:e5:ca:3e:6c:67:dd:
        bc:57:fb:6e:f6:1d:82:7b:52:7d:b3:ba:be:a7:b9:a1:
        66:77:37:6d:90:89:88:be:6a:56:e7:fb:c8:80:ce:fe:
        da:fe:a6:90:2a:73:0c:99:4c:26:4f:0a:ba:52:f1:36:
        1c:ca:9d:72:f0:ac:f2:cd:cc:84:3e:fc:db:99:3f:dd:
        f8:5e:78:b4:09:96:30:59:02:b5:81:06:7e:07:13:7d:
        9e:d0:69:ab:3d:cb:11:94:62:b7:3f:ea:90:34:95:ef:
        c4:f7:dc:54:10:69:ab:42:e1:bd:ad:ba:3a:16:f3:ae:
        2b:0c:81:0f:77:8f:23:d5:56:22:a9:48:1c:9d:29:95:
        88:e7:55:34:43:a7:6b:a9:ad:e4:c8:0d:33:a3:5a:e9:
        37:f3:4c:77:bc:78:7e:8a:a3:a0:b2:ed:fe:60:2b:1f:
        19:bc:8a:2a:85:72:97:92:da:fe:b1:f4:3f:75:67:10:
        76:4b:44:e4:25:02:52:12:d5:a5:a7:b5:e6:4f:fb:06:
        cf:87:6a:eb:30:82:32:de:42:f0:66:be:b8:11:78:11
    Fingerprint (SHA-256):
        4F:56:95:9F:F2:1C:2B:60:CF:D2:E5:87:18:27:69:B3:1A:78:68:33:76:D6:99:B0:EA:A4:E5:B4:5B:BF:31:30
    Fingerprint (SHA1):
        98:76:D9:C6:9A:0A:45:FD:7E:10:FE:66:08:57:26:C3:1E:85:A2:94
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #4284: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174088 (0x25712d08)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:05 2016
            Not After : Mon Jun 28 17:55:05 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:f8:74:07:cd:13:fd:88:0c:91:fb:12:69:fa:f5:40:
                    08:fc:fa:49:64:ea:01:b3:b4:31:f8:8a:c8:9b:10:63:
                    fb:f5:33:32:e0:d5:1c:41:51:03:80:4c:0d:89:07:3f:
                    61:03:c1:ad:e9:54:55:49:4a:19:5b:e0:8c:2a:3b:7f:
                    8f:de:ef:d8:20:1d:9b:b5:9d:41:8b:9d:06:63:79:b4:
                    7c:e8:a9:37:dc:43:18:45:0f:72:c2:92:7b:f8:70:16:
                    b9:4a:a0:ef:cf:a7:00:13:a6:cb:d9:bd:29:7d:c0:ba:
                    61:44:49:4c:b1:ea:5e:44:b3:04:a7:ef:e9:5d:65:e0:
                    69:2d:a5:31:97:f2:b7:56:2e:f8:58:83:af:fa:3d:7a:
                    a7:3a:d8:96:e8:cc:86:bd:43:13:76:8d:a7:b1:53:02:
                    12:8e:75:b5:76:93:d2:e3:12:7e:34:3e:d7:34:5c:cc:
                    1c:21:19:0e:f7:58:a3:9b:ce:ce:4b:30:25:60:1a:6f:
                    39:99:df:c8:39:e3:7c:f4:3e:b1:40:df:e8:1d:63:f9:
                    da:1b:fd:33:cc:66:b1:3d:7c:62:5a:de:2c:b4:6f:68:
                    d9:b6:ce:72:99:f1:6e:52:8a:a0:a1:bc:e4:d0:00:e8:
                    9e:10:d1:ce:6a:94:98:78:c2:59:a5:aa:00:45:be:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3e:de:4a:37:ac:c7:3a:1e:0c:58:87:b3:75:a7:de:b6:
        12:2c:e8:98:ee:bf:7c:33:09:37:85:39:cf:ec:02:82:
        a8:45:3b:a6:97:9e:ff:f7:3e:bc:d7:e5:36:5d:ce:e0:
        30:e8:a2:24:47:1b:ad:3c:6e:d5:3c:63:a0:50:31:ca:
        3d:99:cf:29:4c:0a:65:68:87:f9:78:86:e4:40:58:48:
        f7:dd:6a:34:c8:04:ff:a3:28:c6:57:8d:0e:bb:01:04:
        10:1a:10:06:76:4d:5f:9b:b4:99:f3:79:c4:40:47:cd:
        9c:21:2e:51:c4:f5:7d:a5:d1:40:db:04:41:4a:7c:77:
        a7:a8:ee:3c:80:35:20:92:02:01:f0:6c:b3:72:dd:f1:
        fb:0d:0c:b8:65:95:bf:3a:a3:97:fa:82:ad:54:1b:3f:
        81:d7:be:9a:88:42:af:2f:d7:10:c6:26:8e:73:92:d9:
        79:94:c8:2a:47:56:a6:54:10:78:ee:0b:3e:37:4a:70:
        fc:ec:96:2d:47:40:b6:dc:e0:82:95:3a:ba:0e:8f:61:
        4a:1f:7e:a0:ff:97:c8:85:e9:3a:83:da:32:ee:4c:bf:
        e1:1c:9c:5a:66:76:f5:6f:4b:bb:c1:4f:01:7f:bd:4f:
        f9:91:9a:a8:61:3b:4d:5a:86:ae:5e:51:e1:bb:37:d2
    Fingerprint (SHA-256):
        F8:89:70:EB:2B:C7:B2:A6:CC:F1:CA:B8:40:C5:0B:1C:7A:96:6D:CC:F9:E3:A9:B8:3D:F7:88:EC:0B:38:85:DB
    Fingerprint (SHA1):
        D9:34:E0:A6:06:BD:23:96:8C:FC:75:A9:7C:D7:8F:F8:D3:AD:4E:11
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4285: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #4286: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #4287: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #4288: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #4289: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #4290: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174093 (0x25712d0d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 17:55:48 2016
            Not After : Mon Jun 28 17:55:48 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    94:a2:bf:6b:b9:20:77:00:af:6e:e2:14:af:70:06:05:
                    57:30:3a:8f:23:0a:dd:c9:e8:cb:f8:16:09:5e:03:23:
                    fb:b2:9a:38:c1:37:f6:de:a3:bb:11:00:04:57:de:43:
                    92:a1:d3:a7:5d:24:ef:f4:c8:3a:1b:1b:28:d3:9c:48:
                    fb:9f:5a:d0:d2:cd:e7:43:73:a6:29:d3:c7:b7:3c:e5:
                    29:59:a5:9e:a3:e5:ef:d0:99:80:5e:7d:35:83:f5:47:
                    2c:35:96:02:d4:f9:eb:10:6e:6f:32:86:c4:ad:30:13:
                    fb:24:50:d9:87:fe:d7:be:e3:e9:84:e3:7c:b2:f1:d2:
                    07:97:05:6b:f1:cd:77:f3:8d:ce:49:54:35:b9:b3:c3:
                    14:88:05:30:99:94:88:3d:15:ea:36:bf:a7:56:63:a5:
                    05:11:b2:d4:3d:7f:71:cc:b2:4f:02:d1:26:a8:9a:89:
                    96:ba:90:74:ff:7b:18:0d:d7:8e:12:86:4e:30:06:21:
                    ec:b9:bf:b5:2e:0b:f1:49:e1:40:84:16:6b:aa:ff:fa:
                    12:4f:30:7d:b9:e4:8a:c2:4c:b5:81:16:24:63:42:c2:
                    98:25:6d:13:6b:05:28:2a:d0:52:1c:bb:3b:8a:50:42:
                    3f:7b:cf:37:4a:b0:d6:58:cc:1c:5a:2b:f7:0f:5b:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b3:b7:e1:89:35:29:ae:14:08:04:5f:6d:13:01:f0:46:
        29:95:f3:54:2e:5a:dd:9b:4f:d0:be:1c:74:a3:5d:ef:
        9f:5d:84:98:4b:43:18:84:51:e6:de:42:49:6e:c4:3c:
        c5:fb:91:7d:64:f2:75:bb:91:49:e1:ed:17:7f:bd:b5:
        d1:ac:67:2d:e4:7d:d3:b2:37:ed:16:54:c1:93:2a:82:
        80:49:30:18:f0:e7:98:81:17:33:1c:31:65:73:9b:e8:
        68:5d:a7:27:07:95:3a:f7:4d:43:a3:07:d3:5e:94:34:
        8b:0f:37:92:7e:11:70:c4:64:16:d5:ee:aa:7c:07:71:
        9f:ef:ee:e8:d4:53:e4:0c:67:ea:38:e9:48:db:8d:ab:
        b1:fa:76:f9:ec:02:0e:64:9a:4f:19:fc:ba:82:99:cb:
        17:9f:74:e2:33:be:f4:77:09:57:36:34:a1:f6:d8:d2:
        a4:a8:9e:f7:83:a7:6f:a8:db:19:dd:b5:d8:7f:42:62:
        c6:60:88:bc:14:d6:b8:45:23:7f:98:e3:23:4c:61:7d:
        95:29:1a:79:2b:ff:f6:78:1f:9a:28:d4:4f:e2:f8:6b:
        48:a2:cf:88:93:02:bd:fc:27:a9:6b:57:0c:b1:02:c6:
        5d:79:24:ad:da:29:64:8d:c6:02:fb:c4:01:be:8e:b3
    Fingerprint (SHA-256):
        46:98:F6:4C:EE:06:42:DD:65:89:B2:F7:8A:A8:D2:CB:F6:D6:FF:AA:53:5D:95:0D:30:9A:9E:3A:3D:FD:E6:B2
    Fingerprint (SHA1):
        50:97:7B:1E:4B:A2:EA:E2:58:E2:DE:16:EF:B5:71:21:94:F3:7D:63
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4291: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #4292: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #4293: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #4294: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #4295: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #4296: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4297: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4298: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #4299: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4300: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4301: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4302: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4303: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #4304: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4305: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4306: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4307: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #4308: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4309: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #4310: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4311: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #4312: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #4313: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #4314: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 3080 at Tue Jun 28 17:56:01 UTC 2016
kill -USR1 3080
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 3080 killed at Tue Jun 28 17:56:01 UTC 2016
httpserv starting at Tue Jun 28 17:56:01 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/OCSPCA3.crl \
         -O get-unknown -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 17:56:01 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 18491 >/dev/null 2>/dev/null
httpserv with PID 18491 found at Tue Jun 28 17:56:01 UTC 2016
httpserv with PID 18491 started at Tue Jun 28 17:56:01 UTC 2016
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4315: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174095 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4316: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4317: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4318: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174096 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4319: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4320: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4321: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4322: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628174097 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4323: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4324: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628174098 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4325: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4326: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #4327: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #4328: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4329: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628174099   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4330: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4331: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4332: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #4333: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #4334: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174096 (0x25712d10)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:13 2016
            Not After : Mon Jun 28 17:56:13 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:22:57:80:62:47:30:29:12:c3:2b:8d:df:12:20:9f:
                    64:1d:b9:a3:02:04:64:8a:e8:bf:38:1a:28:58:91:3d:
                    c4:18:89:d2:b7:5d:79:81:2e:8a:89:af:a8:4f:63:36:
                    9e:12:4c:87:8b:2b:bb:9b:da:c1:9b:4e:1c:d8:6f:23:
                    76:9f:05:a2:a3:1c:bb:dd:76:32:f6:9c:ff:e0:90:81:
                    01:ba:4a:d8:41:92:50:ad:56:9c:37:31:4a:30:41:fe:
                    f0:75:e1:cc:01:e0:d7:80:5c:0c:6b:46:8d:bc:a2:d0:
                    2f:53:03:c5:6a:9c:cb:8b:57:c6:8d:79:7f:2c:69:2c:
                    7d:62:1a:e7:60:aa:19:42:c8:92:ce:4c:55:4d:31:9a:
                    44:64:cb:a0:83:99:ca:1d:2d:db:81:39:f4:c1:24:cf:
                    b4:1c:f0:54:c9:47:96:d3:15:58:08:65:68:8c:4a:d2:
                    8b:69:4b:da:8e:d1:cf:7d:d4:2d:c0:7f:07:05:bb:00:
                    69:73:3d:ed:02:0c:5c:98:df:8c:d6:ae:d6:e2:4c:7e:
                    9f:a8:d8:38:31:d7:e6:f8:44:aa:f5:bc:e8:0b:25:81:
                    0b:e0:9a:5b:d0:d9:1b:fe:10:2d:78:17:f1:dc:de:5c:
                    b1:e8:e5:e8:97:c4:18:0e:bd:b6:75:31:f6:0c:99:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        35:ae:c2:92:8c:dd:ac:b6:32:a4:25:74:79:43:04:b8:
        9a:54:88:ab:6f:da:9f:02:95:a9:94:7d:80:3b:88:00:
        a1:af:3b:a9:16:2f:cc:5a:4c:d7:c5:3a:21:d3:13:b2:
        fa:48:0e:f3:97:2a:d7:5c:55:c4:cb:0b:bb:91:f2:34:
        31:03:aa:f6:fb:5b:cc:af:05:2b:e5:aa:73:e9:1f:c7:
        a6:3d:2e:e3:5c:db:a6:55:b1:ca:69:19:85:79:ff:1d:
        d0:75:b6:87:31:4c:4b:6b:a2:59:69:4e:bf:11:d1:5a:
        b8:81:d2:6f:2f:d7:c5:08:4f:f4:84:46:0f:cd:aa:73:
        5d:f1:ef:56:16:43:c3:b8:ba:b1:5e:58:92:07:6e:f5:
        81:cb:92:5c:d6:1b:35:9a:c4:86:b9:fb:d0:5f:69:3d:
        8b:9d:f7:78:cc:1f:68:26:72:e7:88:2c:a3:d2:21:b1:
        bb:9b:c3:13:42:cc:94:a5:45:70:7f:f5:ef:a6:c9:45:
        5c:e3:6e:ca:a8:60:67:b1:ef:f1:b3:8c:bd:b4:db:de:
        67:84:a9:91:0c:c2:ac:bd:6a:7b:47:d8:9e:a1:89:88:
        3a:e8:de:68:78:d9:99:42:66:fa:3a:9d:a6:37:f6:f6:
        9a:71:7f:7d:0d:65:06:20:34:02:9e:70:e1:eb:98:be
    Fingerprint (SHA-256):
        BB:EF:B2:81:3C:0D:25:3F:58:80:63:57:43:D1:7D:09:15:E5:4D:B7:38:2C:43:98:C5:F3:5A:CB:11:41:DD:02
    Fingerprint (SHA1):
        88:85:E2:9A:E1:A4:52:65:8B:33:4C:49:D3:9A:45:17:9B:C4:90:F4
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4335: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174095 (0x25712d0f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:08 2016
            Not After : Mon Jun 28 17:56:08 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cb:4d:7c:c5:88:e0:61:0d:0e:3a:2b:66:3e:29:93:ff:
                    27:50:13:6e:e4:1e:ab:bb:5e:92:da:4b:a4:19:3c:0e:
                    ae:cc:1d:a2:c2:8e:b9:bc:eb:f8:1c:71:1c:60:85:8c:
                    a0:e9:c3:7a:f1:4c:3b:16:ec:02:36:7e:f6:32:e0:4d:
                    9d:b5:7a:3e:f0:10:e4:58:df:c5:b4:d5:56:19:ea:92:
                    2f:f9:e1:d1:44:ac:0e:0f:3d:35:40:36:ee:75:fb:ef:
                    4d:91:f6:ec:75:fc:49:cd:31:e8:08:0b:2e:ad:fe:ab:
                    e7:ac:47:09:b5:ad:98:8a:66:10:a2:9f:dd:81:6a:b9:
                    1c:55:40:16:7a:df:15:b0:0b:be:c9:21:b8:70:70:7a:
                    60:c2:78:35:85:18:81:3a:b3:28:f9:6d:e3:d1:77:b0:
                    7a:0b:28:db:c8:cc:2a:9f:a5:fc:8c:3b:dc:eb:09:b4:
                    86:eb:ff:8b:27:f8:8f:50:45:34:5f:04:90:61:74:bb:
                    3a:c2:d0:ad:be:c0:02:00:93:25:26:3a:64:3d:be:00:
                    a3:36:22:e0:2f:45:7d:5b:82:e6:b1:0c:09:dd:34:da:
                    a8:f3:54:df:0f:89:7c:b6:a8:53:88:cc:48:f6:5f:5a:
                    88:13:5f:45:0a:c2:bb:b5:43:c9:40:09:67:e4:0f:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bc:b7:b9:4b:e1:3a:2b:7d:e0:1d:ab:06:f7:11:69:af:
        82:b0:c0:54:b6:3f:9e:24:e9:79:0c:3b:df:ac:83:7d:
        66:2b:8d:67:11:56:ae:79:69:5d:ef:af:79:39:8c:c5:
        3e:57:bc:3f:fd:54:d3:65:bc:96:64:50:c2:6a:c6:ca:
        19:68:f5:d9:6d:12:ad:16:a7:0e:87:8a:c4:bd:1c:f7:
        3a:75:63:10:66:71:86:ca:34:31:ba:4c:bd:d9:78:66:
        ec:96:7b:e3:bf:65:bc:e9:75:18:12:68:da:c6:74:65:
        1e:a1:c8:9c:86:09:42:36:b1:ca:f6:df:76:1a:c2:e9:
        51:00:15:90:aa:f6:1f:3f:7f:cb:92:03:75:15:4d:e3:
        5c:a5:24:d6:58:bc:35:d8:65:36:c9:03:4e:2f:04:59:
        4d:00:c9:3c:4e:77:4a:d0:46:1e:61:58:59:89:2f:6e:
        4d:bb:59:87:c0:48:81:c9:50:ee:be:f2:c5:16:67:c5:
        c8:a0:19:c8:53:b1:11:78:5c:21:fd:22:83:a1:b1:5b:
        d9:0b:d5:fa:1f:e0:68:48:70:4f:4a:8c:5e:69:e2:f3:
        3e:c2:09:d0:4a:9a:a7:2f:28:f9:b7:af:48:02:de:2d:
        70:c6:a3:91:a8:87:e3:47:2d:25:df:ca:1f:ba:09:ce
    Fingerprint (SHA-256):
        22:06:1F:5A:DB:80:C0:7D:0A:41:FA:90:E5:D3:0A:C7:64:56:1F:64:4D:16:35:79:2B:BA:4C:C5:BF:43:9D:C9
    Fingerprint (SHA1):
        9C:98:17:9C:88:BF:C9:CA:C8:5B:EF:B0:91:42:69:0F:31:BC:8F:5D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4336: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4337: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #4338: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #4339: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174095 (0x25712d0f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:08 2016
            Not After : Mon Jun 28 17:56:08 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cb:4d:7c:c5:88:e0:61:0d:0e:3a:2b:66:3e:29:93:ff:
                    27:50:13:6e:e4:1e:ab:bb:5e:92:da:4b:a4:19:3c:0e:
                    ae:cc:1d:a2:c2:8e:b9:bc:eb:f8:1c:71:1c:60:85:8c:
                    a0:e9:c3:7a:f1:4c:3b:16:ec:02:36:7e:f6:32:e0:4d:
                    9d:b5:7a:3e:f0:10:e4:58:df:c5:b4:d5:56:19:ea:92:
                    2f:f9:e1:d1:44:ac:0e:0f:3d:35:40:36:ee:75:fb:ef:
                    4d:91:f6:ec:75:fc:49:cd:31:e8:08:0b:2e:ad:fe:ab:
                    e7:ac:47:09:b5:ad:98:8a:66:10:a2:9f:dd:81:6a:b9:
                    1c:55:40:16:7a:df:15:b0:0b:be:c9:21:b8:70:70:7a:
                    60:c2:78:35:85:18:81:3a:b3:28:f9:6d:e3:d1:77:b0:
                    7a:0b:28:db:c8:cc:2a:9f:a5:fc:8c:3b:dc:eb:09:b4:
                    86:eb:ff:8b:27:f8:8f:50:45:34:5f:04:90:61:74:bb:
                    3a:c2:d0:ad:be:c0:02:00:93:25:26:3a:64:3d:be:00:
                    a3:36:22:e0:2f:45:7d:5b:82:e6:b1:0c:09:dd:34:da:
                    a8:f3:54:df:0f:89:7c:b6:a8:53:88:cc:48:f6:5f:5a:
                    88:13:5f:45:0a:c2:bb:b5:43:c9:40:09:67:e4:0f:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bc:b7:b9:4b:e1:3a:2b:7d:e0:1d:ab:06:f7:11:69:af:
        82:b0:c0:54:b6:3f:9e:24:e9:79:0c:3b:df:ac:83:7d:
        66:2b:8d:67:11:56:ae:79:69:5d:ef:af:79:39:8c:c5:
        3e:57:bc:3f:fd:54:d3:65:bc:96:64:50:c2:6a:c6:ca:
        19:68:f5:d9:6d:12:ad:16:a7:0e:87:8a:c4:bd:1c:f7:
        3a:75:63:10:66:71:86:ca:34:31:ba:4c:bd:d9:78:66:
        ec:96:7b:e3:bf:65:bc:e9:75:18:12:68:da:c6:74:65:
        1e:a1:c8:9c:86:09:42:36:b1:ca:f6:df:76:1a:c2:e9:
        51:00:15:90:aa:f6:1f:3f:7f:cb:92:03:75:15:4d:e3:
        5c:a5:24:d6:58:bc:35:d8:65:36:c9:03:4e:2f:04:59:
        4d:00:c9:3c:4e:77:4a:d0:46:1e:61:58:59:89:2f:6e:
        4d:bb:59:87:c0:48:81:c9:50:ee:be:f2:c5:16:67:c5:
        c8:a0:19:c8:53:b1:11:78:5c:21:fd:22:83:a1:b1:5b:
        d9:0b:d5:fa:1f:e0:68:48:70:4f:4a:8c:5e:69:e2:f3:
        3e:c2:09:d0:4a:9a:a7:2f:28:f9:b7:af:48:02:de:2d:
        70:c6:a3:91:a8:87:e3:47:2d:25:df:ca:1f:ba:09:ce
    Fingerprint (SHA-256):
        22:06:1F:5A:DB:80:C0:7D:0A:41:FA:90:E5:D3:0A:C7:64:56:1F:64:4D:16:35:79:2B:BA:4C:C5:BF:43:9D:C9
    Fingerprint (SHA1):
        9C:98:17:9C:88:BF:C9:CA:C8:5B:EF:B0:91:42:69:0F:31:BC:8F:5D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4340: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174096 (0x25712d10)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:13 2016
            Not After : Mon Jun 28 17:56:13 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:22:57:80:62:47:30:29:12:c3:2b:8d:df:12:20:9f:
                    64:1d:b9:a3:02:04:64:8a:e8:bf:38:1a:28:58:91:3d:
                    c4:18:89:d2:b7:5d:79:81:2e:8a:89:af:a8:4f:63:36:
                    9e:12:4c:87:8b:2b:bb:9b:da:c1:9b:4e:1c:d8:6f:23:
                    76:9f:05:a2:a3:1c:bb:dd:76:32:f6:9c:ff:e0:90:81:
                    01:ba:4a:d8:41:92:50:ad:56:9c:37:31:4a:30:41:fe:
                    f0:75:e1:cc:01:e0:d7:80:5c:0c:6b:46:8d:bc:a2:d0:
                    2f:53:03:c5:6a:9c:cb:8b:57:c6:8d:79:7f:2c:69:2c:
                    7d:62:1a:e7:60:aa:19:42:c8:92:ce:4c:55:4d:31:9a:
                    44:64:cb:a0:83:99:ca:1d:2d:db:81:39:f4:c1:24:cf:
                    b4:1c:f0:54:c9:47:96:d3:15:58:08:65:68:8c:4a:d2:
                    8b:69:4b:da:8e:d1:cf:7d:d4:2d:c0:7f:07:05:bb:00:
                    69:73:3d:ed:02:0c:5c:98:df:8c:d6:ae:d6:e2:4c:7e:
                    9f:a8:d8:38:31:d7:e6:f8:44:aa:f5:bc:e8:0b:25:81:
                    0b:e0:9a:5b:d0:d9:1b:fe:10:2d:78:17:f1:dc:de:5c:
                    b1:e8:e5:e8:97:c4:18:0e:bd:b6:75:31:f6:0c:99:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        35:ae:c2:92:8c:dd:ac:b6:32:a4:25:74:79:43:04:b8:
        9a:54:88:ab:6f:da:9f:02:95:a9:94:7d:80:3b:88:00:
        a1:af:3b:a9:16:2f:cc:5a:4c:d7:c5:3a:21:d3:13:b2:
        fa:48:0e:f3:97:2a:d7:5c:55:c4:cb:0b:bb:91:f2:34:
        31:03:aa:f6:fb:5b:cc:af:05:2b:e5:aa:73:e9:1f:c7:
        a6:3d:2e:e3:5c:db:a6:55:b1:ca:69:19:85:79:ff:1d:
        d0:75:b6:87:31:4c:4b:6b:a2:59:69:4e:bf:11:d1:5a:
        b8:81:d2:6f:2f:d7:c5:08:4f:f4:84:46:0f:cd:aa:73:
        5d:f1:ef:56:16:43:c3:b8:ba:b1:5e:58:92:07:6e:f5:
        81:cb:92:5c:d6:1b:35:9a:c4:86:b9:fb:d0:5f:69:3d:
        8b:9d:f7:78:cc:1f:68:26:72:e7:88:2c:a3:d2:21:b1:
        bb:9b:c3:13:42:cc:94:a5:45:70:7f:f5:ef:a6:c9:45:
        5c:e3:6e:ca:a8:60:67:b1:ef:f1:b3:8c:bd:b4:db:de:
        67:84:a9:91:0c:c2:ac:bd:6a:7b:47:d8:9e:a1:89:88:
        3a:e8:de:68:78:d9:99:42:66:fa:3a:9d:a6:37:f6:f6:
        9a:71:7f:7d:0d:65:06:20:34:02:9e:70:e1:eb:98:be
    Fingerprint (SHA-256):
        BB:EF:B2:81:3C:0D:25:3F:58:80:63:57:43:D1:7D:09:15:E5:4D:B7:38:2C:43:98:C5:F3:5A:CB:11:41:DD:02
    Fingerprint (SHA1):
        88:85:E2:9A:E1:A4:52:65:8B:33:4C:49:D3:9A:45:17:9B:C4:90:F4
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4341: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #4342: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #4343: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4344: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4345: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4346: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174096 (0x25712d10)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:13 2016
            Not After : Mon Jun 28 17:56:13 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:22:57:80:62:47:30:29:12:c3:2b:8d:df:12:20:9f:
                    64:1d:b9:a3:02:04:64:8a:e8:bf:38:1a:28:58:91:3d:
                    c4:18:89:d2:b7:5d:79:81:2e:8a:89:af:a8:4f:63:36:
                    9e:12:4c:87:8b:2b:bb:9b:da:c1:9b:4e:1c:d8:6f:23:
                    76:9f:05:a2:a3:1c:bb:dd:76:32:f6:9c:ff:e0:90:81:
                    01:ba:4a:d8:41:92:50:ad:56:9c:37:31:4a:30:41:fe:
                    f0:75:e1:cc:01:e0:d7:80:5c:0c:6b:46:8d:bc:a2:d0:
                    2f:53:03:c5:6a:9c:cb:8b:57:c6:8d:79:7f:2c:69:2c:
                    7d:62:1a:e7:60:aa:19:42:c8:92:ce:4c:55:4d:31:9a:
                    44:64:cb:a0:83:99:ca:1d:2d:db:81:39:f4:c1:24:cf:
                    b4:1c:f0:54:c9:47:96:d3:15:58:08:65:68:8c:4a:d2:
                    8b:69:4b:da:8e:d1:cf:7d:d4:2d:c0:7f:07:05:bb:00:
                    69:73:3d:ed:02:0c:5c:98:df:8c:d6:ae:d6:e2:4c:7e:
                    9f:a8:d8:38:31:d7:e6:f8:44:aa:f5:bc:e8:0b:25:81:
                    0b:e0:9a:5b:d0:d9:1b:fe:10:2d:78:17:f1:dc:de:5c:
                    b1:e8:e5:e8:97:c4:18:0e:bd:b6:75:31:f6:0c:99:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        35:ae:c2:92:8c:dd:ac:b6:32:a4:25:74:79:43:04:b8:
        9a:54:88:ab:6f:da:9f:02:95:a9:94:7d:80:3b:88:00:
        a1:af:3b:a9:16:2f:cc:5a:4c:d7:c5:3a:21:d3:13:b2:
        fa:48:0e:f3:97:2a:d7:5c:55:c4:cb:0b:bb:91:f2:34:
        31:03:aa:f6:fb:5b:cc:af:05:2b:e5:aa:73:e9:1f:c7:
        a6:3d:2e:e3:5c:db:a6:55:b1:ca:69:19:85:79:ff:1d:
        d0:75:b6:87:31:4c:4b:6b:a2:59:69:4e:bf:11:d1:5a:
        b8:81:d2:6f:2f:d7:c5:08:4f:f4:84:46:0f:cd:aa:73:
        5d:f1:ef:56:16:43:c3:b8:ba:b1:5e:58:92:07:6e:f5:
        81:cb:92:5c:d6:1b:35:9a:c4:86:b9:fb:d0:5f:69:3d:
        8b:9d:f7:78:cc:1f:68:26:72:e7:88:2c:a3:d2:21:b1:
        bb:9b:c3:13:42:cc:94:a5:45:70:7f:f5:ef:a6:c9:45:
        5c:e3:6e:ca:a8:60:67:b1:ef:f1:b3:8c:bd:b4:db:de:
        67:84:a9:91:0c:c2:ac:bd:6a:7b:47:d8:9e:a1:89:88:
        3a:e8:de:68:78:d9:99:42:66:fa:3a:9d:a6:37:f6:f6:
        9a:71:7f:7d:0d:65:06:20:34:02:9e:70:e1:eb:98:be
    Fingerprint (SHA-256):
        BB:EF:B2:81:3C:0D:25:3F:58:80:63:57:43:D1:7D:09:15:E5:4D:B7:38:2C:43:98:C5:F3:5A:CB:11:41:DD:02
    Fingerprint (SHA1):
        88:85:E2:9A:E1:A4:52:65:8B:33:4C:49:D3:9A:45:17:9B:C4:90:F4
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4347: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174096 (0x25712d10)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:13 2016
            Not After : Mon Jun 28 17:56:13 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:22:57:80:62:47:30:29:12:c3:2b:8d:df:12:20:9f:
                    64:1d:b9:a3:02:04:64:8a:e8:bf:38:1a:28:58:91:3d:
                    c4:18:89:d2:b7:5d:79:81:2e:8a:89:af:a8:4f:63:36:
                    9e:12:4c:87:8b:2b:bb:9b:da:c1:9b:4e:1c:d8:6f:23:
                    76:9f:05:a2:a3:1c:bb:dd:76:32:f6:9c:ff:e0:90:81:
                    01:ba:4a:d8:41:92:50:ad:56:9c:37:31:4a:30:41:fe:
                    f0:75:e1:cc:01:e0:d7:80:5c:0c:6b:46:8d:bc:a2:d0:
                    2f:53:03:c5:6a:9c:cb:8b:57:c6:8d:79:7f:2c:69:2c:
                    7d:62:1a:e7:60:aa:19:42:c8:92:ce:4c:55:4d:31:9a:
                    44:64:cb:a0:83:99:ca:1d:2d:db:81:39:f4:c1:24:cf:
                    b4:1c:f0:54:c9:47:96:d3:15:58:08:65:68:8c:4a:d2:
                    8b:69:4b:da:8e:d1:cf:7d:d4:2d:c0:7f:07:05:bb:00:
                    69:73:3d:ed:02:0c:5c:98:df:8c:d6:ae:d6:e2:4c:7e:
                    9f:a8:d8:38:31:d7:e6:f8:44:aa:f5:bc:e8:0b:25:81:
                    0b:e0:9a:5b:d0:d9:1b:fe:10:2d:78:17:f1:dc:de:5c:
                    b1:e8:e5:e8:97:c4:18:0e:bd:b6:75:31:f6:0c:99:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        35:ae:c2:92:8c:dd:ac:b6:32:a4:25:74:79:43:04:b8:
        9a:54:88:ab:6f:da:9f:02:95:a9:94:7d:80:3b:88:00:
        a1:af:3b:a9:16:2f:cc:5a:4c:d7:c5:3a:21:d3:13:b2:
        fa:48:0e:f3:97:2a:d7:5c:55:c4:cb:0b:bb:91:f2:34:
        31:03:aa:f6:fb:5b:cc:af:05:2b:e5:aa:73:e9:1f:c7:
        a6:3d:2e:e3:5c:db:a6:55:b1:ca:69:19:85:79:ff:1d:
        d0:75:b6:87:31:4c:4b:6b:a2:59:69:4e:bf:11:d1:5a:
        b8:81:d2:6f:2f:d7:c5:08:4f:f4:84:46:0f:cd:aa:73:
        5d:f1:ef:56:16:43:c3:b8:ba:b1:5e:58:92:07:6e:f5:
        81:cb:92:5c:d6:1b:35:9a:c4:86:b9:fb:d0:5f:69:3d:
        8b:9d:f7:78:cc:1f:68:26:72:e7:88:2c:a3:d2:21:b1:
        bb:9b:c3:13:42:cc:94:a5:45:70:7f:f5:ef:a6:c9:45:
        5c:e3:6e:ca:a8:60:67:b1:ef:f1:b3:8c:bd:b4:db:de:
        67:84:a9:91:0c:c2:ac:bd:6a:7b:47:d8:9e:a1:89:88:
        3a:e8:de:68:78:d9:99:42:66:fa:3a:9d:a6:37:f6:f6:
        9a:71:7f:7d:0d:65:06:20:34:02:9e:70:e1:eb:98:be
    Fingerprint (SHA-256):
        BB:EF:B2:81:3C:0D:25:3F:58:80:63:57:43:D1:7D:09:15:E5:4D:B7:38:2C:43:98:C5:F3:5A:CB:11:41:DD:02
    Fingerprint (SHA1):
        88:85:E2:9A:E1:A4:52:65:8B:33:4C:49:D3:9A:45:17:9B:C4:90:F4
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4348: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #4349: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #4350: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4351: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #4352: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #4353: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174095 (0x25712d0f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:08 2016
            Not After : Mon Jun 28 17:56:08 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cb:4d:7c:c5:88:e0:61:0d:0e:3a:2b:66:3e:29:93:ff:
                    27:50:13:6e:e4:1e:ab:bb:5e:92:da:4b:a4:19:3c:0e:
                    ae:cc:1d:a2:c2:8e:b9:bc:eb:f8:1c:71:1c:60:85:8c:
                    a0:e9:c3:7a:f1:4c:3b:16:ec:02:36:7e:f6:32:e0:4d:
                    9d:b5:7a:3e:f0:10:e4:58:df:c5:b4:d5:56:19:ea:92:
                    2f:f9:e1:d1:44:ac:0e:0f:3d:35:40:36:ee:75:fb:ef:
                    4d:91:f6:ec:75:fc:49:cd:31:e8:08:0b:2e:ad:fe:ab:
                    e7:ac:47:09:b5:ad:98:8a:66:10:a2:9f:dd:81:6a:b9:
                    1c:55:40:16:7a:df:15:b0:0b:be:c9:21:b8:70:70:7a:
                    60:c2:78:35:85:18:81:3a:b3:28:f9:6d:e3:d1:77:b0:
                    7a:0b:28:db:c8:cc:2a:9f:a5:fc:8c:3b:dc:eb:09:b4:
                    86:eb:ff:8b:27:f8:8f:50:45:34:5f:04:90:61:74:bb:
                    3a:c2:d0:ad:be:c0:02:00:93:25:26:3a:64:3d:be:00:
                    a3:36:22:e0:2f:45:7d:5b:82:e6:b1:0c:09:dd:34:da:
                    a8:f3:54:df:0f:89:7c:b6:a8:53:88:cc:48:f6:5f:5a:
                    88:13:5f:45:0a:c2:bb:b5:43:c9:40:09:67:e4:0f:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bc:b7:b9:4b:e1:3a:2b:7d:e0:1d:ab:06:f7:11:69:af:
        82:b0:c0:54:b6:3f:9e:24:e9:79:0c:3b:df:ac:83:7d:
        66:2b:8d:67:11:56:ae:79:69:5d:ef:af:79:39:8c:c5:
        3e:57:bc:3f:fd:54:d3:65:bc:96:64:50:c2:6a:c6:ca:
        19:68:f5:d9:6d:12:ad:16:a7:0e:87:8a:c4:bd:1c:f7:
        3a:75:63:10:66:71:86:ca:34:31:ba:4c:bd:d9:78:66:
        ec:96:7b:e3:bf:65:bc:e9:75:18:12:68:da:c6:74:65:
        1e:a1:c8:9c:86:09:42:36:b1:ca:f6:df:76:1a:c2:e9:
        51:00:15:90:aa:f6:1f:3f:7f:cb:92:03:75:15:4d:e3:
        5c:a5:24:d6:58:bc:35:d8:65:36:c9:03:4e:2f:04:59:
        4d:00:c9:3c:4e:77:4a:d0:46:1e:61:58:59:89:2f:6e:
        4d:bb:59:87:c0:48:81:c9:50:ee:be:f2:c5:16:67:c5:
        c8:a0:19:c8:53:b1:11:78:5c:21:fd:22:83:a1:b1:5b:
        d9:0b:d5:fa:1f:e0:68:48:70:4f:4a:8c:5e:69:e2:f3:
        3e:c2:09:d0:4a:9a:a7:2f:28:f9:b7:af:48:02:de:2d:
        70:c6:a3:91:a8:87:e3:47:2d:25:df:ca:1f:ba:09:ce
    Fingerprint (SHA-256):
        22:06:1F:5A:DB:80:C0:7D:0A:41:FA:90:E5:D3:0A:C7:64:56:1F:64:4D:16:35:79:2B:BA:4C:C5:BF:43:9D:C9
    Fingerprint (SHA1):
        9C:98:17:9C:88:BF:C9:CA:C8:5B:EF:B0:91:42:69:0F:31:BC:8F:5D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4354: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174095 (0x25712d0f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:08 2016
            Not After : Mon Jun 28 17:56:08 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cb:4d:7c:c5:88:e0:61:0d:0e:3a:2b:66:3e:29:93:ff:
                    27:50:13:6e:e4:1e:ab:bb:5e:92:da:4b:a4:19:3c:0e:
                    ae:cc:1d:a2:c2:8e:b9:bc:eb:f8:1c:71:1c:60:85:8c:
                    a0:e9:c3:7a:f1:4c:3b:16:ec:02:36:7e:f6:32:e0:4d:
                    9d:b5:7a:3e:f0:10:e4:58:df:c5:b4:d5:56:19:ea:92:
                    2f:f9:e1:d1:44:ac:0e:0f:3d:35:40:36:ee:75:fb:ef:
                    4d:91:f6:ec:75:fc:49:cd:31:e8:08:0b:2e:ad:fe:ab:
                    e7:ac:47:09:b5:ad:98:8a:66:10:a2:9f:dd:81:6a:b9:
                    1c:55:40:16:7a:df:15:b0:0b:be:c9:21:b8:70:70:7a:
                    60:c2:78:35:85:18:81:3a:b3:28:f9:6d:e3:d1:77:b0:
                    7a:0b:28:db:c8:cc:2a:9f:a5:fc:8c:3b:dc:eb:09:b4:
                    86:eb:ff:8b:27:f8:8f:50:45:34:5f:04:90:61:74:bb:
                    3a:c2:d0:ad:be:c0:02:00:93:25:26:3a:64:3d:be:00:
                    a3:36:22:e0:2f:45:7d:5b:82:e6:b1:0c:09:dd:34:da:
                    a8:f3:54:df:0f:89:7c:b6:a8:53:88:cc:48:f6:5f:5a:
                    88:13:5f:45:0a:c2:bb:b5:43:c9:40:09:67:e4:0f:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bc:b7:b9:4b:e1:3a:2b:7d:e0:1d:ab:06:f7:11:69:af:
        82:b0:c0:54:b6:3f:9e:24:e9:79:0c:3b:df:ac:83:7d:
        66:2b:8d:67:11:56:ae:79:69:5d:ef:af:79:39:8c:c5:
        3e:57:bc:3f:fd:54:d3:65:bc:96:64:50:c2:6a:c6:ca:
        19:68:f5:d9:6d:12:ad:16:a7:0e:87:8a:c4:bd:1c:f7:
        3a:75:63:10:66:71:86:ca:34:31:ba:4c:bd:d9:78:66:
        ec:96:7b:e3:bf:65:bc:e9:75:18:12:68:da:c6:74:65:
        1e:a1:c8:9c:86:09:42:36:b1:ca:f6:df:76:1a:c2:e9:
        51:00:15:90:aa:f6:1f:3f:7f:cb:92:03:75:15:4d:e3:
        5c:a5:24:d6:58:bc:35:d8:65:36:c9:03:4e:2f:04:59:
        4d:00:c9:3c:4e:77:4a:d0:46:1e:61:58:59:89:2f:6e:
        4d:bb:59:87:c0:48:81:c9:50:ee:be:f2:c5:16:67:c5:
        c8:a0:19:c8:53:b1:11:78:5c:21:fd:22:83:a1:b1:5b:
        d9:0b:d5:fa:1f:e0:68:48:70:4f:4a:8c:5e:69:e2:f3:
        3e:c2:09:d0:4a:9a:a7:2f:28:f9:b7:af:48:02:de:2d:
        70:c6:a3:91:a8:87:e3:47:2d:25:df:ca:1f:ba:09:ce
    Fingerprint (SHA-256):
        22:06:1F:5A:DB:80:C0:7D:0A:41:FA:90:E5:D3:0A:C7:64:56:1F:64:4D:16:35:79:2B:BA:4C:C5:BF:43:9D:C9
    Fingerprint (SHA1):
        9C:98:17:9C:88:BF:C9:CA:C8:5B:EF:B0:91:42:69:0F:31:BC:8F:5D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4355: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #4356: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174100 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4357: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #4358: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #4359: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174101 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4360: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #4361: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #4362: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174102 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4363: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #4364: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #4365: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174103 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4366: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #4367: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #4368: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174104 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4369: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #4370: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #4371: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174105 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4372: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #4373: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #4374: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174106 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4375: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #4376: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #4377: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174107 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4378: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #4379: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #4380: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174108 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4381: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #4382: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #4383: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4384: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628174109 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4385: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4386: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628174110 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4387: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4388: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628174111 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4389: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4390: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #4391: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #4392: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4393: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628174112 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4394: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4395: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628174113 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4396: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4397: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628174114 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4398: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4399: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #4400: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #4401: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4402: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628174115 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4403: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4404: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628174116 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4405: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4406: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628174117 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4407: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4408: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #4409: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #4410: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4411: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628174118 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4412: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4413: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628174119 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4414: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4415: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628174120 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4416: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4417: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #4418: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4419: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4420: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628174121   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4421: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4422: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4423: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4424: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174122   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4425: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4426: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174100 (0x25712d14)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:38 2016
            Not After : Mon Jun 28 17:56:38 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:68:1b:06:62:ea:4c:9f:62:c9:26:f4:30:4b:3e:84:
                    88:56:7c:e4:8e:f9:c6:15:7b:d7:f1:f7:cd:6a:5f:f0:
                    7f:47:93:01:38:f0:e3:8d:d5:fc:8a:57:76:1c:55:b7:
                    21:ae:b8:ea:ef:b0:57:43:7b:9d:5b:3f:37:d7:48:41:
                    17:ff:d9:0e:34:17:d9:94:36:3d:ae:40:2f:18:97:6e:
                    d1:2d:e9:31:45:75:75:b0:ba:75:de:1f:37:3f:0f:f7:
                    85:e5:3e:ab:be:36:8f:70:0f:14:f6:a5:65:d5:41:af:
                    d6:fe:49:46:5a:1c:29:12:b8:a2:54:74:2b:7f:37:ef:
                    a4:be:47:e9:99:7e:3c:dd:7c:92:fd:d7:a4:1f:ee:f2:
                    2d:d0:4a:3c:e8:bc:6d:8a:92:59:a9:4c:b6:51:1b:c5:
                    be:db:67:50:3a:a2:31:0e:cc:c4:c1:fd:5f:2d:04:e2:
                    fd:71:25:85:da:a3:75:00:07:f3:61:3f:8f:0c:9c:c2:
                    64:8d:5e:0b:bf:a8:f7:1e:5c:3d:58:ca:51:99:91:ba:
                    26:7b:5e:3e:bc:e3:0d:82:5c:f7:2e:63:cb:6d:9c:00:
                    21:ef:5b:6c:5f:5f:b2:f5:95:b3:ea:b5:a8:53:19:a1:
                    f1:89:36:52:e4:c9:a3:5d:25:d1:51:f6:5b:4d:be:93
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a9:6f:1c:ae:c9:87:89:47:06:e4:66:10:38:1d:d1:52:
        e9:ef:b8:6f:67:ab:f4:55:74:c4:f6:7c:b3:0c:0d:67:
        f1:bd:f3:ad:77:c1:62:39:e4:a9:ef:17:03:dc:35:99:
        05:37:fb:cb:0f:b5:f9:1a:df:c3:e5:85:a8:5a:66:9c:
        a6:6b:1c:e9:3f:ab:8a:ea:84:da:ac:f2:5b:3c:8a:d0:
        c1:f5:b1:dc:9a:e9:43:fc:ea:dc:a5:da:3f:f2:f7:dd:
        c2:54:67:cf:48:96:51:24:11:0c:a8:08:b7:cd:e4:45:
        54:7e:3c:93:3c:ea:80:ca:8b:21:2a:25:b4:99:7c:0e:
        b0:03:b0:f3:eb:70:d8:10:58:a1:de:db:72:8f:be:cb:
        26:44:af:54:65:01:55:7d:2b:77:d0:aa:90:62:11:71:
        7b:da:75:c8:a7:dc:e9:fd:c4:d4:90:3a:2e:22:f7:8b:
        fd:e0:22:b4:c2:8d:df:74:b2:de:6a:d0:91:60:eb:a9:
        ac:73:0b:35:9b:c8:d8:ad:f6:b2:ee:71:fa:b9:58:dc:
        7b:41:c1:de:2c:83:cf:8e:70:71:97:e0:6c:be:35:55:
        35:1d:1d:5f:63:bd:fb:30:a6:ec:d5:43:a3:e6:48:85:
        b8:09:1e:3b:dc:72:e6:72:e1:36:48:22:c4:9e:f5:ea
    Fingerprint (SHA-256):
        04:73:3C:53:F5:6A:2B:CA:B8:8B:3A:F6:EE:E3:17:A1:20:DA:81:44:E6:96:D9:43:B2:50:59:75:59:F2:00:0C
    Fingerprint (SHA1):
        60:C3:9A:57:C3:AA:F8:CE:A6:46:97:17:1A:71:71:F0:86:40:97:C0
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #4427: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174101 (0x25712d15)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:45 2016
            Not After : Mon Jun 28 17:56:45 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:81:5d:b6:78:ca:44:bf:8a:80:d8:b5:f9:ae:6b:f3:
                    46:50:16:5c:db:66:4a:d8:6e:fe:12:56:17:72:1a:23:
                    92:6e:3d:8c:5b:1e:87:6f:36:4c:b5:b0:61:e1:8b:11:
                    49:c8:65:5e:08:16:94:87:18:c3:e3:ac:ce:71:4a:33:
                    04:79:8b:1f:c1:7d:32:d5:d9:5b:8f:8b:8e:f3:84:59:
                    52:d2:81:c2:28:d8:36:a6:df:78:2e:fe:76:66:04:ec:
                    df:4b:f3:de:76:4f:dd:a4:9b:4f:4f:06:26:5f:65:87:
                    6d:63:44:0a:84:56:79:f5:cc:16:aa:40:aa:79:51:56:
                    69:44:cd:c1:0c:ce:47:5b:b5:cb:ac:0f:e6:8a:0b:65:
                    d9:84:4a:ab:2e:00:0b:28:27:c2:44:b1:fa:f5:9c:71:
                    62:f3:e1:30:7e:a5:45:72:3c:40:4c:13:83:83:5f:36:
                    cb:39:35:37:c0:3c:54:9c:69:9e:c5:13:fd:be:95:46:
                    fb:21:da:ee:a8:14:9f:1c:38:e6:1b:a9:ef:8f:23:e2:
                    6d:ef:b2:20:1a:d6:03:1e:ae:bb:d8:d5:8b:b8:b5:bc:
                    64:db:3c:47:7f:e7:d4:95:26:8d:32:6c:7d:5a:50:bb:
                    4f:d4:c4:e1:67:30:6e:84:cf:37:6d:aa:03:86:c3:33
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:e8:a1:f7:26:9e:7a:56:71:5b:59:a3:f7:4a:6c:8d:
        87:e0:85:7e:1f:64:2f:4d:63:da:9c:12:aa:88:f2:72:
        e1:63:f0:99:4c:df:f3:8c:36:95:ec:b7:ac:49:a5:1b:
        1e:95:e1:1a:53:6b:4d:32:bb:7e:ea:6f:b8:45:00:3a:
        9f:af:5c:a3:74:b0:98:7c:8b:e6:a8:3e:51:81:30:37:
        22:a5:d9:7b:81:70:af:b7:95:49:ec:bc:e6:4e:99:62:
        86:35:ea:74:11:98:2c:c2:ee:8f:58:c6:fd:05:e5:88:
        18:29:c2:f4:c7:c1:cb:83:2c:fe:4e:76:9d:79:68:47:
        47:29:07:8b:71:7a:35:91:25:ec:b4:af:b3:6c:0f:8d:
        e6:ee:c6:01:20:56:fe:1b:8c:9d:de:d2:42:e7:a7:28:
        c7:e8:e1:28:e2:93:ea:65:f3:9b:7f:9b:6d:ad:11:25:
        5f:36:be:e4:f2:eb:7b:59:7b:2d:26:58:b4:18:5f:2d:
        b1:99:bb:f9:83:05:9f:72:d4:4a:9b:92:91:92:ee:55:
        61:e8:47:66:68:f4:7c:f1:e9:d2:1f:14:ac:7c:86:2d:
        3b:73:35:0d:55:4a:a2:59:e1:37:7e:7a:b1:2a:c2:ec:
        0d:7f:72:e6:42:b3:01:41:a4:8e:78:c5:a1:09:24:63
    Fingerprint (SHA-256):
        A0:4F:1D:77:94:7F:0A:3C:80:42:50:4A:E0:B7:C4:6D:86:E2:EA:04:02:A3:84:A7:55:9F:1F:33:00:73:F3:B4
    Fingerprint (SHA1):
        BE:B2:29:51:C7:A3:C0:44:44:40:37:DE:9C:14:6A:74:CA:23:95:CF
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #4428: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174102 (0x25712d16)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:50 2016
            Not After : Mon Jun 28 17:56:50 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:89:ea:fe:3f:0c:29:ff:60:72:37:3c:2f:e7:f4:9c:
                    26:2c:f5:01:e9:39:42:70:e7:c2:84:ef:10:b2:b2:c1:
                    fd:df:18:1b:65:b2:c4:e3:59:05:aa:a5:0e:db:32:ce:
                    a9:f9:e6:da:ae:3c:62:44:51:01:08:a0:60:6c:9e:49:
                    4e:39:20:22:03:40:40:69:a6:23:7c:f2:e8:17:52:59:
                    4c:d8:02:11:d1:b5:29:1d:6e:9f:60:29:ef:8b:64:86:
                    d8:67:8b:e2:c5:85:b4:60:c0:9d:8d:6d:ce:11:ee:7d:
                    d4:f7:35:72:ed:f0:6c:12:61:e9:3c:1e:f5:20:e1:62:
                    da:b5:5c:c9:80:2a:ae:16:9d:e8:b3:41:7e:03:80:78:
                    64:d1:41:fc:27:4b:88:da:f9:cd:e5:ec:a4:40:f7:92:
                    41:40:66:9d:62:22:8c:92:43:3e:d8:d2:75:83:da:b5:
                    03:b8:25:2e:5e:f6:81:30:c4:1d:bb:bc:45:ac:ca:50:
                    0e:27:5e:0c:79:13:9e:4d:ac:49:b3:d8:9d:6e:f3:70:
                    05:f2:b1:14:a1:e8:ba:d5:51:92:14:c7:6a:de:69:10:
                    1e:c8:c7:ea:ff:b7:09:73:fc:7f:01:cb:53:24:51:69:
                    93:93:fa:eb:7f:32:27:79:23:10:81:e5:8c:4e:90:4b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:fa:58:43:4f:e5:e6:db:5e:96:10:8f:71:2b:97:c1:
        57:2b:0d:2b:86:a1:12:f3:19:35:33:b3:09:ad:cc:3a:
        51:4c:d6:e0:09:64:7b:8a:09:82:7b:f9:13:88:24:61:
        f6:53:f4:6e:48:1c:da:df:72:c3:2a:28:64:a8:e9:dc:
        72:49:44:58:25:9e:ba:51:d6:ce:c6:72:a6:0f:c6:f3:
        e5:73:63:de:4a:fd:73:fe:05:ea:34:39:cb:d6:0c:a6:
        1e:c3:f4:15:4c:66:39:42:de:33:10:fb:60:15:5c:61:
        01:3a:92:47:22:09:77:51:48:bf:3c:d4:17:06:64:82:
        f6:ed:80:f6:99:77:af:ae:dc:de:d1:4e:53:df:44:c8:
        fb:5b:77:d7:11:6f:17:59:73:43:32:3f:1b:0c:e1:b8:
        bc:00:ce:3e:2c:ba:28:6a:11:fe:85:32:66:88:d3:d1:
        cb:a6:30:6c:07:a7:94:da:ea:54:1f:17:50:7f:05:02:
        a0:ac:38:7b:ad:1e:d8:28:63:ea:f4:69:b0:dd:ed:ae:
        7c:6c:08:c2:69:ce:1a:86:1f:64:b3:a2:8b:08:50:a3:
        2b:8c:f8:fa:9f:ad:c5:81:1a:8d:3f:a7:2e:2e:e8:f9:
        01:56:ca:4c:27:89:f1:cc:ed:ca:92:29:0a:44:ec:fd
    Fingerprint (SHA-256):
        9B:73:2A:AB:BA:AE:83:58:9C:DB:11:9A:A6:E5:B4:43:10:EF:2B:7B:9A:23:BC:E4:44:F0:46:BC:C4:02:E6:5C
    Fingerprint (SHA1):
        3E:7D:53:5F:8B:52:F3:18:F9:07:DF:56:F2:F5:2D:40:41:C0:E1:19
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #4429: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174103 (0x25712d17)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 17:56:55 2016
            Not After : Mon Jun 28 17:56:55 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:51:77:4e:4b:93:4f:be:5c:b5:4b:d5:43:17:a7:46:
                    18:85:cc:7a:a9:18:8b:d6:0d:9f:9f:75:0e:db:ce:ba:
                    f1:b9:36:37:57:84:7d:23:98:68:3e:a9:85:01:e1:29:
                    ad:53:4c:37:2b:9c:1a:ec:9c:65:36:47:7a:04:3c:a6:
                    ca:9a:57:2c:54:97:2c:f3:6a:5f:7c:e7:b5:34:f8:36:
                    64:9a:cf:7e:a1:40:73:af:fd:75:81:d6:a4:85:06:16:
                    c8:0b:9e:6d:a0:6d:d9:28:e6:a6:d7:52:1d:58:ef:b3:
                    e3:c7:d4:3b:7d:29:10:35:69:93:6d:c4:ab:7e:6a:1b:
                    4b:5d:49:76:f7:45:2e:17:2e:bc:fc:aa:30:41:59:9c:
                    2d:e1:60:d5:03:b2:20:b2:99:b5:ed:c5:33:f6:64:dd:
                    26:bc:29:ed:45:14:9f:40:f2:5a:f5:39:2e:5b:29:ba:
                    92:f9:88:95:98:20:3b:6d:2a:42:9d:d4:b8:f2:6c:b1:
                    2f:97:df:0b:7c:6f:25:a7:5c:fe:59:05:04:81:66:d1:
                    f5:62:fa:d6:c3:02:6f:0e:10:f8:a0:25:56:f7:20:cd:
                    d3:d8:57:89:f1:a6:6b:bd:f2:9f:eb:cd:45:6f:d0:a0:
                    b7:44:79:ee:51:a4:d7:e6:57:cd:1f:68:dd:ca:9a:07
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        91:86:fc:1f:dd:46:7f:41:2b:19:d6:bd:af:7b:e7:f5:
        4b:40:71:bc:f8:6a:e5:e9:5e:46:5b:f4:50:b2:d2:ff:
        0a:e9:dd:71:a0:6b:b7:e0:af:53:41:97:b9:18:2e:56:
        ae:76:7d:59:89:46:02:0a:15:40:70:14:6e:35:2a:1b:
        18:3f:ad:86:14:6f:31:ec:1d:d7:de:fe:19:12:30:38:
        83:8e:73:72:4e:f5:f7:82:68:59:b5:e4:15:a4:94:a8:
        a7:7a:f5:2c:10:88:69:b8:27:07:c4:98:0a:19:08:9a:
        bf:3f:0e:29:b5:f1:cd:a2:cc:c6:3f:52:86:fa:ee:21:
        46:b0:40:ab:86:4b:3a:af:2b:6f:47:5c:98:0f:03:f5:
        f6:6e:7e:15:c3:4c:55:8a:ba:87:85:1b:23:94:df:9a:
        3f:45:b8:a5:53:4b:36:af:a1:68:25:98:9a:9d:2b:85:
        d7:9c:b2:7e:29:37:34:e8:91:6a:d0:bd:e8:74:be:5b:
        d4:cc:21:8a:ff:48:f9:21:76:d7:33:44:da:a7:e4:53:
        59:6e:0c:9d:86:ef:ce:14:98:25:6f:59:b2:f9:d0:24:
        a4:3b:b5:ec:ba:ff:7b:12:c0:f3:d1:c2:9f:bf:36:75:
        a9:b2:7b:0c:96:22:34:f2:22:46:4b:59:2e:04:11:68
    Fingerprint (SHA-256):
        B6:31:2B:89:47:C6:E3:97:9B:8D:83:87:EA:3F:79:99:7C:B5:16:93:00:2F:90:7B:F8:56:70:C7:3A:53:6D:7C
    Fingerprint (SHA1):
        E7:E6:91:D0:01:BC:D7:57:AF:1C:35:25:C9:F8:73:04:C9:1D:E3:D6
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #4430: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174104 (0x25712d18)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 17:57:00 2016
            Not After : Mon Jun 28 17:57:00 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ed:72:59:9b:be:be:6f:33:44:bf:24:bd:55:ed:1a:b5:
                    6d:1d:80:a9:db:08:ad:cb:20:43:e7:d7:e0:73:f3:13:
                    34:3b:b8:36:c8:d8:e3:db:98:91:4e:e3:25:6d:e3:46:
                    a2:b2:e8:37:97:e3:72:9a:2e:14:4f:b2:14:9e:2e:83:
                    7c:6f:99:24:39:03:22:94:1f:98:7a:f8:37:1e:36:99:
                    c4:c9:3e:8c:7d:ff:a4:0f:2d:f5:84:1d:f4:f6:08:6c:
                    bb:d4:e3:b1:f9:a6:86:91:99:e8:33:53:c7:1a:0e:3e:
                    f9:99:f8:e4:45:d2:93:c8:ff:6e:05:f8:c3:0b:ee:84:
                    f2:f9:42:5a:27:3f:2f:81:ae:ba:d4:fd:04:90:08:c3:
                    2b:42:ec:83:44:e5:9b:9b:cc:6d:11:a2:98:03:f8:f1:
                    c4:90:3b:c9:5a:f0:41:14:26:34:a2:a2:f6:58:3f:c0:
                    d6:2f:f5:6d:30:af:02:bb:eb:8a:02:b2:58:dd:4d:65:
                    02:e2:02:ce:c8:de:90:f0:49:29:6e:ec:e2:df:0c:6f:
                    fd:b8:d2:16:f5:71:77:f6:63:75:2e:3f:34:c8:a5:f9:
                    91:da:b0:b0:84:00:fa:45:a7:63:54:b8:4f:3e:ec:13:
                    21:96:65:b4:9e:b1:a5:94:2f:7c:d7:58:2d:37:9e:a9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c4:96:fc:8a:42:4b:0f:55:4e:87:e4:10:54:3b:87:d2:
        7a:17:c2:41:35:30:6e:2a:d6:b8:af:a7:5e:49:45:bd:
        9e:70:c4:bf:92:92:13:3d:e0:dc:03:4e:f3:26:44:6f:
        27:b3:07:02:61:ce:06:a7:3c:bb:31:01:50:1d:f7:4c:
        30:8e:65:d8:28:dc:5b:1f:d7:ef:ef:16:d1:64:71:c5:
        eb:3c:9d:a3:c6:d7:19:3f:6d:ab:f6:17:f5:d5:29:a5:
        d3:4a:58:ce:45:25:c3:45:4a:a1:f3:a8:48:8b:78:8f:
        a7:3f:7d:ee:79:4b:15:e4:d7:3c:d0:b1:68:5c:45:87:
        ce:d0:54:2a:99:b6:bf:2a:99:1e:d1:20:2c:9c:b4:04:
        fb:05:3e:5e:d4:72:94:ec:12:c0:c7:69:31:2f:4a:60:
        ac:53:c3:fd:b6:44:80:aa:e5:d3:d2:aa:b8:d0:87:f5:
        ee:3a:bb:2f:f5:f8:66:13:71:ee:02:56:22:3d:3d:04:
        c2:3e:52:73:9f:cd:2a:07:73:63:ad:40:0b:f5:45:fd:
        2d:6a:3f:03:62:4b:c2:fa:d3:5f:21:45:35:d7:69:dc:
        20:77:52:e6:db:0f:1b:49:21:93:dc:33:34:87:8f:88:
        a1:78:2a:2f:04:9a:33:25:e3:71:65:95:86:e4:17:7c
    Fingerprint (SHA-256):
        71:F8:09:E2:03:61:42:4A:30:68:23:A4:41:60:15:C7:21:C5:13:65:0C:26:9A:9F:D4:D9:64:7B:93:E9:C0:C2
    Fingerprint (SHA1):
        EE:3D:07:71:24:D6:AB:0F:E3:35:C6:6E:61:0A:1C:F8:3C:28:D2:8F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #4431: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174105 (0x25712d19)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 17:57:05 2016
            Not After : Mon Jun 28 17:57:05 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b2:33:0a:89:0d:c9:e1:b4:86:7d:31:91:c1:cc:5f:63:
                    a3:89:78:36:d9:9f:73:f4:4a:92:b3:38:bc:c1:09:7d:
                    36:f5:7b:35:ca:e4:7b:9b:9e:75:dc:b9:cd:31:50:53:
                    8c:eb:32:18:9d:4b:57:c3:f1:4e:91:7d:2c:4c:6b:ed:
                    38:b8:0f:69:00:f2:a7:89:28:ae:b8:49:0c:d8:d1:5d:
                    9b:33:a2:b5:71:e6:7b:e5:3f:32:de:32:89:f7:c9:09:
                    41:c3:82:da:64:a1:75:50:95:1c:54:0a:e2:c2:25:a1:
                    9d:96:5f:00:a5:4c:04:b1:47:13:5b:d9:db:35:cc:c2:
                    c3:76:48:e8:42:d1:6b:ba:31:f7:ac:ce:43:b0:51:3b:
                    fb:2e:3e:09:1f:b6:0f:eb:d8:e8:d4:09:b0:11:97:ee:
                    3e:24:a9:ec:c1:55:11:c0:32:6f:c1:22:a7:4e:c2:01:
                    6d:5e:44:9e:f7:41:fd:ca:3a:b1:59:cc:17:49:8b:12:
                    a4:6c:32:d3:6e:bd:10:58:a3:99:8a:18:e6:96:cf:a5:
                    2e:1a:0f:0a:b9:d7:bb:ba:bb:3e:bc:1f:03:f2:81:6d:
                    5a:ef:f8:02:88:36:e6:5d:0a:0a:dd:71:69:78:e1:d8:
                    2d:bc:23:00:4e:1b:03:3c:c3:55:d6:b4:5e:56:85:f9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ae:da:d1:15:71:42:e6:a2:ad:6b:fc:54:f8:f6:8c:3d:
        3c:47:63:23:ac:95:56:4a:89:04:b0:f8:9b:ca:72:b6:
        7a:6f:10:1b:75:7b:ac:f5:2e:20:5f:12:b5:69:62:44:
        09:55:45:c6:09:b2:78:bc:5e:fa:3e:21:4b:87:ef:66:
        04:c2:f0:95:71:05:30:ca:8b:a5:ac:e1:0a:a5:16:3e:
        e1:9c:e9:e4:6e:85:1b:28:e5:34:d9:8b:9b:25:ad:15:
        dd:f5:56:d2:b7:c3:49:e8:13:44:da:e9:e9:2d:dd:c1:
        18:61:2d:9f:68:77:4f:82:87:ca:3c:f0:62:75:b6:2b:
        9c:17:a7:d2:0e:4b:60:80:b7:29:74:19:e3:8f:54:3f:
        88:6f:a4:64:7e:b4:6a:d2:07:9c:d7:c0:aa:d5:fe:68:
        e7:cf:fd:2b:61:17:1b:3e:42:7e:ca:44:de:4d:96:98:
        17:eb:79:a0:72:5d:b4:76:97:09:f8:0f:c5:1c:cd:56:
        66:30:92:75:df:3d:18:a9:33:92:bf:d9:fd:45:c3:53:
        99:6f:63:44:0f:a3:e3:9c:a6:26:52:eb:45:9f:da:11:
        5e:83:2d:20:d7:96:b4:4b:cb:04:f2:5f:2d:83:da:61:
        ca:05:fa:5a:35:0f:50:22:2f:93:4b:22:fc:e6:ec:92
    Fingerprint (SHA-256):
        BD:2C:95:D3:63:16:95:85:4D:E9:54:AC:DD:89:15:AC:80:37:C8:E0:88:0B:AF:7F:9B:56:E7:36:7D:8B:A7:C4
    Fingerprint (SHA1):
        4B:94:20:1B:DB:16:75:7C:4C:B0:E1:3F:4D:58:28:AC:AF:C8:7F:63
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #4432: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174106 (0x25712d1a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 17:57:11 2016
            Not After : Mon Jun 28 17:57:11 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:c7:2b:46:3c:7e:4c:c4:9a:57:58:b7:49:82:c5:b2:
                    7f:b8:19:bf:41:a9:7f:0b:11:56:c0:97:f6:6d:c5:a8:
                    c6:3b:5d:94:26:12:b0:6b:e0:7c:37:98:ec:69:63:55:
                    64:a2:2a:a9:98:8e:57:01:5f:bb:f2:32:36:26:c7:d1:
                    a2:5c:61:ba:46:a5:87:a8:bc:c8:f5:b6:e3:28:90:03:
                    79:58:01:e4:0f:cf:49:6a:4e:f7:26:f8:01:1f:62:38:
                    24:76:21:20:b2:f6:29:33:db:20:82:eb:28:2e:72:31:
                    2c:2c:df:20:8c:e3:b8:ed:cb:d7:8f:da:32:c0:9d:92:
                    c2:bf:94:eb:de:23:e8:3c:1b:7f:13:e6:02:59:ce:7c:
                    2e:02:27:e8:91:db:8d:52:a4:3e:6a:4a:8f:91:3a:10:
                    7b:8a:33:64:4e:a8:98:4d:39:28:63:5b:1a:aa:d8:c4:
                    4f:90:8c:09:df:4f:68:c9:d0:1e:17:b4:b0:95:02:02:
                    2c:b6:f6:de:0e:a7:e6:ce:dc:64:8f:0d:d3:ee:d0:fd:
                    c6:77:c3:1b:71:2a:ed:ee:ce:47:1f:8b:e6:9d:fa:fd:
                    0a:2f:19:82:c9:7e:a5:07:de:92:a5:5e:c6:45:08:75:
                    6f:dc:39:37:0e:6d:c9:d5:f2:72:4a:cc:9d:69:83:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        10:0f:72:ee:1d:bb:3d:54:f0:35:ce:9c:1b:fb:17:f7:
        77:d3:7f:e9:33:14:68:69:56:34:d0:29:5b:96:9f:3f:
        43:22:d5:36:b9:df:aa:cc:cf:97:20:cf:9b:36:de:5e:
        25:7d:48:d2:49:85:11:c4:60:2f:2a:12:55:d5:1d:97:
        ba:55:1d:47:df:ec:b0:14:1b:45:a1:71:30:13:75:30:
        0c:4d:64:d3:2d:49:0e:26:40:1b:11:9a:2c:5f:19:7e:
        3f:21:47:e3:63:ec:5a:93:90:9f:b0:79:a4:da:d5:8b:
        17:6f:fa:40:70:62:ef:a4:75:6b:50:84:22:75:f1:4e:
        88:e7:8e:70:56:31:9f:17:7b:b0:80:a8:fd:b1:cc:19:
        37:be:a3:85:c9:c3:2e:cc:04:c4:3f:9c:7a:77:32:fc:
        70:fc:c2:7a:88:3b:91:c8:ef:e5:59:ce:38:1f:ab:37:
        b3:45:ac:0e:9f:22:55:bb:07:d4:52:ba:da:ab:64:0f:
        5d:87:f2:b3:66:b9:41:98:c5:9c:8d:28:3a:b9:47:76:
        3e:51:86:de:f8:18:ae:17:62:e5:ce:a8:eb:71:af:23:
        30:07:06:a9:2b:d5:48:05:77:b1:b4:fa:ab:cf:e6:8d:
        de:24:33:54:c1:cd:c4:93:f7:f2:a0:45:00:32:5a:be
    Fingerprint (SHA-256):
        8F:3A:40:02:DD:B9:F0:23:28:C1:77:C4:80:7D:69:45:54:4D:CB:00:35:8C:96:4B:10:F1:30:A8:EB:16:E9:9F
    Fingerprint (SHA1):
        BA:00:31:12:80:A4:E2:4D:11:F9:83:1D:B7:3C:DB:34:97:B4:22:91
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #4433: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174107 (0x25712d1b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 17:57:18 2016
            Not After : Mon Jun 28 17:57:18 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a6:d4:bf:a2:b0:17:bb:31:44:5c:c8:ba:10:40:9b:ba:
                    7b:d3:f7:4e:3c:fb:e9:1e:95:81:76:07:ec:75:5a:36:
                    44:bf:52:4d:95:74:1e:b2:d9:ad:10:f7:04:06:2b:ac:
                    5f:66:4f:ac:15:6d:f1:9f:b5:51:02:df:d9:a1:46:9b:
                    aa:0c:a4:65:09:d8:5d:27:f7:4a:35:dd:1e:91:4d:a4:
                    ce:d1:46:05:5e:d1:fa:2e:74:56:c3:28:52:9a:d2:b4:
                    3e:cd:56:9d:95:90:9f:41:d6:1c:3b:5e:4e:79:7b:9d:
                    cd:5d:b1:45:70:ca:f4:1e:6b:e6:4c:7b:44:86:fb:f9:
                    2a:79:71:a8:2f:2b:ab:44:e0:ca:63:04:f2:da:e1:d0:
                    17:63:c2:20:a1:80:42:15:14:4c:48:02:59:d4:5c:66:
                    80:f3:97:27:fa:60:6c:8f:1f:80:cf:43:67:af:a1:20:
                    36:9c:7a:a6:e9:02:ff:56:e4:77:a3:5b:c4:62:b1:2f:
                    49:4c:05:fe:c3:7a:87:e2:5d:f0:15:a0:8e:e3:a8:9d:
                    fe:84:63:da:5c:fc:70:7c:20:a3:af:a4:d8:2f:0f:7c:
                    f5:33:dc:32:9b:99:9b:33:8b:7e:81:37:f1:06:b0:36:
                    3d:c1:31:53:5d:30:69:19:01:e3:ce:b0:1e:a5:66:b7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8c:84:9d:ea:e9:f2:8f:db:3a:bc:e9:6d:6f:20:9a:4f:
        a6:53:6d:99:8f:b2:0f:32:eb:f4:35:31:40:f2:48:12:
        2f:8a:47:ff:95:69:26:bf:01:d0:2e:dd:c4:14:8f:19:
        a0:1a:81:ac:7f:fe:a7:82:f5:7b:b0:1c:a9:a1:9f:8e:
        60:38:63:2a:52:6a:11:0b:9d:67:b6:6f:c7:ee:ea:62:
        cb:1e:c6:03:6a:c1:b5:d4:6a:97:6a:93:e8:0b:3b:37:
        1f:a0:f5:96:d4:89:c7:70:bf:11:28:eb:30:0c:9d:a9:
        f9:6c:db:3a:c9:a1:36:cc:e6:49:2f:00:b8:4d:e2:1d:
        91:dd:a2:16:41:10:21:11:45:d3:28:09:b9:83:44:e8:
        62:3b:ab:c6:3b:6b:6a:b3:69:82:c6:de:04:a5:c1:63:
        78:a8:44:26:7d:10:e5:5e:f2:61:4a:8a:04:73:4a:d7:
        85:0c:b0:f8:90:6c:bd:70:06:ce:f5:08:3e:18:7a:b1:
        52:a7:a2:31:2a:0b:80:ed:e7:d7:30:99:21:b2:05:0f:
        c9:a4:69:3e:97:16:ee:e9:14:86:78:50:c1:5c:05:27:
        8a:70:96:44:ed:73:92:7d:16:c1:ff:32:60:40:35:78:
        12:be:7d:76:b6:59:0f:9a:59:69:de:16:37:d4:88:10
    Fingerprint (SHA-256):
        50:67:51:C6:9C:D6:DA:A4:AB:A7:2E:0D:06:3B:5F:BE:02:3A:B1:20:F8:83:B0:C3:77:87:EB:16:02:B0:50:F5
    Fingerprint (SHA1):
        ED:14:D2:8E:F1:4C:A3:2A:CC:C7:A8:90:5A:9D:13:E0:8A:80:16:C4
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #4434: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174108 (0x25712d1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 17:57:24 2016
            Not After : Mon Jun 28 17:57:24 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    fa:ce:f5:bb:61:db:75:d9:cc:9a:5b:ca:b1:1f:fe:1b:
                    a2:78:62:69:01:35:2d:bb:6a:c4:e5:24:42:4e:d1:37:
                    f6:35:f0:55:41:9b:c8:d1:87:74:aa:73:cf:53:d7:de:
                    9a:2a:49:e5:14:c4:74:a5:2f:02:5f:7d:71:81:43:40:
                    51:cf:f9:39:75:0e:cf:a3:69:f8:90:bd:f2:5a:11:f8:
                    dc:62:97:e9:9a:73:31:92:9a:42:99:9c:d1:f7:3f:64:
                    60:21:e9:fa:8b:c8:cf:71:e5:37:91:2c:9f:d9:3e:7d:
                    9d:79:5a:8a:72:db:dc:8f:8c:1c:47:c8:7f:53:5e:9d:
                    9d:6e:72:b9:ed:e9:fe:4c:b9:81:d5:fe:b0:6b:c3:51:
                    b9:c9:d3:8e:47:52:ec:9a:f6:67:42:53:f9:64:98:79:
                    24:ff:3e:d9:4c:c0:5a:79:93:2d:96:e4:cd:08:c8:49:
                    b0:2d:fb:ec:76:13:7f:9c:07:5e:dd:2a:d1:12:27:e4:
                    cd:e3:08:e5:ba:ab:77:5a:6e:c3:f9:d7:78:f7:a4:1a:
                    70:96:6c:9f:78:c6:80:72:00:9b:ba:ee:92:0f:e8:6f:
                    42:ac:b1:65:db:3d:fe:c5:fa:7b:16:82:f9:5f:20:a4:
                    60:41:39:cd:8c:0d:72:32:7f:a9:f9:59:6b:d1:fc:2f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        12:30:2b:54:df:41:22:2b:16:0e:55:73:a4:b2:c5:15:
        4a:b4:61:b1:72:c5:92:80:22:75:ff:8b:ce:00:1c:1b:
        43:93:6f:4d:f8:d2:26:3a:bf:75:c3:22:1a:64:ac:3f:
        38:9d:8a:01:a4:95:23:4b:70:68:b2:c1:92:5c:28:07:
        cb:7d:91:3d:77:38:cf:3e:08:20:0c:ca:33:36:e2:49:
        d6:b9:21:88:f5:d3:42:2f:6c:40:20:64:c9:a1:3c:92:
        32:0e:99:75:7e:d4:df:05:c7:e0:03:e9:3e:77:ba:33:
        85:dc:f0:13:fb:48:0b:a6:86:2f:dc:66:12:5d:06:b1:
        a5:9e:c2:0e:45:d7:90:71:1a:8b:55:82:55:b8:4d:a8:
        ab:8d:1b:16:37:57:d3:0b:d6:b9:9f:c3:06:cf:fc:02:
        16:04:3f:86:0d:fa:23:c7:e0:04:6f:b5:54:ea:48:1e:
        7e:44:b6:9a:6d:96:df:19:d4:4c:c0:d0:3b:e8:38:ba:
        9d:92:96:55:43:70:4b:4f:2c:2c:6f:c8:00:1c:0b:53:
        02:b7:4e:bf:bf:96:ae:43:fc:13:74:6d:ed:ae:ff:e1:
        7f:11:65:97:9d:db:e3:6f:5c:63:e6:18:e1:e7:4a:b2:
        e0:ba:d2:b3:a0:d2:ec:b5:18:c9:25:72:97:57:c0:72
    Fingerprint (SHA-256):
        CC:1B:12:F0:97:AA:2B:FD:BB:18:B9:9F:85:49:0F:15:E5:C4:25:30:77:0E:D8:F2:40:EA:AB:B2:19:7D:16:E8
    Fingerprint (SHA1):
        1C:FC:5B:F8:51:A1:8E:C7:EE:5C:F2:94:5D:01:83:79:E0:F6:E4:F7
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #4435: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4436: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174123 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4437: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4438: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4439: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4440: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174124   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4441: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4442: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4443: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4444: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174125   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4445: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4446: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #4447: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4448: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628174126   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4449: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4450: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4451: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174123 (0x25712d2b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:05 2016
            Not After : Mon Jun 28 17:58:05 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:e2:0b:4f:4e:df:bb:de:e1:3f:1e:35:04:44:88:58:
                    c8:cf:2b:f3:ed:48:c8:ff:3e:cf:3a:6c:f2:ce:e4:18:
                    ab:ad:4c:70:f9:f3:5e:72:2e:0d:b9:84:99:52:51:98:
                    ac:04:21:d5:ca:51:0c:e9:78:b1:04:da:43:e3:10:29:
                    ef:e1:61:53:2a:08:93:84:65:b0:fc:83:28:7c:8b:c4:
                    f2:94:58:d6:09:49:75:f7:af:e0:e7:10:2e:54:0e:34:
                    10:20:f4:f0:43:01:57:7c:9c:f0:45:d0:e0:4c:88:70:
                    f1:35:7b:89:3d:9a:27:bf:a3:0e:8e:b9:1d:bf:28:41:
                    f6:b7:b0:73:5b:49:69:e1:96:76:e5:6d:6b:c6:9e:76:
                    c8:a6:43:b6:e2:89:81:f4:de:9a:59:a5:85:91:a5:8b:
                    73:01:cd:98:4c:cf:24:fb:8e:40:fb:e0:40:aa:02:ac:
                    5b:ac:b6:eb:8a:62:6c:da:df:e6:88:7c:8d:6e:cf:5e:
                    29:91:bf:35:c5:dc:57:1c:99:25:eb:08:81:5c:93:c6:
                    52:b1:74:15:14:72:9f:83:30:a7:a4:4c:72:38:04:88:
                    d5:26:a3:c1:60:55:e5:6b:82:8f:e3:43:47:89:ae:f3:
                    0e:14:33:84:4f:f6:26:42:3a:c4:e5:7f:0a:92:84:75
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        aa:33:45:da:20:0b:bb:cd:6d:04:40:ca:7e:fd:e4:da:
        f9:0b:3b:5a:ad:1b:44:6d:90:3f:fe:9a:e8:27:1f:11:
        3e:64:0d:07:49:ab:b5:61:73:6c:38:24:f9:37:ed:aa:
        e5:0e:66:71:44:9b:e7:c2:ff:a2:f9:b1:bc:88:e4:01:
        a3:63:38:da:5d:cd:7a:c5:44:7d:99:62:45:e8:f4:47:
        ae:3b:fc:8b:3b:13:42:58:cf:1a:4d:8b:cf:aa:b7:e6:
        ca:65:4f:18:7e:b8:ba:16:22:3b:5d:ee:bc:6c:00:79:
        60:7d:03:b4:58:e2:f5:ae:41:c0:a0:cc:d3:a0:5b:77:
        00:92:43:ae:3c:a8:c8:63:1e:bc:b0:fa:96:4c:6b:77:
        48:34:70:1e:b8:0c:e0:c2:ab:00:dc:35:69:63:c4:e6:
        fd:5d:b4:f4:b6:f8:92:0b:35:ae:b9:83:20:96:c5:29:
        87:ef:fd:58:fb:97:21:03:75:fd:bc:78:84:d9:2e:f6:
        18:e0:eb:83:a1:bd:bd:4c:90:47:7a:f0:80:cf:8d:6e:
        92:30:ad:37:9b:2e:4f:d9:88:ce:ab:c5:e0:8d:4c:39:
        86:d8:0b:a0:36:e0:f2:4e:77:71:8c:71:57:a8:5b:85:
        25:c0:17:49:96:7f:c3:15:da:94:95:60:24:fa:b6:1f
    Fingerprint (SHA-256):
        94:4A:14:04:0D:F0:23:2E:03:29:AE:8A:F3:92:B3:16:A3:E7:27:93:A7:B9:B2:A7:1E:DF:DD:FA:55:73:A0:C6
    Fingerprint (SHA1):
        D2:00:8A:E6:32:F5:5D:A8:6B:EA:10:FC:43:EA:C8:CE:C6:2D:1F:8D
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4452: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4453: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174124 (0x25712d2c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:07 2016
            Not After : Mon Jun 28 17:58:07 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:4f:80:33:16:ec:a3:f0:8f:3a:f3:99:1a:83:ea:a8:
                    95:f0:97:b4:82:ec:08:18:e9:13:c1:4c:b5:a4:41:f6:
                    0b:cb:14:d2:ac:9e:d1:fa:8d:ae:f6:50:16:b1:c2:a6:
                    c7:e8:67:d9:fa:f8:9f:ad:c5:ac:ac:30:6b:9b:9f:7c:
                    71:8e:a6:4a:4f:28:2f:e6:46:75:5f:12:13:fc:53:d2:
                    1b:e8:60:3b:a5:6a:f1:57:96:14:68:5f:30:90:de:20:
                    4f:08:3c:da:a3:ea:ee:60:9c:e4:1c:69:51:75:de:c5:
                    29:ec:05:58:56:f2:a5:b7:b1:07:ea:bf:c7:50:d2:86:
                    59:12:1f:6e:2a:8c:a1:01:62:68:91:31:4e:5d:0b:36:
                    9f:9a:5d:70:60:49:60:c3:11:a5:b7:3f:c9:e8:f7:c8:
                    5a:e4:f7:49:6c:8e:f2:24:48:bb:da:90:1a:8e:75:3f:
                    2f:5a:cc:05:7a:ac:d5:0f:44:dc:85:3d:b9:f5:b2:a9:
                    ac:54:c2:65:66:95:c9:63:ad:63:10:7f:6a:69:a9:c3:
                    7e:c6:8b:81:4b:54:d1:5c:ae:92:90:a1:00:9f:6f:11:
                    86:a8:84:cb:61:44:61:bb:c1:a6:8b:68:9f:bb:a8:90:
                    c5:88:e9:d1:9e:7d:5d:a1:3b:34:3f:2e:c3:51:09:73
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:3d:ec:e9:ac:17:cf:79:0d:e8:37:5b:33:36:0c:1d:
        0b:a6:47:51:ed:f2:6d:93:b0:76:09:5f:3e:5d:f3:04:
        4f:ce:86:a3:c1:71:6d:67:aa:93:9a:0d:8e:a8:af:e9:
        ee:22:d6:20:25:fc:ad:93:ab:9b:b5:8d:f1:db:cd:57:
        3e:8d:b1:f4:e0:b9:97:63:cc:36:9e:3c:17:f4:d1:00:
        96:c1:62:c1:14:44:1f:f4:9b:73:91:ae:4c:cd:a7:41:
        c0:4b:0c:a9:c6:99:00:ea:e7:12:bc:b7:81:2c:ad:18:
        00:5e:3e:ac:73:42:49:59:43:da:4f:31:57:74:2e:b7:
        2c:ea:6f:f3:64:78:41:4f:44:28:a3:da:65:56:f8:c4:
        42:d6:d3:01:0c:46:2d:a7:c2:00:ae:cc:cb:54:0a:5f:
        e2:94:e8:fd:7f:b1:13:d8:cf:e9:ce:09:d2:d4:07:2d:
        68:b9:65:1b:f9:ca:6f:85:45:34:72:a4:e5:44:e2:fd:
        89:28:59:6e:d9:40:2e:9a:5e:d1:e4:ed:e0:3c:fa:3a:
        32:4d:1b:ee:46:4d:37:e8:9d:1a:98:31:e7:d0:6a:8b:
        3d:08:bc:7e:fe:3f:e5:80:e4:96:32:ca:eb:ce:f5:b8:
        32:0d:7e:8e:f8:27:5f:c9:c9:67:b5:f6:d3:ac:46:ae
    Fingerprint (SHA-256):
        04:86:CF:52:E7:46:0E:65:4B:D2:C6:51:0B:D8:23:19:0D:D7:40:D0:39:C3:AA:A2:E8:98:6A:C3:06:21:AE:9F
    Fingerprint (SHA1):
        C5:31:EB:4B:38:31:FE:B5:59:07:4C:E9:84:FE:C0:E0:7A:36:78:16
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4454: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4455: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174125 (0x25712d2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:14 2016
            Not After : Mon Jun 28 17:58:14 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:56:5e:63:41:44:a3:ce:a0:2f:ba:23:00:c8:9e:b6:
                    32:76:d8:09:04:56:6b:8e:81:f8:d6:bd:2c:ea:38:43:
                    81:aa:11:e5:8c:8e:84:ab:2c:58:82:82:02:4e:75:fd:
                    da:87:d5:71:16:bb:4d:1b:42:2e:f6:40:ab:4c:dd:10:
                    a4:a3:b4:c6:44:03:24:fd:cc:67:4f:a2:74:ac:57:de:
                    05:9b:5c:f8:ee:21:0c:22:82:34:53:ee:1c:9d:fa:4e:
                    a9:3f:eb:a1:34:e1:34:d7:b9:d5:90:39:7f:7e:ab:5e:
                    0e:39:2c:6c:7c:3c:9a:55:ef:24:9b:09:75:64:60:81:
                    0c:f8:9c:63:80:61:fb:73:e7:02:57:b1:8e:53:f1:2a:
                    e9:6e:a4:21:de:6b:5d:12:1d:cb:a6:6a:63:7d:c0:28:
                    6d:68:8b:cf:18:a2:73:d8:45:a6:16:b3:47:95:41:a2:
                    5c:34:20:0d:08:bd:89:cc:80:4a:fd:85:e2:0b:ce:53:
                    83:4b:85:08:4c:1b:b8:16:4d:be:d9:3e:06:5f:13:74:
                    45:f8:be:f8:39:9a:6e:af:99:1d:72:f4:87:64:a1:f6:
                    bc:63:90:69:c1:4a:2c:75:b4:f2:3c:b0:f5:58:1d:cb:
                    5a:ef:61:ad:3b:83:2d:f6:bb:65:26:41:b3:ef:8b:6b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        78:2d:42:b8:85:34:4f:30:90:b4:c6:1b:07:93:4b:77:
        cc:e2:d5:33:d6:37:6c:64:8d:67:42:2e:37:bd:21:37:
        c1:26:ba:40:22:b6:fa:2d:e6:f2:1f:d1:ba:39:d3:4d:
        93:79:f5:ea:c5:05:ee:c9:fe:a1:a8:16:c0:4a:0f:9f:
        5c:ac:35:0a:9b:3d:cb:ea:b4:ca:61:d8:b0:b3:60:ae:
        b1:86:b0:ac:bb:ab:54:ed:f2:79:ec:e9:00:4a:a3:d9:
        cb:3b:f3:cd:d8:b7:16:95:57:2c:b9:b3:ad:40:ff:9f:
        e1:cf:09:54:f0:65:93:e8:02:07:e8:e4:73:85:bb:93:
        59:35:3e:e2:89:84:46:e8:54:f2:bb:b9:0f:17:7e:7b:
        b3:90:98:12:97:fa:aa:7d:c9:a8:76:70:3f:49:f9:4d:
        ce:12:06:c3:d2:65:c8:47:8e:6b:19:e4:a2:4c:ef:8a:
        7a:01:39:2c:a9:74:70:ff:cd:cc:96:34:3b:b2:61:cf:
        e3:69:ae:97:82:81:51:4d:01:38:51:55:62:31:1e:4b:
        aa:56:dd:43:ae:05:9b:57:af:12:83:82:0f:e4:ac:41:
        e7:85:4c:03:28:5a:60:20:af:3b:a0:96:a4:6d:e7:aa:
        57:77:02:e6:02:d1:77:54:b5:38:7a:c3:bc:54:14:75
    Fingerprint (SHA-256):
        36:37:32:9A:E1:AC:D6:8D:78:07:B9:4C:6B:10:A8:45:AB:5F:E8:21:C9:08:C0:8B:8B:64:CF:AE:0B:59:80:90
    Fingerprint (SHA1):
        02:94:35:0D:AC:00:7F:A4:6D:98:B4:FA:73:45:FC:93:EB:95:08:FF
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #4456: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4457: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #4458: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #4459: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #4460: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174123 (0x25712d2b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:05 2016
            Not After : Mon Jun 28 17:58:05 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d0:e2:0b:4f:4e:df:bb:de:e1:3f:1e:35:04:44:88:58:
                    c8:cf:2b:f3:ed:48:c8:ff:3e:cf:3a:6c:f2:ce:e4:18:
                    ab:ad:4c:70:f9:f3:5e:72:2e:0d:b9:84:99:52:51:98:
                    ac:04:21:d5:ca:51:0c:e9:78:b1:04:da:43:e3:10:29:
                    ef:e1:61:53:2a:08:93:84:65:b0:fc:83:28:7c:8b:c4:
                    f2:94:58:d6:09:49:75:f7:af:e0:e7:10:2e:54:0e:34:
                    10:20:f4:f0:43:01:57:7c:9c:f0:45:d0:e0:4c:88:70:
                    f1:35:7b:89:3d:9a:27:bf:a3:0e:8e:b9:1d:bf:28:41:
                    f6:b7:b0:73:5b:49:69:e1:96:76:e5:6d:6b:c6:9e:76:
                    c8:a6:43:b6:e2:89:81:f4:de:9a:59:a5:85:91:a5:8b:
                    73:01:cd:98:4c:cf:24:fb:8e:40:fb:e0:40:aa:02:ac:
                    5b:ac:b6:eb:8a:62:6c:da:df:e6:88:7c:8d:6e:cf:5e:
                    29:91:bf:35:c5:dc:57:1c:99:25:eb:08:81:5c:93:c6:
                    52:b1:74:15:14:72:9f:83:30:a7:a4:4c:72:38:04:88:
                    d5:26:a3:c1:60:55:e5:6b:82:8f:e3:43:47:89:ae:f3:
                    0e:14:33:84:4f:f6:26:42:3a:c4:e5:7f:0a:92:84:75
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        aa:33:45:da:20:0b:bb:cd:6d:04:40:ca:7e:fd:e4:da:
        f9:0b:3b:5a:ad:1b:44:6d:90:3f:fe:9a:e8:27:1f:11:
        3e:64:0d:07:49:ab:b5:61:73:6c:38:24:f9:37:ed:aa:
        e5:0e:66:71:44:9b:e7:c2:ff:a2:f9:b1:bc:88:e4:01:
        a3:63:38:da:5d:cd:7a:c5:44:7d:99:62:45:e8:f4:47:
        ae:3b:fc:8b:3b:13:42:58:cf:1a:4d:8b:cf:aa:b7:e6:
        ca:65:4f:18:7e:b8:ba:16:22:3b:5d:ee:bc:6c:00:79:
        60:7d:03:b4:58:e2:f5:ae:41:c0:a0:cc:d3:a0:5b:77:
        00:92:43:ae:3c:a8:c8:63:1e:bc:b0:fa:96:4c:6b:77:
        48:34:70:1e:b8:0c:e0:c2:ab:00:dc:35:69:63:c4:e6:
        fd:5d:b4:f4:b6:f8:92:0b:35:ae:b9:83:20:96:c5:29:
        87:ef:fd:58:fb:97:21:03:75:fd:bc:78:84:d9:2e:f6:
        18:e0:eb:83:a1:bd:bd:4c:90:47:7a:f0:80:cf:8d:6e:
        92:30:ad:37:9b:2e:4f:d9:88:ce:ab:c5:e0:8d:4c:39:
        86:d8:0b:a0:36:e0:f2:4e:77:71:8c:71:57:a8:5b:85:
        25:c0:17:49:96:7f:c3:15:da:94:95:60:24:fa:b6:1f
    Fingerprint (SHA-256):
        94:4A:14:04:0D:F0:23:2E:03:29:AE:8A:F3:92:B3:16:A3:E7:27:93:A7:B9:B2:A7:1E:DF:DD:FA:55:73:A0:C6
    Fingerprint (SHA1):
        D2:00:8A:E6:32:F5:5D:A8:6B:EA:10:FC:43:EA:C8:CE:C6:2D:1F:8D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4461: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4462: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174124 (0x25712d2c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:07 2016
            Not After : Mon Jun 28 17:58:07 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:4f:80:33:16:ec:a3:f0:8f:3a:f3:99:1a:83:ea:a8:
                    95:f0:97:b4:82:ec:08:18:e9:13:c1:4c:b5:a4:41:f6:
                    0b:cb:14:d2:ac:9e:d1:fa:8d:ae:f6:50:16:b1:c2:a6:
                    c7:e8:67:d9:fa:f8:9f:ad:c5:ac:ac:30:6b:9b:9f:7c:
                    71:8e:a6:4a:4f:28:2f:e6:46:75:5f:12:13:fc:53:d2:
                    1b:e8:60:3b:a5:6a:f1:57:96:14:68:5f:30:90:de:20:
                    4f:08:3c:da:a3:ea:ee:60:9c:e4:1c:69:51:75:de:c5:
                    29:ec:05:58:56:f2:a5:b7:b1:07:ea:bf:c7:50:d2:86:
                    59:12:1f:6e:2a:8c:a1:01:62:68:91:31:4e:5d:0b:36:
                    9f:9a:5d:70:60:49:60:c3:11:a5:b7:3f:c9:e8:f7:c8:
                    5a:e4:f7:49:6c:8e:f2:24:48:bb:da:90:1a:8e:75:3f:
                    2f:5a:cc:05:7a:ac:d5:0f:44:dc:85:3d:b9:f5:b2:a9:
                    ac:54:c2:65:66:95:c9:63:ad:63:10:7f:6a:69:a9:c3:
                    7e:c6:8b:81:4b:54:d1:5c:ae:92:90:a1:00:9f:6f:11:
                    86:a8:84:cb:61:44:61:bb:c1:a6:8b:68:9f:bb:a8:90:
                    c5:88:e9:d1:9e:7d:5d:a1:3b:34:3f:2e:c3:51:09:73
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:3d:ec:e9:ac:17:cf:79:0d:e8:37:5b:33:36:0c:1d:
        0b:a6:47:51:ed:f2:6d:93:b0:76:09:5f:3e:5d:f3:04:
        4f:ce:86:a3:c1:71:6d:67:aa:93:9a:0d:8e:a8:af:e9:
        ee:22:d6:20:25:fc:ad:93:ab:9b:b5:8d:f1:db:cd:57:
        3e:8d:b1:f4:e0:b9:97:63:cc:36:9e:3c:17:f4:d1:00:
        96:c1:62:c1:14:44:1f:f4:9b:73:91:ae:4c:cd:a7:41:
        c0:4b:0c:a9:c6:99:00:ea:e7:12:bc:b7:81:2c:ad:18:
        00:5e:3e:ac:73:42:49:59:43:da:4f:31:57:74:2e:b7:
        2c:ea:6f:f3:64:78:41:4f:44:28:a3:da:65:56:f8:c4:
        42:d6:d3:01:0c:46:2d:a7:c2:00:ae:cc:cb:54:0a:5f:
        e2:94:e8:fd:7f:b1:13:d8:cf:e9:ce:09:d2:d4:07:2d:
        68:b9:65:1b:f9:ca:6f:85:45:34:72:a4:e5:44:e2:fd:
        89:28:59:6e:d9:40:2e:9a:5e:d1:e4:ed:e0:3c:fa:3a:
        32:4d:1b:ee:46:4d:37:e8:9d:1a:98:31:e7:d0:6a:8b:
        3d:08:bc:7e:fe:3f:e5:80:e4:96:32:ca:eb:ce:f5:b8:
        32:0d:7e:8e:f8:27:5f:c9:c9:67:b5:f6:d3:ac:46:ae
    Fingerprint (SHA-256):
        04:86:CF:52:E7:46:0E:65:4B:D2:C6:51:0B:D8:23:19:0D:D7:40:D0:39:C3:AA:A2:E8:98:6A:C3:06:21:AE:9F
    Fingerprint (SHA1):
        C5:31:EB:4B:38:31:FE:B5:59:07:4C:E9:84:FE:C0:E0:7A:36:78:16
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4463: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4464: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174125 (0x25712d2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:14 2016
            Not After : Mon Jun 28 17:58:14 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:56:5e:63:41:44:a3:ce:a0:2f:ba:23:00:c8:9e:b6:
                    32:76:d8:09:04:56:6b:8e:81:f8:d6:bd:2c:ea:38:43:
                    81:aa:11:e5:8c:8e:84:ab:2c:58:82:82:02:4e:75:fd:
                    da:87:d5:71:16:bb:4d:1b:42:2e:f6:40:ab:4c:dd:10:
                    a4:a3:b4:c6:44:03:24:fd:cc:67:4f:a2:74:ac:57:de:
                    05:9b:5c:f8:ee:21:0c:22:82:34:53:ee:1c:9d:fa:4e:
                    a9:3f:eb:a1:34:e1:34:d7:b9:d5:90:39:7f:7e:ab:5e:
                    0e:39:2c:6c:7c:3c:9a:55:ef:24:9b:09:75:64:60:81:
                    0c:f8:9c:63:80:61:fb:73:e7:02:57:b1:8e:53:f1:2a:
                    e9:6e:a4:21:de:6b:5d:12:1d:cb:a6:6a:63:7d:c0:28:
                    6d:68:8b:cf:18:a2:73:d8:45:a6:16:b3:47:95:41:a2:
                    5c:34:20:0d:08:bd:89:cc:80:4a:fd:85:e2:0b:ce:53:
                    83:4b:85:08:4c:1b:b8:16:4d:be:d9:3e:06:5f:13:74:
                    45:f8:be:f8:39:9a:6e:af:99:1d:72:f4:87:64:a1:f6:
                    bc:63:90:69:c1:4a:2c:75:b4:f2:3c:b0:f5:58:1d:cb:
                    5a:ef:61:ad:3b:83:2d:f6:bb:65:26:41:b3:ef:8b:6b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        78:2d:42:b8:85:34:4f:30:90:b4:c6:1b:07:93:4b:77:
        cc:e2:d5:33:d6:37:6c:64:8d:67:42:2e:37:bd:21:37:
        c1:26:ba:40:22:b6:fa:2d:e6:f2:1f:d1:ba:39:d3:4d:
        93:79:f5:ea:c5:05:ee:c9:fe:a1:a8:16:c0:4a:0f:9f:
        5c:ac:35:0a:9b:3d:cb:ea:b4:ca:61:d8:b0:b3:60:ae:
        b1:86:b0:ac:bb:ab:54:ed:f2:79:ec:e9:00:4a:a3:d9:
        cb:3b:f3:cd:d8:b7:16:95:57:2c:b9:b3:ad:40:ff:9f:
        e1:cf:09:54:f0:65:93:e8:02:07:e8:e4:73:85:bb:93:
        59:35:3e:e2:89:84:46:e8:54:f2:bb:b9:0f:17:7e:7b:
        b3:90:98:12:97:fa:aa:7d:c9:a8:76:70:3f:49:f9:4d:
        ce:12:06:c3:d2:65:c8:47:8e:6b:19:e4:a2:4c:ef:8a:
        7a:01:39:2c:a9:74:70:ff:cd:cc:96:34:3b:b2:61:cf:
        e3:69:ae:97:82:81:51:4d:01:38:51:55:62:31:1e:4b:
        aa:56:dd:43:ae:05:9b:57:af:12:83:82:0f:e4:ac:41:
        e7:85:4c:03:28:5a:60:20:af:3b:a0:96:a4:6d:e7:aa:
        57:77:02:e6:02:d1:77:54:b5:38:7a:c3:bc:54:14:75
    Fingerprint (SHA-256):
        36:37:32:9A:E1:AC:D6:8D:78:07:B9:4C:6B:10:A8:45:AB:5F:E8:21:C9:08:C0:8B:8B:64:CF:AE:0B:59:80:90
    Fingerprint (SHA1):
        02:94:35:0D:AC:00:7F:A4:6D:98:B4:FA:73:45:FC:93:EB:95:08:FF
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #4465: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4466: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4467: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174127 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4468: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4469: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4470: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4471: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174128   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4472: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4473: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4474: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4475: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174129   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4476: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4477: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #4478: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4479: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628174130   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4480: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4481: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #4482: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4483: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628174131   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4484: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4485: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4486: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174127 (0x25712d2f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:23 2016
            Not After : Mon Jun 28 17:58:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:a8:5e:0b:d0:38:ba:33:96:c0:c2:e1:15:81:32:b4:
                    7c:89:9b:f2:dc:eb:9c:21:0d:a3:ff:d8:24:1f:55:d1:
                    6e:59:18:b1:c3:5d:7a:6e:2c:a0:13:26:40:1e:95:17:
                    06:ce:96:29:29:fa:39:dc:0c:53:0d:27:88:a4:25:c8:
                    91:fa:94:64:01:37:de:82:75:58:d5:0c:f0:88:d6:19:
                    da:7d:11:51:d7:c5:23:9c:07:09:8a:7c:7c:f3:10:21:
                    35:43:eb:81:a4:7b:65:e0:db:66:b3:eb:0c:8c:fe:35:
                    d7:65:43:71:ef:80:fe:7e:b9:56:40:42:5b:9d:c4:cc:
                    51:19:42:05:8d:1c:cd:5e:5c:1a:8b:2f:e6:ed:94:c0:
                    e2:40:a6:c3:28:8b:91:53:dc:32:42:b0:62:46:33:3c:
                    14:e1:e9:f9:bf:d4:4d:2e:75:1d:27:d4:80:a7:cf:c0:
                    90:a4:f5:16:9c:d0:27:c0:8e:cd:3f:82:81:77:01:5f:
                    e5:c4:b5:57:7f:59:8e:46:68:8b:af:dc:c8:6a:80:53:
                    a7:e9:1e:05:c1:18:d3:5b:c6:10:9c:f9:7e:63:62:dc:
                    7c:a9:fc:15:8c:8c:fc:2d:32:a4:64:3f:a9:40:11:ff:
                    b7:63:39:b3:1d:ab:3d:d5:9d:ca:34:b1:8a:ae:07:a5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:22:d1:a8:10:8c:b9:c6:4f:65:f0:78:7a:4e:79:9e:
        0a:cf:87:20:92:ce:d9:6e:4c:23:a1:f1:2c:ae:2c:85:
        78:93:64:3e:67:4f:fa:6b:5f:bb:bf:70:17:55:c2:a8:
        2f:91:7a:1f:3a:07:fa:d5:09:04:5b:78:d8:ab:60:8b:
        e6:f9:c5:92:a8:66:d5:d8:43:2f:e5:04:8d:b6:65:29:
        62:84:91:de:c3:c0:01:f1:2b:d5:6f:ad:d6:11:2c:a2:
        be:9f:78:66:dc:ef:0f:04:97:97:1b:3e:3a:90:ca:34:
        67:ab:0d:e3:5a:3d:93:f0:01:85:6e:f4:e7:28:50:b6:
        8d:ac:94:fb:60:8e:09:3f:d6:56:d9:c9:5e:fe:9a:f0:
        fe:44:da:e3:25:74:a9:8b:94:ad:5e:33:69:2d:f2:8f:
        01:30:e8:1e:48:a1:ee:db:a3:d5:64:fc:1f:0f:ed:2e:
        54:5a:36:e4:96:bf:29:35:67:eb:35:2d:f7:77:43:6d:
        95:05:b0:0a:53:18:02:3b:90:98:df:39:cd:06:5b:d8:
        d8:fb:96:5a:54:1e:21:7e:43:35:e5:b8:be:e8:94:a2:
        fb:91:f0:f1:56:ac:25:2e:40:d1:6f:ee:8f:6b:da:e3:
        cf:9a:20:34:4b:81:0a:5e:60:d7:ea:fb:31:e9:8a:5d
    Fingerprint (SHA-256):
        80:85:21:47:2D:5B:BF:79:38:25:66:DC:BA:C5:C2:7B:D6:F6:A5:C4:0D:FA:2B:CF:A1:32:36:64:46:27:0F:0C
    Fingerprint (SHA1):
        35:1E:76:69:B2:6C:FF:24:02:5C:AA:F5:44:11:19:19:B2:C3:95:D6
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4487: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4488: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174128 (0x25712d30)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:30 2016
            Not After : Mon Jun 28 17:58:30 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:de:74:60:5e:28:7f:e0:1d:77:73:b1:b8:65:75:7e:
                    a5:cb:13:54:1d:af:c3:cd:a0:37:ef:37:f1:09:e8:88:
                    fe:ec:2c:97:09:44:17:07:35:e2:8e:2e:36:8e:5c:ee:
                    a1:c6:a5:15:57:07:90:d5:1d:d3:a3:a2:63:4a:98:e5:
                    9e:28:9d:f8:f0:c6:af:43:94:2c:4f:b0:1d:7d:c7:5d:
                    26:cb:d9:fd:dc:41:a2:5c:8b:c3:2c:dc:66:50:70:ec:
                    70:4e:f6:84:e7:ae:0c:5c:5f:b1:d0:1f:bc:bf:46:dd:
                    20:bc:29:b2:3a:04:5a:6f:5c:6a:37:5e:19:19:c1:a2:
                    cd:3b:eb:78:9c:d5:ce:27:2c:41:2e:57:7c:35:d1:e0:
                    4c:3a:8e:97:d5:f4:76:78:0e:c5:f2:4d:71:ef:1d:65:
                    43:c5:7d:cb:56:b2:09:7c:41:d9:1e:88:71:ae:72:57:
                    ed:2d:77:6b:84:1a:23:06:af:05:87:0e:00:0a:4b:c6:
                    77:b6:88:ed:b5:14:fd:a9:2b:4e:c2:25:06:78:28:0d:
                    df:00:1a:87:61:07:4c:fa:83:13:cc:3c:ed:8d:4f:68:
                    64:fc:57:f3:fb:52:8f:f1:c1:94:8d:d1:09:55:27:10:
                    26:23:14:e0:d9:a8:50:0a:eb:9e:da:d4:88:c6:4d:4f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c0:5c:2e:80:14:2e:c3:15:b3:a9:62:23:7e:f9:ac:3b:
        24:77:fa:a7:de:c6:f2:58:57:c6:47:09:b1:7a:f7:0b:
        df:95:da:6d:b0:df:ea:67:4e:64:b6:32:91:d3:55:79:
        ed:4d:9e:62:d0:fa:5a:8a:48:e5:ce:e9:8c:bf:37:d0:
        fb:58:1a:f7:b1:62:f9:92:c8:3e:b7:0d:a9:b0:24:9f:
        a1:ac:05:31:11:3c:d0:3e:ea:63:c3:2d:83:13:c6:a8:
        ee:45:dd:0a:ed:ad:62:5b:28:c9:09:9e:53:9b:a1:98:
        8f:a4:8b:a9:a7:4a:7a:63:99:82:7c:ea:1c:fd:2a:cb:
        60:1c:c2:3a:9f:73:24:c6:3f:5d:5a:d3:7e:73:e0:ef:
        2c:5f:5e:f9:fe:7b:3d:ee:82:ed:01:76:a2:88:1d:44:
        4f:a4:45:78:5e:be:f2:7b:f2:aa:cd:ef:61:a3:7e:eb:
        6c:69:26:0c:47:44:c7:93:0f:71:e9:f4:59:a3:7b:14:
        f8:44:03:8d:13:a6:5b:56:e0:e6:84:0c:aa:f5:f6:7b:
        d4:a6:5e:47:8a:ec:a5:88:ce:82:bb:f6:c9:c6:d7:a7:
        70:74:e3:d6:4c:fe:65:38:3b:b3:11:3d:fe:63:0a:27:
        6b:5e:b6:0f:e2:53:a5:87:ef:2b:88:c3:2c:7d:9f:60
    Fingerprint (SHA-256):
        2D:03:CE:EC:03:6B:73:4D:6D:55:0B:7A:A9:98:A3:70:DD:1F:78:33:6A:5B:4C:62:E2:F1:01:CE:88:4D:E4:F5
    Fingerprint (SHA1):
        B8:98:1E:E9:0E:3A:9F:BD:41:35:E8:96:A0:1D:99:D3:FF:A5:9E:1E
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4489: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4490: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174129 (0x25712d31)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:35 2016
            Not After : Mon Jun 28 17:58:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d4:c3:10:2c:fc:df:5f:d2:96:ac:5e:84:56:c0:49:
                    0b:a0:c3:46:39:a2:78:38:ea:9d:45:ce:44:dc:39:85:
                    48:68:e5:e7:67:88:e4:76:d6:c6:09:f3:f2:66:94:92:
                    43:94:84:40:e3:41:f8:f8:80:26:01:77:71:45:45:7b:
                    7d:cd:2b:65:4d:99:f0:48:3c:0f:4e:8a:da:1b:16:b1:
                    0f:a4:be:1c:6a:bb:f7:7d:84:fe:3b:6b:42:d7:43:14:
                    f3:04:f3:ee:83:45:61:ef:41:b7:f5:aa:3b:2e:fa:c6:
                    9e:c1:6d:f6:a0:82:63:eb:ea:5f:c1:7e:1f:f1:35:90:
                    83:c9:12:fd:91:94:95:f7:5b:1a:73:3e:7d:96:b2:38:
                    b1:3d:8d:0f:56:b0:be:04:4f:19:8e:95:60:c7:0b:4c:
                    5b:e2:b1:d7:80:24:8f:88:60:eb:ee:53:44:0c:b5:51:
                    03:24:9d:6b:50:4b:89:4a:18:d1:67:a2:11:bb:95:c1:
                    42:9a:1a:e2:34:77:23:42:ec:29:63:5c:c1:fb:cb:e4:
                    d2:28:72:63:dc:d3:38:aa:95:ea:cf:31:2f:e3:a2:72:
                    a4:69:28:42:9f:c4:c2:d8:4c:9e:4f:39:f3:3e:3e:b1:
                    7b:0b:31:06:8f:ad:ca:eb:ae:e8:a5:ae:9b:72:49:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:2b:c2:1a:cb:d9:71:7e:15:2f:4f:99:9a:cd:26:de:
        46:8e:5d:b1:30:37:a7:f4:8f:4d:58:27:67:37:d9:03:
        7c:d1:7f:8a:fe:4c:ae:b1:29:4b:7e:d6:f7:c7:63:a0:
        67:ab:0c:bc:f6:d9:cd:37:9d:12:e5:2c:fa:85:4b:b7:
        e9:a4:f9:ec:8b:10:e7:cc:ba:22:cf:fa:29:26:3a:77:
        52:29:df:a2:71:67:42:cb:45:15:a1:08:47:ae:5b:06:
        45:0c:2f:c2:26:c1:94:1a:13:d2:0c:f3:f9:d2:b2:9d:
        e2:0e:a7:f5:04:bb:db:0b:82:12:0c:a5:1a:ff:6b:e4:
        59:bf:e3:03:dc:97:99:b2:df:61:d9:4d:3f:b0:c8:54:
        a0:bb:69:7b:da:40:3a:eb:f7:76:91:7c:61:5a:ad:a8:
        7f:10:72:23:5b:40:14:bd:13:c3:2a:b0:f3:54:0e:8d:
        f5:d9:33:95:30:f7:5b:e9:2f:40:6a:9e:20:dd:62:e4:
        b3:98:42:5c:98:24:b1:5b:29:7c:11:a3:de:5f:af:07:
        cc:00:2c:be:5a:86:b7:9d:eb:92:c1:64:e4:72:30:d5:
        dc:69:58:2e:fd:80:15:d7:3c:c0:5b:84:de:f5:67:cc:
        ac:84:be:d7:d6:0e:f3:5c:b0:91:48:10:3d:2f:dc:37
    Fingerprint (SHA-256):
        7C:FD:CC:80:07:CB:4A:96:FE:9B:EF:80:D6:EB:43:B3:FF:2A:E5:74:B5:C7:C7:2B:4F:47:32:23:1A:C9:E2:2F
    Fingerprint (SHA1):
        70:28:FB:63:44:34:AC:E0:8C:F2:E3:D7:B1:27:59:B1:38:26:59:2B
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4491: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4492: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #4493: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #4494: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #4495: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174127 (0x25712d2f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:23 2016
            Not After : Mon Jun 28 17:58:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:a8:5e:0b:d0:38:ba:33:96:c0:c2:e1:15:81:32:b4:
                    7c:89:9b:f2:dc:eb:9c:21:0d:a3:ff:d8:24:1f:55:d1:
                    6e:59:18:b1:c3:5d:7a:6e:2c:a0:13:26:40:1e:95:17:
                    06:ce:96:29:29:fa:39:dc:0c:53:0d:27:88:a4:25:c8:
                    91:fa:94:64:01:37:de:82:75:58:d5:0c:f0:88:d6:19:
                    da:7d:11:51:d7:c5:23:9c:07:09:8a:7c:7c:f3:10:21:
                    35:43:eb:81:a4:7b:65:e0:db:66:b3:eb:0c:8c:fe:35:
                    d7:65:43:71:ef:80:fe:7e:b9:56:40:42:5b:9d:c4:cc:
                    51:19:42:05:8d:1c:cd:5e:5c:1a:8b:2f:e6:ed:94:c0:
                    e2:40:a6:c3:28:8b:91:53:dc:32:42:b0:62:46:33:3c:
                    14:e1:e9:f9:bf:d4:4d:2e:75:1d:27:d4:80:a7:cf:c0:
                    90:a4:f5:16:9c:d0:27:c0:8e:cd:3f:82:81:77:01:5f:
                    e5:c4:b5:57:7f:59:8e:46:68:8b:af:dc:c8:6a:80:53:
                    a7:e9:1e:05:c1:18:d3:5b:c6:10:9c:f9:7e:63:62:dc:
                    7c:a9:fc:15:8c:8c:fc:2d:32:a4:64:3f:a9:40:11:ff:
                    b7:63:39:b3:1d:ab:3d:d5:9d:ca:34:b1:8a:ae:07:a5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:22:d1:a8:10:8c:b9:c6:4f:65:f0:78:7a:4e:79:9e:
        0a:cf:87:20:92:ce:d9:6e:4c:23:a1:f1:2c:ae:2c:85:
        78:93:64:3e:67:4f:fa:6b:5f:bb:bf:70:17:55:c2:a8:
        2f:91:7a:1f:3a:07:fa:d5:09:04:5b:78:d8:ab:60:8b:
        e6:f9:c5:92:a8:66:d5:d8:43:2f:e5:04:8d:b6:65:29:
        62:84:91:de:c3:c0:01:f1:2b:d5:6f:ad:d6:11:2c:a2:
        be:9f:78:66:dc:ef:0f:04:97:97:1b:3e:3a:90:ca:34:
        67:ab:0d:e3:5a:3d:93:f0:01:85:6e:f4:e7:28:50:b6:
        8d:ac:94:fb:60:8e:09:3f:d6:56:d9:c9:5e:fe:9a:f0:
        fe:44:da:e3:25:74:a9:8b:94:ad:5e:33:69:2d:f2:8f:
        01:30:e8:1e:48:a1:ee:db:a3:d5:64:fc:1f:0f:ed:2e:
        54:5a:36:e4:96:bf:29:35:67:eb:35:2d:f7:77:43:6d:
        95:05:b0:0a:53:18:02:3b:90:98:df:39:cd:06:5b:d8:
        d8:fb:96:5a:54:1e:21:7e:43:35:e5:b8:be:e8:94:a2:
        fb:91:f0:f1:56:ac:25:2e:40:d1:6f:ee:8f:6b:da:e3:
        cf:9a:20:34:4b:81:0a:5e:60:d7:ea:fb:31:e9:8a:5d
    Fingerprint (SHA-256):
        80:85:21:47:2D:5B:BF:79:38:25:66:DC:BA:C5:C2:7B:D6:F6:A5:C4:0D:FA:2B:CF:A1:32:36:64:46:27:0F:0C
    Fingerprint (SHA1):
        35:1E:76:69:B2:6C:FF:24:02:5C:AA:F5:44:11:19:19:B2:C3:95:D6
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4496: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4497: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174128 (0x25712d30)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:30 2016
            Not After : Mon Jun 28 17:58:30 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:de:74:60:5e:28:7f:e0:1d:77:73:b1:b8:65:75:7e:
                    a5:cb:13:54:1d:af:c3:cd:a0:37:ef:37:f1:09:e8:88:
                    fe:ec:2c:97:09:44:17:07:35:e2:8e:2e:36:8e:5c:ee:
                    a1:c6:a5:15:57:07:90:d5:1d:d3:a3:a2:63:4a:98:e5:
                    9e:28:9d:f8:f0:c6:af:43:94:2c:4f:b0:1d:7d:c7:5d:
                    26:cb:d9:fd:dc:41:a2:5c:8b:c3:2c:dc:66:50:70:ec:
                    70:4e:f6:84:e7:ae:0c:5c:5f:b1:d0:1f:bc:bf:46:dd:
                    20:bc:29:b2:3a:04:5a:6f:5c:6a:37:5e:19:19:c1:a2:
                    cd:3b:eb:78:9c:d5:ce:27:2c:41:2e:57:7c:35:d1:e0:
                    4c:3a:8e:97:d5:f4:76:78:0e:c5:f2:4d:71:ef:1d:65:
                    43:c5:7d:cb:56:b2:09:7c:41:d9:1e:88:71:ae:72:57:
                    ed:2d:77:6b:84:1a:23:06:af:05:87:0e:00:0a:4b:c6:
                    77:b6:88:ed:b5:14:fd:a9:2b:4e:c2:25:06:78:28:0d:
                    df:00:1a:87:61:07:4c:fa:83:13:cc:3c:ed:8d:4f:68:
                    64:fc:57:f3:fb:52:8f:f1:c1:94:8d:d1:09:55:27:10:
                    26:23:14:e0:d9:a8:50:0a:eb:9e:da:d4:88:c6:4d:4f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c0:5c:2e:80:14:2e:c3:15:b3:a9:62:23:7e:f9:ac:3b:
        24:77:fa:a7:de:c6:f2:58:57:c6:47:09:b1:7a:f7:0b:
        df:95:da:6d:b0:df:ea:67:4e:64:b6:32:91:d3:55:79:
        ed:4d:9e:62:d0:fa:5a:8a:48:e5:ce:e9:8c:bf:37:d0:
        fb:58:1a:f7:b1:62:f9:92:c8:3e:b7:0d:a9:b0:24:9f:
        a1:ac:05:31:11:3c:d0:3e:ea:63:c3:2d:83:13:c6:a8:
        ee:45:dd:0a:ed:ad:62:5b:28:c9:09:9e:53:9b:a1:98:
        8f:a4:8b:a9:a7:4a:7a:63:99:82:7c:ea:1c:fd:2a:cb:
        60:1c:c2:3a:9f:73:24:c6:3f:5d:5a:d3:7e:73:e0:ef:
        2c:5f:5e:f9:fe:7b:3d:ee:82:ed:01:76:a2:88:1d:44:
        4f:a4:45:78:5e:be:f2:7b:f2:aa:cd:ef:61:a3:7e:eb:
        6c:69:26:0c:47:44:c7:93:0f:71:e9:f4:59:a3:7b:14:
        f8:44:03:8d:13:a6:5b:56:e0:e6:84:0c:aa:f5:f6:7b:
        d4:a6:5e:47:8a:ec:a5:88:ce:82:bb:f6:c9:c6:d7:a7:
        70:74:e3:d6:4c:fe:65:38:3b:b3:11:3d:fe:63:0a:27:
        6b:5e:b6:0f:e2:53:a5:87:ef:2b:88:c3:2c:7d:9f:60
    Fingerprint (SHA-256):
        2D:03:CE:EC:03:6B:73:4D:6D:55:0B:7A:A9:98:A3:70:DD:1F:78:33:6A:5B:4C:62:E2:F1:01:CE:88:4D:E4:F5
    Fingerprint (SHA1):
        B8:98:1E:E9:0E:3A:9F:BD:41:35:E8:96:A0:1D:99:D3:FF:A5:9E:1E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4498: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4499: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174129 (0x25712d31)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:35 2016
            Not After : Mon Jun 28 17:58:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d4:c3:10:2c:fc:df:5f:d2:96:ac:5e:84:56:c0:49:
                    0b:a0:c3:46:39:a2:78:38:ea:9d:45:ce:44:dc:39:85:
                    48:68:e5:e7:67:88:e4:76:d6:c6:09:f3:f2:66:94:92:
                    43:94:84:40:e3:41:f8:f8:80:26:01:77:71:45:45:7b:
                    7d:cd:2b:65:4d:99:f0:48:3c:0f:4e:8a:da:1b:16:b1:
                    0f:a4:be:1c:6a:bb:f7:7d:84:fe:3b:6b:42:d7:43:14:
                    f3:04:f3:ee:83:45:61:ef:41:b7:f5:aa:3b:2e:fa:c6:
                    9e:c1:6d:f6:a0:82:63:eb:ea:5f:c1:7e:1f:f1:35:90:
                    83:c9:12:fd:91:94:95:f7:5b:1a:73:3e:7d:96:b2:38:
                    b1:3d:8d:0f:56:b0:be:04:4f:19:8e:95:60:c7:0b:4c:
                    5b:e2:b1:d7:80:24:8f:88:60:eb:ee:53:44:0c:b5:51:
                    03:24:9d:6b:50:4b:89:4a:18:d1:67:a2:11:bb:95:c1:
                    42:9a:1a:e2:34:77:23:42:ec:29:63:5c:c1:fb:cb:e4:
                    d2:28:72:63:dc:d3:38:aa:95:ea:cf:31:2f:e3:a2:72:
                    a4:69:28:42:9f:c4:c2:d8:4c:9e:4f:39:f3:3e:3e:b1:
                    7b:0b:31:06:8f:ad:ca:eb:ae:e8:a5:ae:9b:72:49:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:2b:c2:1a:cb:d9:71:7e:15:2f:4f:99:9a:cd:26:de:
        46:8e:5d:b1:30:37:a7:f4:8f:4d:58:27:67:37:d9:03:
        7c:d1:7f:8a:fe:4c:ae:b1:29:4b:7e:d6:f7:c7:63:a0:
        67:ab:0c:bc:f6:d9:cd:37:9d:12:e5:2c:fa:85:4b:b7:
        e9:a4:f9:ec:8b:10:e7:cc:ba:22:cf:fa:29:26:3a:77:
        52:29:df:a2:71:67:42:cb:45:15:a1:08:47:ae:5b:06:
        45:0c:2f:c2:26:c1:94:1a:13:d2:0c:f3:f9:d2:b2:9d:
        e2:0e:a7:f5:04:bb:db:0b:82:12:0c:a5:1a:ff:6b:e4:
        59:bf:e3:03:dc:97:99:b2:df:61:d9:4d:3f:b0:c8:54:
        a0:bb:69:7b:da:40:3a:eb:f7:76:91:7c:61:5a:ad:a8:
        7f:10:72:23:5b:40:14:bd:13:c3:2a:b0:f3:54:0e:8d:
        f5:d9:33:95:30:f7:5b:e9:2f:40:6a:9e:20:dd:62:e4:
        b3:98:42:5c:98:24:b1:5b:29:7c:11:a3:de:5f:af:07:
        cc:00:2c:be:5a:86:b7:9d:eb:92:c1:64:e4:72:30:d5:
        dc:69:58:2e:fd:80:15:d7:3c:c0:5b:84:de:f5:67:cc:
        ac:84:be:d7:d6:0e:f3:5c:b0:91:48:10:3d:2f:dc:37
    Fingerprint (SHA-256):
        7C:FD:CC:80:07:CB:4A:96:FE:9B:EF:80:D6:EB:43:B3:FF:2A:E5:74:B5:C7:C7:2B:4F:47:32:23:1A:C9:E2:2F
    Fingerprint (SHA1):
        70:28:FB:63:44:34:AC:E0:8C:F2:E3:D7:B1:27:59:B1:38:26:59:2B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4500: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4501: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174127 (0x25712d2f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:23 2016
            Not After : Mon Jun 28 17:58:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:a8:5e:0b:d0:38:ba:33:96:c0:c2:e1:15:81:32:b4:
                    7c:89:9b:f2:dc:eb:9c:21:0d:a3:ff:d8:24:1f:55:d1:
                    6e:59:18:b1:c3:5d:7a:6e:2c:a0:13:26:40:1e:95:17:
                    06:ce:96:29:29:fa:39:dc:0c:53:0d:27:88:a4:25:c8:
                    91:fa:94:64:01:37:de:82:75:58:d5:0c:f0:88:d6:19:
                    da:7d:11:51:d7:c5:23:9c:07:09:8a:7c:7c:f3:10:21:
                    35:43:eb:81:a4:7b:65:e0:db:66:b3:eb:0c:8c:fe:35:
                    d7:65:43:71:ef:80:fe:7e:b9:56:40:42:5b:9d:c4:cc:
                    51:19:42:05:8d:1c:cd:5e:5c:1a:8b:2f:e6:ed:94:c0:
                    e2:40:a6:c3:28:8b:91:53:dc:32:42:b0:62:46:33:3c:
                    14:e1:e9:f9:bf:d4:4d:2e:75:1d:27:d4:80:a7:cf:c0:
                    90:a4:f5:16:9c:d0:27:c0:8e:cd:3f:82:81:77:01:5f:
                    e5:c4:b5:57:7f:59:8e:46:68:8b:af:dc:c8:6a:80:53:
                    a7:e9:1e:05:c1:18:d3:5b:c6:10:9c:f9:7e:63:62:dc:
                    7c:a9:fc:15:8c:8c:fc:2d:32:a4:64:3f:a9:40:11:ff:
                    b7:63:39:b3:1d:ab:3d:d5:9d:ca:34:b1:8a:ae:07:a5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:22:d1:a8:10:8c:b9:c6:4f:65:f0:78:7a:4e:79:9e:
        0a:cf:87:20:92:ce:d9:6e:4c:23:a1:f1:2c:ae:2c:85:
        78:93:64:3e:67:4f:fa:6b:5f:bb:bf:70:17:55:c2:a8:
        2f:91:7a:1f:3a:07:fa:d5:09:04:5b:78:d8:ab:60:8b:
        e6:f9:c5:92:a8:66:d5:d8:43:2f:e5:04:8d:b6:65:29:
        62:84:91:de:c3:c0:01:f1:2b:d5:6f:ad:d6:11:2c:a2:
        be:9f:78:66:dc:ef:0f:04:97:97:1b:3e:3a:90:ca:34:
        67:ab:0d:e3:5a:3d:93:f0:01:85:6e:f4:e7:28:50:b6:
        8d:ac:94:fb:60:8e:09:3f:d6:56:d9:c9:5e:fe:9a:f0:
        fe:44:da:e3:25:74:a9:8b:94:ad:5e:33:69:2d:f2:8f:
        01:30:e8:1e:48:a1:ee:db:a3:d5:64:fc:1f:0f:ed:2e:
        54:5a:36:e4:96:bf:29:35:67:eb:35:2d:f7:77:43:6d:
        95:05:b0:0a:53:18:02:3b:90:98:df:39:cd:06:5b:d8:
        d8:fb:96:5a:54:1e:21:7e:43:35:e5:b8:be:e8:94:a2:
        fb:91:f0:f1:56:ac:25:2e:40:d1:6f:ee:8f:6b:da:e3:
        cf:9a:20:34:4b:81:0a:5e:60:d7:ea:fb:31:e9:8a:5d
    Fingerprint (SHA-256):
        80:85:21:47:2D:5B:BF:79:38:25:66:DC:BA:C5:C2:7B:D6:F6:A5:C4:0D:FA:2B:CF:A1:32:36:64:46:27:0F:0C
    Fingerprint (SHA1):
        35:1E:76:69:B2:6C:FF:24:02:5C:AA:F5:44:11:19:19:B2:C3:95:D6
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4502: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174127 (0x25712d2f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:23 2016
            Not After : Mon Jun 28 17:58:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:a8:5e:0b:d0:38:ba:33:96:c0:c2:e1:15:81:32:b4:
                    7c:89:9b:f2:dc:eb:9c:21:0d:a3:ff:d8:24:1f:55:d1:
                    6e:59:18:b1:c3:5d:7a:6e:2c:a0:13:26:40:1e:95:17:
                    06:ce:96:29:29:fa:39:dc:0c:53:0d:27:88:a4:25:c8:
                    91:fa:94:64:01:37:de:82:75:58:d5:0c:f0:88:d6:19:
                    da:7d:11:51:d7:c5:23:9c:07:09:8a:7c:7c:f3:10:21:
                    35:43:eb:81:a4:7b:65:e0:db:66:b3:eb:0c:8c:fe:35:
                    d7:65:43:71:ef:80:fe:7e:b9:56:40:42:5b:9d:c4:cc:
                    51:19:42:05:8d:1c:cd:5e:5c:1a:8b:2f:e6:ed:94:c0:
                    e2:40:a6:c3:28:8b:91:53:dc:32:42:b0:62:46:33:3c:
                    14:e1:e9:f9:bf:d4:4d:2e:75:1d:27:d4:80:a7:cf:c0:
                    90:a4:f5:16:9c:d0:27:c0:8e:cd:3f:82:81:77:01:5f:
                    e5:c4:b5:57:7f:59:8e:46:68:8b:af:dc:c8:6a:80:53:
                    a7:e9:1e:05:c1:18:d3:5b:c6:10:9c:f9:7e:63:62:dc:
                    7c:a9:fc:15:8c:8c:fc:2d:32:a4:64:3f:a9:40:11:ff:
                    b7:63:39:b3:1d:ab:3d:d5:9d:ca:34:b1:8a:ae:07:a5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:22:d1:a8:10:8c:b9:c6:4f:65:f0:78:7a:4e:79:9e:
        0a:cf:87:20:92:ce:d9:6e:4c:23:a1:f1:2c:ae:2c:85:
        78:93:64:3e:67:4f:fa:6b:5f:bb:bf:70:17:55:c2:a8:
        2f:91:7a:1f:3a:07:fa:d5:09:04:5b:78:d8:ab:60:8b:
        e6:f9:c5:92:a8:66:d5:d8:43:2f:e5:04:8d:b6:65:29:
        62:84:91:de:c3:c0:01:f1:2b:d5:6f:ad:d6:11:2c:a2:
        be:9f:78:66:dc:ef:0f:04:97:97:1b:3e:3a:90:ca:34:
        67:ab:0d:e3:5a:3d:93:f0:01:85:6e:f4:e7:28:50:b6:
        8d:ac:94:fb:60:8e:09:3f:d6:56:d9:c9:5e:fe:9a:f0:
        fe:44:da:e3:25:74:a9:8b:94:ad:5e:33:69:2d:f2:8f:
        01:30:e8:1e:48:a1:ee:db:a3:d5:64:fc:1f:0f:ed:2e:
        54:5a:36:e4:96:bf:29:35:67:eb:35:2d:f7:77:43:6d:
        95:05:b0:0a:53:18:02:3b:90:98:df:39:cd:06:5b:d8:
        d8:fb:96:5a:54:1e:21:7e:43:35:e5:b8:be:e8:94:a2:
        fb:91:f0:f1:56:ac:25:2e:40:d1:6f:ee:8f:6b:da:e3:
        cf:9a:20:34:4b:81:0a:5e:60:d7:ea:fb:31:e9:8a:5d
    Fingerprint (SHA-256):
        80:85:21:47:2D:5B:BF:79:38:25:66:DC:BA:C5:C2:7B:D6:F6:A5:C4:0D:FA:2B:CF:A1:32:36:64:46:27:0F:0C
    Fingerprint (SHA1):
        35:1E:76:69:B2:6C:FF:24:02:5C:AA:F5:44:11:19:19:B2:C3:95:D6
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4503: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174128 (0x25712d30)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:30 2016
            Not After : Mon Jun 28 17:58:30 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:de:74:60:5e:28:7f:e0:1d:77:73:b1:b8:65:75:7e:
                    a5:cb:13:54:1d:af:c3:cd:a0:37:ef:37:f1:09:e8:88:
                    fe:ec:2c:97:09:44:17:07:35:e2:8e:2e:36:8e:5c:ee:
                    a1:c6:a5:15:57:07:90:d5:1d:d3:a3:a2:63:4a:98:e5:
                    9e:28:9d:f8:f0:c6:af:43:94:2c:4f:b0:1d:7d:c7:5d:
                    26:cb:d9:fd:dc:41:a2:5c:8b:c3:2c:dc:66:50:70:ec:
                    70:4e:f6:84:e7:ae:0c:5c:5f:b1:d0:1f:bc:bf:46:dd:
                    20:bc:29:b2:3a:04:5a:6f:5c:6a:37:5e:19:19:c1:a2:
                    cd:3b:eb:78:9c:d5:ce:27:2c:41:2e:57:7c:35:d1:e0:
                    4c:3a:8e:97:d5:f4:76:78:0e:c5:f2:4d:71:ef:1d:65:
                    43:c5:7d:cb:56:b2:09:7c:41:d9:1e:88:71:ae:72:57:
                    ed:2d:77:6b:84:1a:23:06:af:05:87:0e:00:0a:4b:c6:
                    77:b6:88:ed:b5:14:fd:a9:2b:4e:c2:25:06:78:28:0d:
                    df:00:1a:87:61:07:4c:fa:83:13:cc:3c:ed:8d:4f:68:
                    64:fc:57:f3:fb:52:8f:f1:c1:94:8d:d1:09:55:27:10:
                    26:23:14:e0:d9:a8:50:0a:eb:9e:da:d4:88:c6:4d:4f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c0:5c:2e:80:14:2e:c3:15:b3:a9:62:23:7e:f9:ac:3b:
        24:77:fa:a7:de:c6:f2:58:57:c6:47:09:b1:7a:f7:0b:
        df:95:da:6d:b0:df:ea:67:4e:64:b6:32:91:d3:55:79:
        ed:4d:9e:62:d0:fa:5a:8a:48:e5:ce:e9:8c:bf:37:d0:
        fb:58:1a:f7:b1:62:f9:92:c8:3e:b7:0d:a9:b0:24:9f:
        a1:ac:05:31:11:3c:d0:3e:ea:63:c3:2d:83:13:c6:a8:
        ee:45:dd:0a:ed:ad:62:5b:28:c9:09:9e:53:9b:a1:98:
        8f:a4:8b:a9:a7:4a:7a:63:99:82:7c:ea:1c:fd:2a:cb:
        60:1c:c2:3a:9f:73:24:c6:3f:5d:5a:d3:7e:73:e0:ef:
        2c:5f:5e:f9:fe:7b:3d:ee:82:ed:01:76:a2:88:1d:44:
        4f:a4:45:78:5e:be:f2:7b:f2:aa:cd:ef:61:a3:7e:eb:
        6c:69:26:0c:47:44:c7:93:0f:71:e9:f4:59:a3:7b:14:
        f8:44:03:8d:13:a6:5b:56:e0:e6:84:0c:aa:f5:f6:7b:
        d4:a6:5e:47:8a:ec:a5:88:ce:82:bb:f6:c9:c6:d7:a7:
        70:74:e3:d6:4c:fe:65:38:3b:b3:11:3d:fe:63:0a:27:
        6b:5e:b6:0f:e2:53:a5:87:ef:2b:88:c3:2c:7d:9f:60
    Fingerprint (SHA-256):
        2D:03:CE:EC:03:6B:73:4D:6D:55:0B:7A:A9:98:A3:70:DD:1F:78:33:6A:5B:4C:62:E2:F1:01:CE:88:4D:E4:F5
    Fingerprint (SHA1):
        B8:98:1E:E9:0E:3A:9F:BD:41:35:E8:96:A0:1D:99:D3:FF:A5:9E:1E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4504: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174128 (0x25712d30)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:30 2016
            Not After : Mon Jun 28 17:58:30 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:de:74:60:5e:28:7f:e0:1d:77:73:b1:b8:65:75:7e:
                    a5:cb:13:54:1d:af:c3:cd:a0:37:ef:37:f1:09:e8:88:
                    fe:ec:2c:97:09:44:17:07:35:e2:8e:2e:36:8e:5c:ee:
                    a1:c6:a5:15:57:07:90:d5:1d:d3:a3:a2:63:4a:98:e5:
                    9e:28:9d:f8:f0:c6:af:43:94:2c:4f:b0:1d:7d:c7:5d:
                    26:cb:d9:fd:dc:41:a2:5c:8b:c3:2c:dc:66:50:70:ec:
                    70:4e:f6:84:e7:ae:0c:5c:5f:b1:d0:1f:bc:bf:46:dd:
                    20:bc:29:b2:3a:04:5a:6f:5c:6a:37:5e:19:19:c1:a2:
                    cd:3b:eb:78:9c:d5:ce:27:2c:41:2e:57:7c:35:d1:e0:
                    4c:3a:8e:97:d5:f4:76:78:0e:c5:f2:4d:71:ef:1d:65:
                    43:c5:7d:cb:56:b2:09:7c:41:d9:1e:88:71:ae:72:57:
                    ed:2d:77:6b:84:1a:23:06:af:05:87:0e:00:0a:4b:c6:
                    77:b6:88:ed:b5:14:fd:a9:2b:4e:c2:25:06:78:28:0d:
                    df:00:1a:87:61:07:4c:fa:83:13:cc:3c:ed:8d:4f:68:
                    64:fc:57:f3:fb:52:8f:f1:c1:94:8d:d1:09:55:27:10:
                    26:23:14:e0:d9:a8:50:0a:eb:9e:da:d4:88:c6:4d:4f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c0:5c:2e:80:14:2e:c3:15:b3:a9:62:23:7e:f9:ac:3b:
        24:77:fa:a7:de:c6:f2:58:57:c6:47:09:b1:7a:f7:0b:
        df:95:da:6d:b0:df:ea:67:4e:64:b6:32:91:d3:55:79:
        ed:4d:9e:62:d0:fa:5a:8a:48:e5:ce:e9:8c:bf:37:d0:
        fb:58:1a:f7:b1:62:f9:92:c8:3e:b7:0d:a9:b0:24:9f:
        a1:ac:05:31:11:3c:d0:3e:ea:63:c3:2d:83:13:c6:a8:
        ee:45:dd:0a:ed:ad:62:5b:28:c9:09:9e:53:9b:a1:98:
        8f:a4:8b:a9:a7:4a:7a:63:99:82:7c:ea:1c:fd:2a:cb:
        60:1c:c2:3a:9f:73:24:c6:3f:5d:5a:d3:7e:73:e0:ef:
        2c:5f:5e:f9:fe:7b:3d:ee:82:ed:01:76:a2:88:1d:44:
        4f:a4:45:78:5e:be:f2:7b:f2:aa:cd:ef:61:a3:7e:eb:
        6c:69:26:0c:47:44:c7:93:0f:71:e9:f4:59:a3:7b:14:
        f8:44:03:8d:13:a6:5b:56:e0:e6:84:0c:aa:f5:f6:7b:
        d4:a6:5e:47:8a:ec:a5:88:ce:82:bb:f6:c9:c6:d7:a7:
        70:74:e3:d6:4c:fe:65:38:3b:b3:11:3d:fe:63:0a:27:
        6b:5e:b6:0f:e2:53:a5:87:ef:2b:88:c3:2c:7d:9f:60
    Fingerprint (SHA-256):
        2D:03:CE:EC:03:6B:73:4D:6D:55:0B:7A:A9:98:A3:70:DD:1F:78:33:6A:5B:4C:62:E2:F1:01:CE:88:4D:E4:F5
    Fingerprint (SHA1):
        B8:98:1E:E9:0E:3A:9F:BD:41:35:E8:96:A0:1D:99:D3:FF:A5:9E:1E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4505: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174129 (0x25712d31)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:35 2016
            Not After : Mon Jun 28 17:58:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d4:c3:10:2c:fc:df:5f:d2:96:ac:5e:84:56:c0:49:
                    0b:a0:c3:46:39:a2:78:38:ea:9d:45:ce:44:dc:39:85:
                    48:68:e5:e7:67:88:e4:76:d6:c6:09:f3:f2:66:94:92:
                    43:94:84:40:e3:41:f8:f8:80:26:01:77:71:45:45:7b:
                    7d:cd:2b:65:4d:99:f0:48:3c:0f:4e:8a:da:1b:16:b1:
                    0f:a4:be:1c:6a:bb:f7:7d:84:fe:3b:6b:42:d7:43:14:
                    f3:04:f3:ee:83:45:61:ef:41:b7:f5:aa:3b:2e:fa:c6:
                    9e:c1:6d:f6:a0:82:63:eb:ea:5f:c1:7e:1f:f1:35:90:
                    83:c9:12:fd:91:94:95:f7:5b:1a:73:3e:7d:96:b2:38:
                    b1:3d:8d:0f:56:b0:be:04:4f:19:8e:95:60:c7:0b:4c:
                    5b:e2:b1:d7:80:24:8f:88:60:eb:ee:53:44:0c:b5:51:
                    03:24:9d:6b:50:4b:89:4a:18:d1:67:a2:11:bb:95:c1:
                    42:9a:1a:e2:34:77:23:42:ec:29:63:5c:c1:fb:cb:e4:
                    d2:28:72:63:dc:d3:38:aa:95:ea:cf:31:2f:e3:a2:72:
                    a4:69:28:42:9f:c4:c2:d8:4c:9e:4f:39:f3:3e:3e:b1:
                    7b:0b:31:06:8f:ad:ca:eb:ae:e8:a5:ae:9b:72:49:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:2b:c2:1a:cb:d9:71:7e:15:2f:4f:99:9a:cd:26:de:
        46:8e:5d:b1:30:37:a7:f4:8f:4d:58:27:67:37:d9:03:
        7c:d1:7f:8a:fe:4c:ae:b1:29:4b:7e:d6:f7:c7:63:a0:
        67:ab:0c:bc:f6:d9:cd:37:9d:12:e5:2c:fa:85:4b:b7:
        e9:a4:f9:ec:8b:10:e7:cc:ba:22:cf:fa:29:26:3a:77:
        52:29:df:a2:71:67:42:cb:45:15:a1:08:47:ae:5b:06:
        45:0c:2f:c2:26:c1:94:1a:13:d2:0c:f3:f9:d2:b2:9d:
        e2:0e:a7:f5:04:bb:db:0b:82:12:0c:a5:1a:ff:6b:e4:
        59:bf:e3:03:dc:97:99:b2:df:61:d9:4d:3f:b0:c8:54:
        a0:bb:69:7b:da:40:3a:eb:f7:76:91:7c:61:5a:ad:a8:
        7f:10:72:23:5b:40:14:bd:13:c3:2a:b0:f3:54:0e:8d:
        f5:d9:33:95:30:f7:5b:e9:2f:40:6a:9e:20:dd:62:e4:
        b3:98:42:5c:98:24:b1:5b:29:7c:11:a3:de:5f:af:07:
        cc:00:2c:be:5a:86:b7:9d:eb:92:c1:64:e4:72:30:d5:
        dc:69:58:2e:fd:80:15:d7:3c:c0:5b:84:de:f5:67:cc:
        ac:84:be:d7:d6:0e:f3:5c:b0:91:48:10:3d:2f:dc:37
    Fingerprint (SHA-256):
        7C:FD:CC:80:07:CB:4A:96:FE:9B:EF:80:D6:EB:43:B3:FF:2A:E5:74:B5:C7:C7:2B:4F:47:32:23:1A:C9:E2:2F
    Fingerprint (SHA1):
        70:28:FB:63:44:34:AC:E0:8C:F2:E3:D7:B1:27:59:B1:38:26:59:2B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4506: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174129 (0x25712d31)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 17:58:35 2016
            Not After : Mon Jun 28 17:58:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9e:d4:c3:10:2c:fc:df:5f:d2:96:ac:5e:84:56:c0:49:
                    0b:a0:c3:46:39:a2:78:38:ea:9d:45:ce:44:dc:39:85:
                    48:68:e5:e7:67:88:e4:76:d6:c6:09:f3:f2:66:94:92:
                    43:94:84:40:e3:41:f8:f8:80:26:01:77:71:45:45:7b:
                    7d:cd:2b:65:4d:99:f0:48:3c:0f:4e:8a:da:1b:16:b1:
                    0f:a4:be:1c:6a:bb:f7:7d:84:fe:3b:6b:42:d7:43:14:
                    f3:04:f3:ee:83:45:61:ef:41:b7:f5:aa:3b:2e:fa:c6:
                    9e:c1:6d:f6:a0:82:63:eb:ea:5f:c1:7e:1f:f1:35:90:
                    83:c9:12:fd:91:94:95:f7:5b:1a:73:3e:7d:96:b2:38:
                    b1:3d:8d:0f:56:b0:be:04:4f:19:8e:95:60:c7:0b:4c:
                    5b:e2:b1:d7:80:24:8f:88:60:eb:ee:53:44:0c:b5:51:
                    03:24:9d:6b:50:4b:89:4a:18:d1:67:a2:11:bb:95:c1:
                    42:9a:1a:e2:34:77:23:42:ec:29:63:5c:c1:fb:cb:e4:
                    d2:28:72:63:dc:d3:38:aa:95:ea:cf:31:2f:e3:a2:72:
                    a4:69:28:42:9f:c4:c2:d8:4c:9e:4f:39:f3:3e:3e:b1:
                    7b:0b:31:06:8f:ad:ca:eb:ae:e8:a5:ae:9b:72:49:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:2b:c2:1a:cb:d9:71:7e:15:2f:4f:99:9a:cd:26:de:
        46:8e:5d:b1:30:37:a7:f4:8f:4d:58:27:67:37:d9:03:
        7c:d1:7f:8a:fe:4c:ae:b1:29:4b:7e:d6:f7:c7:63:a0:
        67:ab:0c:bc:f6:d9:cd:37:9d:12:e5:2c:fa:85:4b:b7:
        e9:a4:f9:ec:8b:10:e7:cc:ba:22:cf:fa:29:26:3a:77:
        52:29:df:a2:71:67:42:cb:45:15:a1:08:47:ae:5b:06:
        45:0c:2f:c2:26:c1:94:1a:13:d2:0c:f3:f9:d2:b2:9d:
        e2:0e:a7:f5:04:bb:db:0b:82:12:0c:a5:1a:ff:6b:e4:
        59:bf:e3:03:dc:97:99:b2:df:61:d9:4d:3f:b0:c8:54:
        a0:bb:69:7b:da:40:3a:eb:f7:76:91:7c:61:5a:ad:a8:
        7f:10:72:23:5b:40:14:bd:13:c3:2a:b0:f3:54:0e:8d:
        f5:d9:33:95:30:f7:5b:e9:2f:40:6a:9e:20:dd:62:e4:
        b3:98:42:5c:98:24:b1:5b:29:7c:11:a3:de:5f:af:07:
        cc:00:2c:be:5a:86:b7:9d:eb:92:c1:64:e4:72:30:d5:
        dc:69:58:2e:fd:80:15:d7:3c:c0:5b:84:de:f5:67:cc:
        ac:84:be:d7:d6:0e:f3:5c:b0:91:48:10:3d:2f:dc:37
    Fingerprint (SHA-256):
        7C:FD:CC:80:07:CB:4A:96:FE:9B:EF:80:D6:EB:43:B3:FF:2A:E5:74:B5:C7:C7:2B:4F:47:32:23:1A:C9:E2:2F
    Fingerprint (SHA1):
        70:28:FB:63:44:34:AC:E0:8C:F2:E3:D7:B1:27:59:B1:38:26:59:2B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4507: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #4508: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174132 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4509: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #4510: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4511: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4512: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628174133   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4513: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4514: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4515: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4516: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174134   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #4517: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4518: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #4519: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4520: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628174135   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4521: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4522: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #4523: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4524: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628174136   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4525: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4526: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #4527: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4528: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628174137   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4529: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4530: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #4531: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4532: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628174138   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4533: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4534: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4535: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #4536: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #4537: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #4538: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #4539: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174132 (0x25712d34)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:13 2016
            Not After : Mon Jun 28 17:59:13 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:a1:59:4c:9e:8a:d0:8c:09:c2:0f:76:19:1f:bd:f1:
                    c3:84:6c:19:a5:9b:f0:dd:21:ee:85:45:21:67:6a:30:
                    5e:c3:a0:55:ab:85:b1:16:d6:8a:73:7d:2a:0e:df:11:
                    17:1c:93:27:b8:ee:0a:22:ec:15:da:96:39:e4:b6:98:
                    56:74:63:0e:82:e9:12:48:ed:30:80:db:43:ec:40:02:
                    7d:3d:85:f8:8a:6c:c0:b6:4f:a6:96:7a:7a:80:db:20:
                    e4:c2:c7:e8:42:d9:c2:03:3e:4f:f9:a8:43:2f:db:9b:
                    bb:a2:9e:ac:55:11:2f:07:33:8d:ef:21:ac:86:e8:e2:
                    74:64:e5:7d:26:1e:7b:df:16:91:0b:92:6a:82:68:25:
                    5a:a0:a6:f9:31:c3:62:d6:c3:9c:e5:c9:b8:69:99:c4:
                    93:e6:83:78:00:0e:69:c1:a4:9c:61:34:26:28:38:00:
                    d6:de:1c:03:18:9b:1d:56:9b:45:e0:27:e0:71:a0:94:
                    4c:73:cb:8f:3e:58:82:0a:f5:cf:4a:02:94:44:4f:b2:
                    62:d3:50:04:98:4d:e3:1a:f4:9d:bd:5e:d4:1b:6a:1e:
                    ec:27:8b:c7:0d:80:e4:0e:22:c9:6b:f8:45:b6:20:cf:
                    65:12:d2:60:1b:0b:43:99:70:8b:1e:d3:52:0a:70:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3b:76:5d:07:4b:31:5f:29:bf:d8:eb:b7:e2:d5:bb:53:
        da:2a:08:5e:33:ae:4f:13:26:20:87:b4:00:3c:ef:80:
        af:cf:c6:11:d8:7f:ea:b5:6e:e8:50:05:dc:d6:96:59:
        ea:f8:2f:99:02:6a:a0:36:49:10:ce:8d:52:b5:bb:84:
        05:f4:96:d9:fd:5b:1e:55:e0:fb:a9:cc:42:cf:6d:40:
        f4:34:8f:c2:94:45:f9:cd:c4:94:cc:a6:87:30:1c:11:
        2f:2b:b1:6c:25:23:2d:de:d6:2d:b1:6e:b7:56:b8:31:
        e1:fd:92:fe:8a:46:53:b8:5c:9b:78:70:bd:ab:7e:a9:
        94:be:b2:3d:59:3e:09:d7:f6:d6:54:f8:80:91:e2:a9:
        06:6c:3f:ef:24:56:bc:7d:1f:f3:00:0f:9d:6b:48:a8:
        f4:71:5a:2c:7a:12:e6:12:7a:ac:df:68:0b:4a:35:e4:
        76:a1:a9:a7:53:a6:04:d9:6b:57:47:d1:08:79:80:d3:
        98:51:25:46:21:62:a9:96:ed:fe:de:93:08:0e:02:ff:
        9b:be:75:3c:5b:78:56:71:9c:29:ed:95:d1:95:e7:2a:
        d8:b4:27:e3:5a:25:c7:3c:34:ef:03:67:1e:3a:6b:76:
        fc:49:93:8b:a2:46:75:07:b5:c8:e6:48:b8:3f:e3:e9
    Fingerprint (SHA-256):
        B7:9B:E6:AC:BE:4F:EB:68:13:F1:AB:58:CC:59:B5:B6:FE:E2:D4:D2:21:E7:05:1D:1B:BE:AD:08:AE:C7:CE:75
    Fingerprint (SHA1):
        E2:69:25:07:F4:9C:09:C2:0D:2B:C8:10:62:7F:38:88:74:80:71:82
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4540: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4541: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4542: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4543: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174132 (0x25712d34)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:13 2016
            Not After : Mon Jun 28 17:59:13 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:a1:59:4c:9e:8a:d0:8c:09:c2:0f:76:19:1f:bd:f1:
                    c3:84:6c:19:a5:9b:f0:dd:21:ee:85:45:21:67:6a:30:
                    5e:c3:a0:55:ab:85:b1:16:d6:8a:73:7d:2a:0e:df:11:
                    17:1c:93:27:b8:ee:0a:22:ec:15:da:96:39:e4:b6:98:
                    56:74:63:0e:82:e9:12:48:ed:30:80:db:43:ec:40:02:
                    7d:3d:85:f8:8a:6c:c0:b6:4f:a6:96:7a:7a:80:db:20:
                    e4:c2:c7:e8:42:d9:c2:03:3e:4f:f9:a8:43:2f:db:9b:
                    bb:a2:9e:ac:55:11:2f:07:33:8d:ef:21:ac:86:e8:e2:
                    74:64:e5:7d:26:1e:7b:df:16:91:0b:92:6a:82:68:25:
                    5a:a0:a6:f9:31:c3:62:d6:c3:9c:e5:c9:b8:69:99:c4:
                    93:e6:83:78:00:0e:69:c1:a4:9c:61:34:26:28:38:00:
                    d6:de:1c:03:18:9b:1d:56:9b:45:e0:27:e0:71:a0:94:
                    4c:73:cb:8f:3e:58:82:0a:f5:cf:4a:02:94:44:4f:b2:
                    62:d3:50:04:98:4d:e3:1a:f4:9d:bd:5e:d4:1b:6a:1e:
                    ec:27:8b:c7:0d:80:e4:0e:22:c9:6b:f8:45:b6:20:cf:
                    65:12:d2:60:1b:0b:43:99:70:8b:1e:d3:52:0a:70:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3b:76:5d:07:4b:31:5f:29:bf:d8:eb:b7:e2:d5:bb:53:
        da:2a:08:5e:33:ae:4f:13:26:20:87:b4:00:3c:ef:80:
        af:cf:c6:11:d8:7f:ea:b5:6e:e8:50:05:dc:d6:96:59:
        ea:f8:2f:99:02:6a:a0:36:49:10:ce:8d:52:b5:bb:84:
        05:f4:96:d9:fd:5b:1e:55:e0:fb:a9:cc:42:cf:6d:40:
        f4:34:8f:c2:94:45:f9:cd:c4:94:cc:a6:87:30:1c:11:
        2f:2b:b1:6c:25:23:2d:de:d6:2d:b1:6e:b7:56:b8:31:
        e1:fd:92:fe:8a:46:53:b8:5c:9b:78:70:bd:ab:7e:a9:
        94:be:b2:3d:59:3e:09:d7:f6:d6:54:f8:80:91:e2:a9:
        06:6c:3f:ef:24:56:bc:7d:1f:f3:00:0f:9d:6b:48:a8:
        f4:71:5a:2c:7a:12:e6:12:7a:ac:df:68:0b:4a:35:e4:
        76:a1:a9:a7:53:a6:04:d9:6b:57:47:d1:08:79:80:d3:
        98:51:25:46:21:62:a9:96:ed:fe:de:93:08:0e:02:ff:
        9b:be:75:3c:5b:78:56:71:9c:29:ed:95:d1:95:e7:2a:
        d8:b4:27:e3:5a:25:c7:3c:34:ef:03:67:1e:3a:6b:76:
        fc:49:93:8b:a2:46:75:07:b5:c8:e6:48:b8:3f:e3:e9
    Fingerprint (SHA-256):
        B7:9B:E6:AC:BE:4F:EB:68:13:F1:AB:58:CC:59:B5:B6:FE:E2:D4:D2:21:E7:05:1D:1B:BE:AD:08:AE:C7:CE:75
    Fingerprint (SHA1):
        E2:69:25:07:F4:9C:09:C2:0D:2B:C8:10:62:7F:38:88:74:80:71:82
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4544: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4545: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #4546: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174139 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4547: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #4548: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4549: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4550: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628174140   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #4551: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4552: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #4553: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4554: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628174141   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4555: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4556: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #4557: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4558: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628174142   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4559: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4560: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4561: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4562: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628174143   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4563: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4564: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #4565: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4566: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628174144   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4567: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4568: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #4569: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4570: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628174145   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4571: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4572: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4573: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4574: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628174146   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4575: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4576: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #4577: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4578: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628174147   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #4579: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4580: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #4581: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4582: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628174148   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4583: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4584: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #4585: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4586: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628174149   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4587: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4588: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #4589: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4590: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628174150   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4591: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4592: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #4593: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4594: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628174151   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4595: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4596: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #4597: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4598: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628174152   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4599: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4600: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #4601: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4602: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628174153   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4603: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4604: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #4605: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4606: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628174154   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4607: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4608: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #4609: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4610: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628174155   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4611: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4612: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #4613: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4614: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628174156   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #4615: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4616: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #4617: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4618: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628174157   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4619: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4620: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #4621: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4622: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628174158   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4623: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4624: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #4625: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4626: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628174159   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4627: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4628: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #4629: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4630: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628174160   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4631: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4632: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #4633: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4634: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628174161   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4635: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4636: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #4637: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4638: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628174162   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4639: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4640: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #4641: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4642: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628174163   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4643: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4644: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #4645: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4646: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628174164   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4647: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4648: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #4649: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4650: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628174165   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4651: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4652: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #4653: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4654: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628174166   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4655: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4656: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #4657: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4658: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628174167   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4659: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4660: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #4661: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4662: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628174168   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4663: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4664: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4665: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4666: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4667: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4668: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4669: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4670: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4671: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4672: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4673: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4674: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4675: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4676: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4677: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4678: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4679: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4680: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4681: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4682: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4683: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #4684: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #4685: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #4686: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #4687: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174139 (0x25712d3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 17:59:54 2016
            Not After : Mon Jun 28 17:59:54 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c9:71:13:26:e7:a9:55:34:d7:34:67:c2:8a:5f:c9:1f:
                    47:ee:07:3f:e2:7f:11:50:21:63:b1:ae:ed:14:35:4e:
                    a9:1d:0b:2f:dd:b3:04:65:6d:1b:cb:63:bc:4a:0d:4f:
                    a3:5d:1e:d5:de:74:52:d1:70:52:8b:00:c1:77:ed:9d:
                    42:c5:3e:e2:62:0d:89:1d:a0:76:97:85:ad:46:09:08:
                    47:40:a5:93:c1:b0:32:90:d2:6b:fe:16:4f:62:1c:19:
                    10:f4:70:59:60:09:9c:4e:34:87:19:56:cb:25:9d:9d:
                    a0:5f:1f:0a:e1:0e:64:96:88:f3:d6:be:b3:28:c0:9f:
                    b2:20:04:cd:d7:80:21:43:eb:6d:37:92:c6:6e:76:6e:
                    57:d9:4a:a4:f6:f4:f0:70:5b:c3:97:fd:2b:cd:b5:ce:
                    2b:07:7e:2e:cb:6a:96:aa:89:86:05:e1:7a:38:b8:38:
                    92:43:13:ba:f1:85:a6:37:31:b9:83:cd:85:59:05:ae:
                    f5:c4:5f:69:af:2a:c0:cc:3b:c8:d0:ab:3c:37:bf:ee:
                    20:07:11:d6:29:53:c0:2d:61:9c:39:64:8f:c9:ad:15:
                    10:ee:be:5c:e4:7a:5c:77:43:1f:9c:92:2b:90:13:46:
                    02:4a:9c:7a:f9:73:49:9b:e0:db:0e:37:e7:2e:b2:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:35:c8:b4:64:c3:45:98:1e:99:f6:61:5c:c7:a6:4e:
        0e:e4:c4:e5:fa:5a:08:83:d5:68:bf:93:4b:4e:60:9a:
        30:31:66:f4:01:02:ed:ff:79:bf:88:cf:01:03:55:d6:
        c8:b3:f5:0f:cc:ae:d7:c4:48:5a:57:b5:7a:b8:b1:51:
        10:9f:4c:f9:fc:d2:e7:5b:a3:de:f5:41:5c:34:17:7f:
        36:5a:bb:9d:8f:b1:2c:7c:84:39:43:b1:f0:0b:b6:6c:
        a6:b9:2c:78:92:5d:70:d1:58:7a:49:cf:d3:87:0a:94:
        bf:cd:5f:7f:0c:e2:bb:15:e0:13:89:27:31:e4:f4:5e:
        78:96:0b:7b:ca:9a:c0:30:4c:0c:68:7a:9e:98:d3:04:
        06:21:3f:8c:84:29:54:d3:5b:95:f9:7e:6a:b6:0f:e9:
        13:5f:07:4d:ff:79:e4:47:75:08:c7:1a:02:1f:3c:f3:
        23:cf:e8:63:40:c4:8e:14:5b:0b:41:19:f1:9d:89:d5:
        b6:9b:f0:35:cc:18:d9:8c:82:6e:4d:2a:b3:3d:2b:ea:
        32:a8:60:c1:ac:12:31:37:8c:5b:5b:a4:02:a7:02:35:
        ab:88:07:bc:b8:47:72:41:64:85:87:e8:6a:d2:cb:de:
        83:47:45:62:d7:8b:e4:b6:0a:71:00:31:70:71:a8:e4
    Fingerprint (SHA-256):
        EE:4E:2C:7E:75:22:86:46:CB:80:7C:2E:02:F5:0E:79:4E:E5:1C:07:13:71:6D:DF:FC:27:CF:08:08:7D:C6:9D
    Fingerprint (SHA1):
        4D:D7:9A:64:60:00:FC:2A:6A:A0:E3:01:F7:8B:43:15:F4:EB:D4:53
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #4688: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4689: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4690: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174169 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4691: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4692: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #4693: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4694: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628174170   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4695: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4696: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #4697: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4698: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628174171   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4699: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4700: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #4701: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4702: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628174172   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4703: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4704: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #4705: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4706: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628174173   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4707: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4708: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #4709: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4710: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628174174   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4711: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4712: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #4713: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4714: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628174175   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4715: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4716: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4717: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174169 (0x25712d59)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:03:32 2016
            Not After : Mon Jun 28 18:03:32 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:f2:dd:92:89:cf:9f:e5:e1:5c:e4:23:51:2d:c7:08:
                    1d:69:c3:7c:d2:00:46:42:bc:71:d6:f7:59:6d:8a:b6:
                    02:a1:59:a7:49:3d:f0:ab:3b:ec:42:f8:14:a7:f6:84:
                    8c:a9:64:a1:82:30:f1:95:2f:45:fb:03:15:9d:a2:04:
                    3d:55:9a:9e:ee:d9:24:df:2b:e5:19:0a:a0:aa:d3:d7:
                    f0:50:b5:b0:7d:a0:1f:f4:4c:53:99:13:4a:14:6b:f8:
                    1b:73:de:32:00:f2:73:d5:98:35:b9:7c:f4:bb:9e:6f:
                    b3:1b:b7:90:f1:29:a3:96:3c:bc:e1:81:86:dd:01:89:
                    78:1d:0c:47:60:e2:be:a5:69:d0:c3:2c:e7:91:4f:d0:
                    8d:10:fa:ac:53:a5:d4:fd:62:f8:d4:86:d9:1d:43:b8:
                    88:b1:57:ef:ad:8e:03:fe:0c:ba:40:3a:97:22:43:bc:
                    bb:7e:33:8e:dc:31:75:32:59:81:e2:ac:76:da:44:9a:
                    04:90:8a:29:5f:be:d4:e6:d7:8a:71:ed:2d:e8:fe:ad:
                    df:a8:96:c4:97:d5:21:60:d2:ac:59:48:52:bb:fc:4d:
                    36:a2:2d:4c:8c:0b:cb:74:fc:c2:79:77:27:78:e8:54:
                    3f:a2:e4:e8:a2:2f:bc:f4:d2:bf:f8:d8:78:9f:3e:dd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ac:e4:fe:7a:d2:11:82:98:47:b5:28:7b:79:c9:c3:ec:
        92:1d:0f:e8:ca:b6:9f:e9:15:a0:12:c9:fa:23:41:d9:
        cd:1e:3d:e0:a5:fa:aa:77:60:28:0b:54:9b:70:60:8e:
        85:74:b0:79:7e:46:5a:8b:23:8e:1f:99:78:1a:e3:f1:
        9a:67:50:60:da:3f:de:71:44:3a:ed:6b:5f:26:55:d0:
        57:0d:6f:f3:56:75:8d:6c:5e:8e:a7:3e:ac:21:92:f6:
        79:51:6d:e7:c9:f1:67:a6:a5:3d:5f:96:31:c7:a9:4a:
        27:f0:a9:42:b4:b8:6f:8a:7f:1c:c0:f0:fd:d2:8f:ed:
        17:2a:f7:9c:c8:e0:61:84:d9:dd:9c:e0:58:ae:54:04:
        8e:07:0d:81:03:75:61:d5:ed:5e:19:7b:f7:2b:48:8f:
        dd:af:d0:58:d6:98:c6:5d:e0:f3:9a:a2:1a:2a:9b:e3:
        20:e4:ef:f1:c4:af:78:c6:c3:79:ec:75:55:86:16:2e:
        70:6f:7a:8a:4e:72:c0:86:e5:ab:bc:88:a1:5c:61:47:
        7a:29:3f:d9:0a:4a:87:b1:fe:05:9a:9e:50:72:ec:fa:
        8f:97:a1:bb:8e:5f:42:e0:e7:c6:87:ba:5e:04:c5:8c:
        82:f3:73:ec:84:0f:67:7a:9b:79:5d:8c:1f:7d:43:1b
    Fingerprint (SHA-256):
        3A:8A:3B:FE:DB:DF:EA:71:E6:4F:A5:53:80:5D:4E:5D:36:D8:CA:3E:22:21:4C:BE:F4:DE:F3:66:E9:EE:BC:13
    Fingerprint (SHA1):
        F5:E9:B8:50:2A:F6:3B:B1:81:95:DF:FE:A0:20:E4:4D:16:79:CF:91
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #4718: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4719: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4720: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #4721: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174169 (0x25712d59)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:03:32 2016
            Not After : Mon Jun 28 18:03:32 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:f2:dd:92:89:cf:9f:e5:e1:5c:e4:23:51:2d:c7:08:
                    1d:69:c3:7c:d2:00:46:42:bc:71:d6:f7:59:6d:8a:b6:
                    02:a1:59:a7:49:3d:f0:ab:3b:ec:42:f8:14:a7:f6:84:
                    8c:a9:64:a1:82:30:f1:95:2f:45:fb:03:15:9d:a2:04:
                    3d:55:9a:9e:ee:d9:24:df:2b:e5:19:0a:a0:aa:d3:d7:
                    f0:50:b5:b0:7d:a0:1f:f4:4c:53:99:13:4a:14:6b:f8:
                    1b:73:de:32:00:f2:73:d5:98:35:b9:7c:f4:bb:9e:6f:
                    b3:1b:b7:90:f1:29:a3:96:3c:bc:e1:81:86:dd:01:89:
                    78:1d:0c:47:60:e2:be:a5:69:d0:c3:2c:e7:91:4f:d0:
                    8d:10:fa:ac:53:a5:d4:fd:62:f8:d4:86:d9:1d:43:b8:
                    88:b1:57:ef:ad:8e:03:fe:0c:ba:40:3a:97:22:43:bc:
                    bb:7e:33:8e:dc:31:75:32:59:81:e2:ac:76:da:44:9a:
                    04:90:8a:29:5f:be:d4:e6:d7:8a:71:ed:2d:e8:fe:ad:
                    df:a8:96:c4:97:d5:21:60:d2:ac:59:48:52:bb:fc:4d:
                    36:a2:2d:4c:8c:0b:cb:74:fc:c2:79:77:27:78:e8:54:
                    3f:a2:e4:e8:a2:2f:bc:f4:d2:bf:f8:d8:78:9f:3e:dd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ac:e4:fe:7a:d2:11:82:98:47:b5:28:7b:79:c9:c3:ec:
        92:1d:0f:e8:ca:b6:9f:e9:15:a0:12:c9:fa:23:41:d9:
        cd:1e:3d:e0:a5:fa:aa:77:60:28:0b:54:9b:70:60:8e:
        85:74:b0:79:7e:46:5a:8b:23:8e:1f:99:78:1a:e3:f1:
        9a:67:50:60:da:3f:de:71:44:3a:ed:6b:5f:26:55:d0:
        57:0d:6f:f3:56:75:8d:6c:5e:8e:a7:3e:ac:21:92:f6:
        79:51:6d:e7:c9:f1:67:a6:a5:3d:5f:96:31:c7:a9:4a:
        27:f0:a9:42:b4:b8:6f:8a:7f:1c:c0:f0:fd:d2:8f:ed:
        17:2a:f7:9c:c8:e0:61:84:d9:dd:9c:e0:58:ae:54:04:
        8e:07:0d:81:03:75:61:d5:ed:5e:19:7b:f7:2b:48:8f:
        dd:af:d0:58:d6:98:c6:5d:e0:f3:9a:a2:1a:2a:9b:e3:
        20:e4:ef:f1:c4:af:78:c6:c3:79:ec:75:55:86:16:2e:
        70:6f:7a:8a:4e:72:c0:86:e5:ab:bc:88:a1:5c:61:47:
        7a:29:3f:d9:0a:4a:87:b1:fe:05:9a:9e:50:72:ec:fa:
        8f:97:a1:bb:8e:5f:42:e0:e7:c6:87:ba:5e:04:c5:8c:
        82:f3:73:ec:84:0f:67:7a:9b:79:5d:8c:1f:7d:43:1b
    Fingerprint (SHA-256):
        3A:8A:3B:FE:DB:DF:EA:71:E6:4F:A5:53:80:5D:4E:5D:36:D8:CA:3E:22:21:4C:BE:F4:DE:F3:66:E9:EE:BC:13
    Fingerprint (SHA1):
        F5:E9:B8:50:2A:F6:3B:B1:81:95:DF:FE:A0:20:E4:4D:16:79:CF:91
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #4722: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4723: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4724: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4725: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174176 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4726: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4727: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4728: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4729: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174177   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4730: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4731: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4732: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4733: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174178   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4734: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4735: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #4736: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4737: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628174179   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4738: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4739: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4740: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #4741: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #4742: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #4743: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174176 (0x25712d60)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:13 2016
            Not After : Mon Jun 28 18:04:13 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:32:a8:be:5f:8b:ec:90:c0:7a:aa:76:89:0d:31:c5:
                    89:ac:3f:81:7f:0b:af:6a:61:0f:c8:9c:f5:0c:5b:3e:
                    48:cf:09:bd:55:bf:45:e7:38:c7:d2:ec:e2:44:c3:cb:
                    5a:15:51:ae:10:26:8b:93:85:69:1a:db:c9:ee:64:5e:
                    84:7f:e1:25:be:87:f0:00:71:65:08:64:e8:88:63:10:
                    67:1c:51:d2:41:09:97:24:c7:7d:07:bd:e5:97:da:a4:
                    15:ff:65:bf:38:f4:0b:a6:7c:cf:2d:42:78:91:48:fe:
                    fa:60:81:28:89:4b:df:55:32:f6:2e:58:69:ed:4b:a3:
                    b4:d5:f0:bb:23:6d:c1:b2:52:04:18:c6:a9:26:cb:5e:
                    19:a4:ca:26:6c:07:77:14:64:53:8d:92:d6:8f:62:a6:
                    75:47:30:30:2b:8b:97:11:eb:e3:84:c9:36:7a:a6:26:
                    fa:c0:bf:95:41:7c:4f:ee:ad:3d:1e:0c:ac:fe:ef:f3:
                    6d:02:e8:9f:c5:b7:5e:64:07:5c:29:3d:d0:37:2c:61:
                    be:02:fc:1e:93:39:b7:59:ee:c5:9b:da:2c:71:9a:d1:
                    7d:f5:22:c0:5d:08:8c:b9:a1:cd:6e:de:78:f3:67:d4:
                    b1:2a:81:bb:04:c8:a5:8d:bc:21:05:69:32:b3:5d:2f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        17:a3:2f:8e:4e:66:98:bd:bb:58:36:0d:81:fb:c7:e9:
        ab:c9:05:55:9d:58:55:2c:cd:79:89:00:ca:ae:b7:02:
        6d:06:db:4e:0e:63:72:c8:b8:91:b3:6d:a0:1d:22:7f:
        3c:1c:4f:54:46:fc:04:2f:19:95:18:36:e7:11:3d:6c:
        9e:b0:82:59:52:43:48:b4:69:d7:7d:70:2b:a5:4b:ad:
        fd:8b:c8:10:24:1d:47:bf:e0:9a:4c:74:c2:97:f4:17:
        49:d8:70:2b:61:72:e4:f8:6b:27:20:fa:99:9b:4c:23:
        f3:a1:66:af:c9:8e:7a:25:c6:c9:cc:56:99:ad:77:3a:
        99:81:66:ef:fe:b0:4a:d8:cc:94:ce:86:10:44:b5:50:
        7a:cb:aa:7d:3d:a4:f6:97:d4:9d:6f:81:3f:a1:1b:77:
        c9:98:73:f8:b0:8c:83:8d:4e:5d:54:8c:2b:4c:c1:51:
        e6:0e:f1:b7:1b:32:44:84:ec:35:68:63:45:47:77:25:
        3b:ec:cf:fd:32:07:7a:cd:2e:85:0c:95:4d:a4:bf:b6:
        6e:86:8c:cd:f8:94:5d:34:0b:0c:20:07:90:a1:7c:3c:
        97:d5:6e:03:5f:62:f3:39:c4:f7:e7:f8:d4:6a:fa:bd:
        4b:00:d8:e5:26:9a:55:3c:f8:38:cb:4f:aa:7b:73:91
    Fingerprint (SHA-256):
        CD:4D:96:D7:CD:93:E1:1A:B5:F6:50:54:9C:11:20:19:1D:D3:59:B1:2B:A9:A4:16:8A:1F:35:30:EC:20:22:F8
    Fingerprint (SHA1):
        C0:E9:EE:82:31:00:58:F6:66:1E:8A:4C:91:8C:0E:52:A3:6E:45:21
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4744: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4745: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4746: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174177 (0x25712d61)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:16 2016
            Not After : Mon Jun 28 18:04:16 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b9:09:b5:7d:02:c8:71:9d:d7:80:94:f8:41:80:6a:b2:
                    c6:d2:17:56:aa:ab:f6:e7:c4:c7:b1:c8:f2:4f:51:1b:
                    02:e5:fa:c2:4c:17:34:fa:69:b6:f8:33:22:4f:6b:77:
                    e6:6d:d5:a1:e3:c9:2c:17:b1:88:96:c2:8c:e3:86:7c:
                    ef:22:ad:9a:ed:a3:9a:f7:b6:c6:f1:5e:fc:90:66:12:
                    e8:2f:8e:a7:d6:82:f1:44:f0:3d:87:c5:af:c1:f8:1a:
                    3d:23:ba:11:e9:d4:19:fd:08:a3:2c:be:79:61:ef:2d:
                    5f:b3:bf:30:09:93:d7:c2:1a:50:b4:0f:81:ac:9e:17:
                    c5:c2:e7:dc:d6:4d:61:a2:7d:ce:80:8a:6e:14:af:b3:
                    54:03:2b:fe:da:fe:da:25:2b:55:18:c7:79:06:51:03:
                    77:79:9f:34:5d:b7:15:1e:99:eb:a5:b3:02:5f:31:fa:
                    5e:ff:3d:ba:ab:00:46:22:f9:c1:8a:3a:84:58:85:4d:
                    b0:16:43:77:99:85:53:55:7a:69:10:e0:f1:bf:1e:0f:
                    16:23:e5:22:9c:47:f6:4e:3d:1b:e8:66:29:0b:d9:08:
                    02:c9:31:79:23:3a:a8:07:55:ee:15:e1:fa:8c:9d:af:
                    ce:08:bc:79:7d:91:eb:e3:a4:8d:33:0f:8d:77:b0:8d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2a:e0:72:5d:48:41:9a:cd:42:46:09:6b:f4:d4:72:a3:
        d6:af:66:df:13:66:0e:cf:7c:4e:a2:3c:67:01:f6:09:
        5c:c2:d5:a3:ec:43:a3:2c:d8:39:7a:a7:82:cf:29:c6:
        5f:85:36:15:db:43:e8:1e:5b:98:5a:f7:fa:74:70:34:
        9e:cf:00:18:57:88:1f:02:72:e6:c7:4a:fe:5d:05:04:
        19:f1:7d:a2:95:76:9f:1a:07:8c:49:e0:9a:b3:c1:0c:
        16:7d:97:13:e9:f0:9e:09:6c:ed:6f:9b:38:a4:2d:7c:
        62:cd:ec:01:c5:3e:c6:84:ff:b6:73:6c:db:ee:a4:83:
        5d:17:6b:3d:12:69:07:88:88:fe:ec:41:97:89:3c:ca:
        b2:13:a6:21:72:5c:a9:f0:ae:68:df:d8:f9:12:79:2e:
        17:40:b0:06:e7:7e:da:ff:c2:dd:1d:8b:33:9b:8c:3f:
        63:dc:fb:d8:a0:f9:1a:6e:af:b1:96:36:07:b7:92:08:
        fb:4a:b3:52:70:d2:a0:36:8c:83:3c:f7:99:88:9e:50:
        a5:dd:89:cf:94:f5:4f:df:42:87:91:1f:8d:3a:a2:ec:
        1e:40:49:be:6e:76:a2:44:68:fa:e5:a7:93:be:02:29:
        16:1d:1b:8c:ec:03:cb:73:52:ad:83:dd:1e:e7:bd:a0
    Fingerprint (SHA-256):
        B2:1B:6C:CB:9F:EF:F1:8A:61:E0:6D:55:A4:08:F1:57:74:99:56:37:89:26:65:81:D5:E9:B7:B7:2A:20:7B:EF
    Fingerprint (SHA1):
        00:BF:92:9E:6B:7D:54:9F:2E:70:95:EB:24:73:1B:E3:B9:6B:58:4A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4747: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4748: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174178 (0x25712d62)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:20 2016
            Not After : Mon Jun 28 18:04:20 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:08:fc:91:db:71:c3:03:57:28:35:38:db:d4:f1:59:
                    ce:ef:6e:7a:d3:20:e2:52:af:69:45:9c:3d:10:0f:8c:
                    80:de:37:10:b6:36:9a:ba:05:dd:62:d5:79:1f:eb:ec:
                    39:a2:88:83:be:21:59:6f:a0:22:62:e4:8c:cd:95:1f:
                    e1:30:19:83:f4:7b:5b:16:1a:90:83:4c:51:2b:05:4e:
                    27:af:a8:c5:8e:49:22:90:5d:1e:67:9b:b0:bf:f5:ce:
                    41:8e:ed:57:60:c5:c0:67:58:2d:ea:8d:77:ed:62:23:
                    db:b5:45:3d:56:a7:53:d9:42:8f:6b:2f:73:26:1a:c1:
                    76:f7:b7:ac:73:03:06:59:4d:38:7e:f0:6b:c5:ca:0e:
                    35:f6:e3:45:ef:30:d5:8b:e7:ff:fe:93:67:45:b7:8d:
                    26:71:13:70:e1:f0:be:4e:5d:17:70:48:ef:14:17:1f:
                    1c:67:50:1e:e1:4a:9b:52:86:26:69:0d:5f:96:a2:c8:
                    59:88:00:4c:27:b6:3f:67:9e:5e:39:52:e9:e4:35:4d:
                    2c:f3:98:bc:1f:07:2e:95:28:bf:14:d1:f8:b8:1c:af:
                    8e:3a:c4:fc:12:51:d7:9e:3b:06:6a:7a:53:3b:b4:60:
                    3f:97:ca:e0:7c:c7:e4:64:60:f6:0d:24:de:45:30:17
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        44:e2:b5:3d:42:b1:47:72:77:43:07:64:f7:e0:8a:0b:
        b3:2c:86:a0:92:68:b0:24:d7:ee:ed:cb:47:96:88:bf:
        23:82:bf:53:ff:6d:7e:f3:aa:de:10:e4:1b:4d:34:75:
        62:1b:40:03:d8:be:65:49:45:7c:3f:d4:09:2b:92:03:
        32:d1:3a:41:59:a9:e0:b4:2e:fd:3d:fe:76:12:48:7d:
        78:91:25:75:ad:cc:81:35:42:4c:0e:6c:15:ee:b0:05:
        da:cd:b6:97:fa:86:d9:20:cf:27:f1:46:ff:f4:55:be:
        a6:96:b5:fe:a8:57:3c:a5:b6:fc:11:ee:34:29:84:74:
        49:6d:55:b8:10:05:2c:49:eb:07:8b:88:e8:15:1a:c6:
        95:7e:7f:1e:b5:46:ff:7f:6b:26:23:94:24:49:d2:cc:
        1b:90:b9:a1:96:05:21:8c:07:83:70:23:28:22:f8:12:
        27:98:e4:b4:8e:e6:72:18:f8:90:1d:b3:97:45:2c:09:
        f2:6d:71:41:2b:d8:d6:19:99:1c:ed:09:ee:76:de:0c:
        d6:ee:bf:34:99:72:99:75:35:a5:e7:69:40:07:8e:df:
        7a:00:75:77:70:43:c8:41:f8:af:85:aa:9a:d8:d9:07:
        36:ac:8c:78:71:d7:fc:08:6b:a3:cb:c3:7f:f4:50:8b
    Fingerprint (SHA-256):
        D6:26:A3:DE:D3:4E:23:6E:3A:6E:AE:DB:EB:86:47:D3:6A:99:36:15:F5:8F:13:98:1D:B4:99:C1:70:1D:6F:0C
    Fingerprint (SHA1):
        A9:E2:FE:0D:C6:F6:7F:66:03:68:5D:10:21:41:CE:23:73:F5:26:0E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #4749: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4750: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174180 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4751: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4752: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4753: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4754: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174181   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4755: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4756: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4757: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4758: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174182   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4759: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4760: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #4761: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4762: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628174183   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4763: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4764: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #4765: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4766: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628174184   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4767: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4768: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4769: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #4770: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #4771: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #4772: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #4773: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174180 (0x25712d64)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:29 2016
            Not After : Mon Jun 28 18:04:29 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e3:92:03:2d:ae:0a:90:4b:07:a0:bd:30:49:32:ed:64:
                    7e:e5:98:a7:3b:f3:12:c1:6b:02:ce:29:f9:ff:13:83:
                    a4:00:a4:dd:b6:ff:ff:dc:c4:af:85:bd:ef:b6:e8:9f:
                    b2:68:c2:4f:f8:60:c9:dd:3a:d8:41:a8:88:f0:4c:7f:
                    d7:20:a5:3f:a7:8d:a3:9f:35:3c:db:fb:b3:83:ee:e5:
                    19:57:3e:19:7d:88:ee:59:5e:20:ca:13:01:02:34:3f:
                    87:56:45:6e:63:61:af:a2:9f:c8:5e:54:b0:74:b7:85:
                    35:8d:16:e3:f6:aa:ec:57:58:4f:a2:cd:8b:1c:cb:2c:
                    29:46:7a:da:19:d5:a7:9c:a6:48:e1:93:e6:ad:1c:d0:
                    13:d1:54:61:67:25:ba:b5:ac:a9:be:0c:c2:b5:4f:19:
                    96:d1:b4:a3:c0:0f:d2:2e:7a:d6:1b:96:01:f4:e0:f4:
                    5b:6f:29:d1:dd:1e:94:5b:7b:cb:2b:df:f7:a2:56:0f:
                    06:29:ab:16:c1:43:f0:8c:99:5a:dd:30:75:92:1b:90:
                    d2:6e:72:74:91:94:e8:00:1e:15:24:e8:af:5a:3d:4b:
                    1a:bc:cf:3e:cf:74:b2:8c:51:cf:bd:eb:fd:f9:63:83:
                    f8:24:f6:04:40:49:a7:18:62:4b:28:3a:a6:a7:9c:99
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:50:3f:17:9e:b6:87:a0:5a:e9:08:8e:8a:ac:29:42:
        e3:6d:22:76:ab:c5:31:96:40:3b:4b:43:44:13:31:48:
        6c:76:cb:22:1c:fa:d2:6c:50:a2:43:9b:59:43:bc:e4:
        48:0c:d7:16:b7:40:2a:90:69:52:86:2f:31:41:a3:24:
        23:f9:1f:33:ad:46:4e:49:bf:9c:10:62:22:86:6b:21:
        5b:80:cf:86:97:5f:72:16:da:1f:c0:2b:60:3e:1f:05:
        46:bd:0f:01:db:6c:97:fb:02:25:f3:04:e4:49:f2:06:
        8d:13:ee:c4:ce:9a:db:6d:21:26:56:f1:fb:77:97:5e:
        46:6b:15:48:fd:41:06:12:c9:77:c8:f1:52:e2:6d:91:
        95:89:5d:e7:dc:6f:23:62:1c:d8:21:b5:ba:1f:0d:10:
        07:d8:02:e1:92:b3:5c:c1:d6:79:9e:08:55:24:b9:3b:
        0b:31:65:09:05:ed:57:84:e4:82:4d:16:b3:b1:3b:a1:
        05:91:28:76:5e:e8:43:fc:38:3a:6f:ac:51:75:9a:1e:
        0c:cd:e4:a0:91:4f:b0:5d:17:24:db:28:be:62:c3:6e:
        a2:ad:ca:ae:dd:c6:55:a9:4e:82:f7:97:10:01:7b:48:
        20:56:6b:74:97:fd:0b:34:60:49:af:7d:ce:d4:c7:41
    Fingerprint (SHA-256):
        AD:4C:B0:7A:2B:55:2E:7E:77:D3:96:AE:0E:B8:0B:80:66:AC:32:A0:8F:0A:94:5B:B5:CA:D9:3E:CF:46:FE:96
    Fingerprint (SHA1):
        C0:5B:B3:D2:23:31:03:16:DC:35:BD:8A:A7:78:D0:D0:6E:82:DA:40
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4774: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4775: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174181 (0x25712d65)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:33 2016
            Not After : Mon Jun 28 18:04:33 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:08:88:1f:09:77:d1:9f:fc:bb:46:71:aa:ba:fe:7e:
                    79:51:14:70:31:eb:65:60:32:58:19:71:55:67:ef:d5:
                    93:0b:89:59:d9:c3:88:b0:c9:a1:4c:9f:bc:51:22:f3:
                    0e:e2:65:ff:e9:a9:cc:ae:e7:b6:30:40:14:62:bf:9a:
                    30:2f:b2:1d:68:54:20:c8:f4:ae:6c:0a:a5:92:18:a0:
                    d8:e7:6d:33:7f:93:b1:63:0b:99:07:6e:bb:8f:96:b5:
                    13:2e:b8:6f:aa:e1:6f:16:2c:48:8b:ec:8b:c9:af:a4:
                    9a:09:15:44:4a:07:d9:ba:16:2e:1a:89:1b:78:39:05:
                    6c:88:a7:3a:f1:8a:9a:41:fe:4f:e6:a7:2f:e6:bc:e3:
                    6d:73:4b:0b:17:8e:05:91:aa:f1:92:f9:47:49:46:1e:
                    9c:21:4d:ef:d4:a9:1b:4a:19:12:1d:16:57:ee:fb:a3:
                    ac:af:24:cb:41:bd:4c:f8:5b:98:10:3c:c4:67:62:21:
                    82:d8:fe:8d:7a:aa:b3:a6:7a:43:ef:8f:1e:25:99:ba:
                    bc:44:14:5e:26:47:8b:1e:2f:b9:b8:84:df:c5:ad:0c:
                    21:2e:51:59:17:d1:f0:f4:e0:9f:ad:f9:64:ad:3f:89:
                    d7:17:c2:77:05:d9:47:75:79:f6:08:a9:eb:83:56:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        74:9b:30:56:ab:8e:36:d3:d6:9d:35:df:24:ba:09:c3:
        c7:a0:70:a6:d6:48:4a:e2:d2:94:45:c5:b6:43:05:a7:
        43:b5:11:bc:e1:13:5d:58:6e:f3:e6:58:f5:43:82:14:
        cb:a4:3e:14:65:39:d4:71:98:85:50:d6:c1:c8:15:63:
        1a:3e:b4:f1:0e:a3:45:db:4e:6c:fc:5e:65:fb:ea:99:
        8e:30:37:f2:4f:3c:80:a1:82:fd:fd:87:65:08:74:01:
        41:59:44:34:29:11:31:d8:19:60:e1:02:c2:fd:0a:0b:
        ab:60:eb:3d:ec:4a:da:f0:7a:35:2e:83:72:86:22:ab:
        7e:b9:b4:2a:bc:5b:93:d4:ef:97:63:11:45:24:82:e2:
        b9:f3:cd:b4:cb:05:c8:27:61:6a:4b:d8:77:5b:9e:38:
        87:4f:16:d9:c3:42:50:ed:70:29:7b:eb:cd:09:de:cf:
        68:be:d8:80:88:0a:2f:c9:56:70:e4:55:d7:a8:62:c2:
        b6:d5:e1:3b:1d:3e:7b:dd:9d:0b:ba:f1:f4:14:53:b6:
        15:56:e6:b7:93:34:e8:d3:24:d4:b6:df:32:b5:55:8d:
        2b:d2:f1:e5:7d:b5:72:a8:53:8d:e1:f7:77:48:f4:72:
        3a:85:6f:8a:e4:4c:50:31:7d:e6:d2:d9:db:88:33:25
    Fingerprint (SHA-256):
        74:36:3F:A8:75:27:A0:AD:D2:38:06:6A:23:C7:8E:9F:40:78:36:46:DE:1B:17:B9:5E:27:43:AF:40:FF:1C:5D
    Fingerprint (SHA1):
        96:68:E5:B5:06:13:52:27:2F:B6:59:14:88:41:5D:77:D4:CF:AB:BC
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4776: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4777: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4778: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174182 (0x25712d66)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:38 2016
            Not After : Mon Jun 28 18:04:38 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:9d:16:92:f0:c8:e6:29:b6:c7:21:a3:45:34:ae:ef:
                    98:e4:76:7d:78:ff:0c:68:c4:93:34:9f:98:37:2b:fb:
                    39:f2:eb:8e:74:2c:d4:9b:59:6e:74:87:68:7b:a6:0a:
                    21:c7:a5:6e:50:d1:d2:1b:41:24:bc:e1:06:4a:df:49:
                    b2:62:58:23:bd:1f:28:e8:24:55:82:4d:55:1a:74:38:
                    4b:c0:2a:90:4a:27:3a:e2:84:7b:f0:18:c0:ec:e1:e4:
                    09:b9:63:c3:d0:c8:9c:34:d1:38:13:de:0c:e1:d2:18:
                    0e:5b:79:61:c9:09:56:30:59:7d:7e:2d:4c:ff:26:10:
                    68:07:58:3c:0d:f7:ee:fd:b0:16:da:02:4b:23:30:c2:
                    81:ad:4e:2e:63:e4:1d:16:50:af:bb:c9:fa:10:cc:cd:
                    3e:b7:42:d0:25:1c:78:fb:84:e0:6a:6e:9b:a9:30:9d:
                    ff:7c:a3:d7:14:9d:28:66:d4:7a:52:7d:a8:43:31:4f:
                    07:83:a3:fc:2a:75:70:f8:ee:2e:51:3f:95:28:54:67:
                    73:f2:6d:1d:82:e5:7b:e5:8e:e3:27:f1:e4:b6:fc:5b:
                    e0:39:8c:d9:cb:ef:1b:6f:3e:ca:d3:67:e1:1c:ca:f9:
                    89:7b:8e:8e:c2:39:95:12:30:36:d4:10:9d:ab:1f:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        28:9e:dd:d5:df:1b:89:00:73:fd:44:97:c3:d6:8b:d5:
        01:ac:19:77:b8:24:85:84:5e:34:3f:89:b5:63:35:f2:
        7e:bc:a9:aa:13:f1:6c:60:fe:39:62:a0:ea:cc:95:9a:
        d3:0d:0e:18:6d:f1:3e:a5:8d:3b:98:77:7e:0d:90:13:
        bc:29:85:43:6a:b2:6e:0a:a1:f1:ef:d6:a6:de:0d:11:
        0b:73:7c:1e:f2:6c:49:88:f6:7b:e0:de:c7:f8:4b:0b:
        48:17:18:13:12:76:8e:71:d4:4f:db:60:b8:f7:20:c1:
        82:65:ce:aa:ff:6a:a5:b3:a6:26:be:8d:90:9e:c9:e1:
        6a:b8:fa:8b:77:33:f1:95:4c:cf:db:2d:6a:b1:99:eb:
        da:2b:8d:69:fc:32:53:04:16:3f:62:21:91:35:7f:bc:
        7e:77:b7:e0:35:3d:21:90:0c:39:6c:25:49:70:1c:c4:
        bb:51:f1:79:d2:81:20:c2:ed:87:03:23:c2:a0:5e:4a:
        7f:a3:ec:7c:e1:bb:c2:b1:81:fb:10:06:4e:1a:fc:ab:
        86:d1:6e:bc:75:4e:fe:10:02:95:ae:0c:bc:7c:62:62:
        8f:b7:c6:e4:18:0e:84:f2:4c:28:84:d7:e7:0f:94:94:
        64:83:d0:84:a2:3b:e8:e9:16:4b:41:0c:3f:71:8c:0d
    Fingerprint (SHA-256):
        69:86:6C:6F:A6:80:61:B9:01:59:90:05:2D:6B:0B:C0:4F:10:51:54:C4:19:6C:B4:99:F9:48:04:06:FE:6D:1F
    Fingerprint (SHA1):
        7B:30:02:F3:8F:73:E0:FC:CF:AE:65:D2:B7:18:53:08:87:B1:F3:4B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #4779: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4780: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174185 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4781: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4782: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4783: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4784: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174186   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4785: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4786: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4787: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4788: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174187   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628173964.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4789: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4790: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #4791: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4792: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628174188   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4793: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4794: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #4795: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174185 (0x25712d69)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:04:53 2016
            Not After : Mon Jun 28 18:04:53 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:d3:f5:c9:cb:04:95:74:09:e9:7c:f9:e9:bd:10:b7:
                    ad:8c:c5:ce:9c:26:0c:34:f5:88:e4:5d:96:a9:d3:53:
                    49:7f:58:92:30:42:c1:1e:71:bd:ac:1b:5d:b4:74:36:
                    19:ad:8d:68:b3:ea:ae:20:0c:b5:ef:f6:3a:e4:a4:2a:
                    ed:ff:a3:6d:36:a2:04:b1:8c:f8:d3:e0:16:2d:35:4d:
                    f6:40:2b:8b:a5:f6:08:c0:ff:f8:ec:de:16:95:01:0e:
                    03:80:7f:8b:f7:01:a4:01:fa:5f:11:94:37:a7:3d:bd:
                    29:c5:75:8e:7f:8d:b8:d8:5a:17:38:0f:bf:6c:4f:3f:
                    d0:56:20:17:06:25:03:f1:82:53:dd:10:48:db:c2:0d:
                    91:28:e0:d3:b2:10:ae:8e:ba:fa:a6:7d:dc:1d:1f:00:
                    88:79:e9:69:98:58:77:0f:cd:18:d4:3b:b8:ff:d0:12:
                    27:42:8b:28:a9:d5:e5:51:1b:09:f7:20:35:4b:fb:e3:
                    ce:d6:4c:56:a4:41:22:cd:e3:40:05:b1:b2:37:c3:dc:
                    82:aa:73:ae:80:90:2a:6a:45:6b:28:63:fa:59:e0:fc:
                    94:fa:a7:66:ad:3d:01:bd:07:1f:cb:8d:7a:e3:3d:45:
                    52:05:f2:f4:70:fa:1e:ca:ad:87:a1:f7:a6:6b:aa:eb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:6d:6a:d7:51:4e:9e:99:e5:d0:45:c5:24:4b:f1:3f:
        eb:8e:18:2c:a1:54:2b:81:ca:18:18:e8:ac:b6:67:be:
        83:54:17:1a:83:fd:10:1b:ab:cd:e7:96:03:86:e0:56:
        51:3a:ca:fc:41:9c:71:ac:15:48:b0:4e:cd:53:e1:00:
        f1:2c:13:20:b7:1c:1b:82:c1:15:a4:de:c0:e5:72:86:
        76:7a:cb:ff:bf:56:dd:ae:18:57:39:ec:69:57:cf:84:
        c3:ba:9a:a2:ac:c8:54:8d:f6:80:aa:db:6e:b1:f1:ca:
        38:86:b3:69:e2:99:44:be:48:99:9f:95:43:ce:32:ca:
        a3:59:f0:2c:29:75:bf:fc:da:d0:d3:5d:4a:0f:65:87:
        b7:97:c9:9e:e5:33:e7:91:e8:ef:b4:fd:cf:f8:20:9c:
        8e:4a:b7:f0:17:a9:ef:7c:38:78:e0:7e:fd:3b:00:e0:
        45:a1:20:9e:65:a4:c7:1e:82:ca:60:70:76:e3:de:c4:
        7b:a8:14:11:87:46:09:be:6f:d9:a2:6b:8d:b2:2f:2d:
        8d:0b:ef:9f:3f:39:0f:66:88:1a:28:15:44:0a:b2:01:
        05:f2:b6:53:9d:09:04:9e:ca:01:4a:fa:1c:90:bb:39:
        d3:02:d9:94:b8:0f:b7:ca:d2:a1:4d:8f:ce:fa:92:ff
    Fingerprint (SHA-256):
        7B:64:8F:50:73:37:F8:53:01:93:51:A6:8A:74:5B:3F:4A:33:EC:21:9F:71:10:3D:33:E5:7F:B6:D1:0A:B3:6E
    Fingerprint (SHA1):
        EB:39:C3:D2:BE:81:1B:DD:79:DE:A6:63:8A:92:C1:E3:8B:C1:2E:6E
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4796: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4797: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174189 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4798: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4799: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4800: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174190 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4801: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4802: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4803: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4804: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628174191 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4805: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4806: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628174192 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4807: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4808: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #4809: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4810: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4811: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174193   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628173965.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4812: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4813: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4814: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4815: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174194   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4816: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4817: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4818: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4819: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174190 (0x25712d6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:28 2016
            Not After : Mon Jun 28 18:05:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:dc:db:c9:60:cd:0e:a0:fe:11:d1:be:10:ad:29:cf:
                    3d:c2:6a:d6:3e:cf:b2:f4:0c:c1:37:88:e0:ed:94:c2:
                    cd:dc:f5:1d:62:53:c3:66:fd:c2:88:c4:9e:8c:7f:ca:
                    16:4a:82:c3:f6:3e:2b:32:35:ab:6d:86:37:d5:f3:03:
                    29:f4:63:54:b5:09:29:bc:97:bd:24:df:35:da:bd:45:
                    8d:73:03:51:b0:89:de:c4:db:98:66:0d:dd:2c:32:97:
                    78:f3:8d:42:b2:a9:ee:4e:8b:14:fa:4f:a5:79:43:e8:
                    fd:1d:0f:ad:54:74:ce:a7:09:9c:0d:72:da:0b:e0:91:
                    7a:76:bd:41:1a:df:8f:c8:eb:80:67:e0:8b:63:b1:2d:
                    16:77:2a:db:60:ed:13:bc:bd:cb:c5:66:5d:47:47:04:
                    e6:bf:c9:30:fe:60:ee:fc:53:c0:d3:54:3a:da:92:83:
                    05:58:50:b5:5b:77:69:d9:08:50:2b:9b:83:2b:b1:23:
                    b7:28:7b:9a:4e:79:fd:16:78:c9:fc:2a:a7:f7:f5:8c:
                    f8:c1:24:b9:f7:fc:dc:47:5c:f2:e9:93:d3:ae:8e:1f:
                    10:55:f2:68:e5:84:3f:33:92:b7:79:8b:f8:bd:1c:6f:
                    b0:24:9d:b5:6a:08:c8:b6:8c:da:b7:e6:9b:4d:fa:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b3:70:f7:bd:de:a3:43:91:0e:61:b8:6e:20:6b:5b:24:
        b8:52:90:b1:88:67:1b:86:02:06:5b:48:d0:45:90:58:
        72:42:17:63:db:66:76:00:59:9e:b3:a4:d5:70:22:77:
        0f:89:b3:5b:60:a7:de:74:7c:08:5d:64:bb:90:fa:92:
        38:e1:f6:e4:5a:75:f6:f0:e4:68:c3:75:47:44:c0:ca:
        4e:6a:fa:c9:d1:b2:e5:6d:85:10:25:89:aa:28:e3:4e:
        d3:4d:71:3f:17:a3:da:46:c4:a1:47:ea:6e:f1:a8:c1:
        aa:01:3f:a4:0a:4e:55:69:c4:14:fa:36:9f:cd:6a:a3:
        d3:eb:9a:2f:a7:53:11:86:2f:ce:0d:e2:e4:f1:b6:88:
        4a:0c:00:a9:7c:12:2b:14:1e:4f:15:51:b6:a4:05:c1:
        5d:d8:9c:a0:2d:ee:f6:08:1a:d7:ac:63:0b:59:de:9f:
        92:93:ba:a1:44:52:be:9d:6a:57:a4:d5:ce:fd:ce:a2:
        83:56:94:41:c4:9b:dd:24:4a:fe:a1:b8:e3:7e:78:6b:
        25:8d:f6:94:7c:a6:67:df:d3:21:8c:63:0d:35:96:56:
        a6:6f:ee:c7:e8:a1:77:c1:62:d9:2b:b4:5c:58:cb:f1:
        10:7e:e6:7a:a1:d6:38:7d:56:2f:b8:4a:d7:2c:dd:73
    Fingerprint (SHA-256):
        EF:AB:99:1F:5D:A4:C5:69:86:72:55:51:00:B3:5E:56:4D:75:87:BE:A5:8E:2F:8B:8A:7C:69:16:8C:D9:FE:2F
    Fingerprint (SHA1):
        45:AE:D1:35:A2:1E:0D:15:E9:F7:1E:47:4B:92:A5:B2:EB:6B:3F:26
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4820: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174190 (0x25712d6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:28 2016
            Not After : Mon Jun 28 18:05:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:dc:db:c9:60:cd:0e:a0:fe:11:d1:be:10:ad:29:cf:
                    3d:c2:6a:d6:3e:cf:b2:f4:0c:c1:37:88:e0:ed:94:c2:
                    cd:dc:f5:1d:62:53:c3:66:fd:c2:88:c4:9e:8c:7f:ca:
                    16:4a:82:c3:f6:3e:2b:32:35:ab:6d:86:37:d5:f3:03:
                    29:f4:63:54:b5:09:29:bc:97:bd:24:df:35:da:bd:45:
                    8d:73:03:51:b0:89:de:c4:db:98:66:0d:dd:2c:32:97:
                    78:f3:8d:42:b2:a9:ee:4e:8b:14:fa:4f:a5:79:43:e8:
                    fd:1d:0f:ad:54:74:ce:a7:09:9c:0d:72:da:0b:e0:91:
                    7a:76:bd:41:1a:df:8f:c8:eb:80:67:e0:8b:63:b1:2d:
                    16:77:2a:db:60:ed:13:bc:bd:cb:c5:66:5d:47:47:04:
                    e6:bf:c9:30:fe:60:ee:fc:53:c0:d3:54:3a:da:92:83:
                    05:58:50:b5:5b:77:69:d9:08:50:2b:9b:83:2b:b1:23:
                    b7:28:7b:9a:4e:79:fd:16:78:c9:fc:2a:a7:f7:f5:8c:
                    f8:c1:24:b9:f7:fc:dc:47:5c:f2:e9:93:d3:ae:8e:1f:
                    10:55:f2:68:e5:84:3f:33:92:b7:79:8b:f8:bd:1c:6f:
                    b0:24:9d:b5:6a:08:c8:b6:8c:da:b7:e6:9b:4d:fa:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b3:70:f7:bd:de:a3:43:91:0e:61:b8:6e:20:6b:5b:24:
        b8:52:90:b1:88:67:1b:86:02:06:5b:48:d0:45:90:58:
        72:42:17:63:db:66:76:00:59:9e:b3:a4:d5:70:22:77:
        0f:89:b3:5b:60:a7:de:74:7c:08:5d:64:bb:90:fa:92:
        38:e1:f6:e4:5a:75:f6:f0:e4:68:c3:75:47:44:c0:ca:
        4e:6a:fa:c9:d1:b2:e5:6d:85:10:25:89:aa:28:e3:4e:
        d3:4d:71:3f:17:a3:da:46:c4:a1:47:ea:6e:f1:a8:c1:
        aa:01:3f:a4:0a:4e:55:69:c4:14:fa:36:9f:cd:6a:a3:
        d3:eb:9a:2f:a7:53:11:86:2f:ce:0d:e2:e4:f1:b6:88:
        4a:0c:00:a9:7c:12:2b:14:1e:4f:15:51:b6:a4:05:c1:
        5d:d8:9c:a0:2d:ee:f6:08:1a:d7:ac:63:0b:59:de:9f:
        92:93:ba:a1:44:52:be:9d:6a:57:a4:d5:ce:fd:ce:a2:
        83:56:94:41:c4:9b:dd:24:4a:fe:a1:b8:e3:7e:78:6b:
        25:8d:f6:94:7c:a6:67:df:d3:21:8c:63:0d:35:96:56:
        a6:6f:ee:c7:e8:a1:77:c1:62:d9:2b:b4:5c:58:cb:f1:
        10:7e:e6:7a:a1:d6:38:7d:56:2f:b8:4a:d7:2c:dd:73
    Fingerprint (SHA-256):
        EF:AB:99:1F:5D:A4:C5:69:86:72:55:51:00:B3:5E:56:4D:75:87:BE:A5:8E:2F:8B:8A:7C:69:16:8C:D9:FE:2F
    Fingerprint (SHA1):
        45:AE:D1:35:A2:1E:0D:15:E9:F7:1E:47:4B:92:A5:B2:EB:6B:3F:26
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4821: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4822: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174195 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4823: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4824: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4825: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174196 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4826: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4827: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4828: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4829: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628174197 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4830: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4831: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628174198 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4832: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4833: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #4834: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4835: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4836: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174199   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628173966.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4837: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4838: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4839: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4840: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174200   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4841: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4842: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4843: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4844: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628174201   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628173967.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #4845: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4846: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4847: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4848: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174202   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4849: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4850: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #4851: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #4852: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174196 (0x25712d74)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:56 2016
            Not After : Mon Jun 28 18:05:56 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:7a:08:6e:8e:91:a2:5b:7d:2c:67:bb:6c:a2:3d:26:
                    5e:bf:0b:46:f9:56:05:89:52:03:ec:ba:83:25:1d:a5:
                    58:66:3c:42:62:9e:65:1f:ba:a3:b8:05:8c:92:77:f5:
                    71:33:ab:8e:48:cf:3f:5a:30:87:78:6f:46:cf:a4:5e:
                    c3:72:de:8f:6c:5e:2d:94:79:54:b5:e5:ba:7f:34:97:
                    ab:ae:76:3d:9d:00:25:88:aa:d1:24:8c:c9:e5:2e:bb:
                    c9:51:92:46:3d:85:de:48:cc:61:40:9e:53:a8:ff:3e:
                    fd:eb:e3:65:fb:d7:58:30:45:e4:6f:f0:78:4a:63:0a:
                    3e:82:d6:83:b2:c7:43:67:f5:96:c7:15:bc:6f:ef:99:
                    7b:88:12:e2:49:18:cc:c2:cb:24:85:b3:2a:5d:01:54:
                    e9:92:97:b3:89:4e:84:9f:d9:74:c0:5a:3d:a9:73:12:
                    2e:de:33:d8:75:5d:75:0b:81:5f:4d:73:c8:e2:77:69:
                    6e:f7:42:25:b7:f7:bf:96:2d:5a:42:37:01:bd:80:1f:
                    d1:23:76:de:0b:87:e3:38:a0:9e:67:3b:ca:cd:85:38:
                    2f:ce:08:52:76:3a:45:05:e3:9b:5b:18:73:98:a8:ea:
                    17:6c:28:43:d0:38:0b:fb:27:78:a3:e6:4a:1e:45:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:30:0e:f5:91:d1:ff:cd:c8:4d:68:b0:47:a4:88:2e:
        61:83:8b:63:fa:2b:23:d3:07:97:b7:6f:8c:10:ff:ca:
        cf:64:bf:e8:38:d3:7f:48:5a:7d:57:fe:2a:b6:7c:f3:
        45:9d:af:42:49:f2:80:e2:b6:1e:0e:95:4d:da:9c:bb:
        ea:f6:bb:9b:98:2d:31:da:af:d6:99:0c:90:58:16:51:
        2c:60:ce:09:61:9e:37:27:89:8f:28:83:cb:d4:5e:52:
        1c:7e:1a:08:c1:6e:79:fe:c0:10:24:4c:17:10:ec:80:
        9e:77:19:75:3a:95:dc:b1:ac:a7:cd:79:73:ae:1e:49:
        47:42:f0:e1:a2:30:e0:3f:7a:94:79:51:b7:32:c5:7d:
        11:72:e4:76:f9:d5:62:f6:19:a0:6e:ed:82:9d:1f:eb:
        c7:c4:93:6a:bb:49:83:c9:a1:4f:f9:c6:54:8a:e6:49:
        ba:a0:ad:92:24:0e:d6:4d:76:e3:e5:dc:68:fe:29:f0:
        39:68:71:7e:3e:77:77:f9:3b:a5:26:67:b6:71:47:b6:
        04:c5:ca:c2:ab:0e:01:fd:e4:53:a8:22:fc:2b:df:99:
        2c:41:7e:23:ec:61:52:b8:57:7c:60:36:02:e7:61:81:
        a1:ef:98:91:5e:4e:f5:a7:82:a6:b4:8a:19:4d:ee:a1
    Fingerprint (SHA-256):
        68:9C:8D:08:57:3D:8C:02:F7:94:C9:51:CA:C4:48:79:C9:81:63:24:DC:3E:0D:8A:9A:7E:3A:D1:20:42:51:C6
    Fingerprint (SHA1):
        B8:4F:13:0E:CE:1B:D8:EB:50:3A:6A:CA:A5:32:14:B3:BF:88:DB:B9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4853: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174196 (0x25712d74)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:56 2016
            Not After : Mon Jun 28 18:05:56 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:7a:08:6e:8e:91:a2:5b:7d:2c:67:bb:6c:a2:3d:26:
                    5e:bf:0b:46:f9:56:05:89:52:03:ec:ba:83:25:1d:a5:
                    58:66:3c:42:62:9e:65:1f:ba:a3:b8:05:8c:92:77:f5:
                    71:33:ab:8e:48:cf:3f:5a:30:87:78:6f:46:cf:a4:5e:
                    c3:72:de:8f:6c:5e:2d:94:79:54:b5:e5:ba:7f:34:97:
                    ab:ae:76:3d:9d:00:25:88:aa:d1:24:8c:c9:e5:2e:bb:
                    c9:51:92:46:3d:85:de:48:cc:61:40:9e:53:a8:ff:3e:
                    fd:eb:e3:65:fb:d7:58:30:45:e4:6f:f0:78:4a:63:0a:
                    3e:82:d6:83:b2:c7:43:67:f5:96:c7:15:bc:6f:ef:99:
                    7b:88:12:e2:49:18:cc:c2:cb:24:85:b3:2a:5d:01:54:
                    e9:92:97:b3:89:4e:84:9f:d9:74:c0:5a:3d:a9:73:12:
                    2e:de:33:d8:75:5d:75:0b:81:5f:4d:73:c8:e2:77:69:
                    6e:f7:42:25:b7:f7:bf:96:2d:5a:42:37:01:bd:80:1f:
                    d1:23:76:de:0b:87:e3:38:a0:9e:67:3b:ca:cd:85:38:
                    2f:ce:08:52:76:3a:45:05:e3:9b:5b:18:73:98:a8:ea:
                    17:6c:28:43:d0:38:0b:fb:27:78:a3:e6:4a:1e:45:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:30:0e:f5:91:d1:ff:cd:c8:4d:68:b0:47:a4:88:2e:
        61:83:8b:63:fa:2b:23:d3:07:97:b7:6f:8c:10:ff:ca:
        cf:64:bf:e8:38:d3:7f:48:5a:7d:57:fe:2a:b6:7c:f3:
        45:9d:af:42:49:f2:80:e2:b6:1e:0e:95:4d:da:9c:bb:
        ea:f6:bb:9b:98:2d:31:da:af:d6:99:0c:90:58:16:51:
        2c:60:ce:09:61:9e:37:27:89:8f:28:83:cb:d4:5e:52:
        1c:7e:1a:08:c1:6e:79:fe:c0:10:24:4c:17:10:ec:80:
        9e:77:19:75:3a:95:dc:b1:ac:a7:cd:79:73:ae:1e:49:
        47:42:f0:e1:a2:30:e0:3f:7a:94:79:51:b7:32:c5:7d:
        11:72:e4:76:f9:d5:62:f6:19:a0:6e:ed:82:9d:1f:eb:
        c7:c4:93:6a:bb:49:83:c9:a1:4f:f9:c6:54:8a:e6:49:
        ba:a0:ad:92:24:0e:d6:4d:76:e3:e5:dc:68:fe:29:f0:
        39:68:71:7e:3e:77:77:f9:3b:a5:26:67:b6:71:47:b6:
        04:c5:ca:c2:ab:0e:01:fd:e4:53:a8:22:fc:2b:df:99:
        2c:41:7e:23:ec:61:52:b8:57:7c:60:36:02:e7:61:81:
        a1:ef:98:91:5e:4e:f5:a7:82:a6:b4:8a:19:4d:ee:a1
    Fingerprint (SHA-256):
        68:9C:8D:08:57:3D:8C:02:F7:94:C9:51:CA:C4:48:79:C9:81:63:24:DC:3E:0D:8A:9A:7E:3A:D1:20:42:51:C6
    Fingerprint (SHA1):
        B8:4F:13:0E:CE:1B:D8:EB:50:3A:6A:CA:A5:32:14:B3:BF:88:DB:B9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4854: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #4855: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174195 (0x25712d73)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:53 2016
            Not After : Mon Jun 28 18:05:53 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    fc:42:2e:75:73:65:89:0a:61:3b:58:80:2b:83:9d:42:
                    12:ca:e3:81:e8:48:23:cd:db:22:41:4f:c2:53:70:8a:
                    22:4d:6a:25:71:c8:88:e6:af:38:4a:17:2e:b7:1c:cc:
                    23:54:ba:b1:6a:c2:9a:1f:be:04:25:89:46:29:c9:18:
                    72:40:32:44:55:b2:d4:47:d1:56:87:20:be:31:79:ad:
                    3b:8c:85:29:86:20:ba:ed:64:c9:1a:aa:c0:5b:53:8a:
                    c3:0c:f0:2c:9c:8a:5d:01:f6:77:2d:fe:2a:43:ba:d8:
                    1e:f4:5c:9f:dd:68:0f:ab:ed:86:b7:1f:15:e0:0f:e3:
                    e3:81:8e:ad:1e:55:33:ee:8e:61:1b:bf:c6:c2:6a:09:
                    f6:be:53:3d:fd:5a:89:c6:22:e5:75:0b:97:d3:30:63:
                    d3:a1:dc:5d:51:40:b7:3f:40:18:4b:ab:21:7c:43:48:
                    d2:64:33:a6:00:3b:1f:16:eb:19:98:6d:04:8d:ee:eb:
                    bc:67:66:6b:c8:03:8f:46:87:d0:0b:50:8e:d1:8c:52:
                    fa:a0:2d:fb:6c:60:dc:3c:a1:ae:21:f4:f9:2e:87:95:
                    50:00:9a:57:73:b3:0b:ae:47:32:ea:f7:0f:bc:e5:99:
                    8a:71:6e:f4:7f:8e:84:a9:f2:a9:50:8d:67:9b:36:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        38:b9:79:f5:49:5e:30:60:d7:2f:31:1b:f4:b2:6e:02:
        33:c6:a0:8f:a3:20:a9:b4:64:c5:03:88:76:99:70:95:
        cf:5b:af:f9:72:8d:64:f9:f3:d3:02:5e:6b:75:e1:9d:
        d3:d5:42:68:66:e7:46:bd:e3:20:f9:98:4a:6b:97:a6:
        41:f7:f1:d6:5b:6b:01:16:bd:68:3c:aa:77:85:78:ab:
        55:12:9a:f8:6b:1b:3d:6c:84:23:65:a7:af:fb:4d:3b:
        0b:67:2b:e6:64:2c:aa:f9:f9:6a:56:df:91:f7:b8:48:
        22:8a:95:5d:6e:4d:f3:fb:28:8a:5f:c1:54:5e:78:02:
        8d:8d:9a:1d:4f:32:0d:2a:d4:32:43:73:dc:df:ce:63:
        94:01:d3:d1:78:6d:f4:cd:54:a8:6e:0d:71:47:b8:8f:
        69:8b:a9:93:3c:16:c5:9c:0a:d2:d1:f1:2b:cf:1c:9d:
        30:0a:5a:90:1b:e1:45:f4:f1:38:90:a2:a6:93:0c:63:
        19:54:bf:6e:a2:18:fa:2f:84:16:56:95:3d:0f:5e:8c:
        fc:26:70:4c:d2:93:1f:c9:4c:11:c0:e8:42:dd:92:01:
        d2:d3:68:ee:95:f9:dc:dc:2d:f0:53:08:c5:a2:fb:96:
        4e:f3:34:f3:e8:ce:14:cc:d1:a1:cd:32:36:ca:06:54
    Fingerprint (SHA-256):
        A5:A3:44:DF:9B:E1:5C:B2:30:D1:67:96:CE:39:24:58:10:C6:14:A8:3E:2C:9D:D8:1A:FD:F4:01:BC:BF:AA:71
    Fingerprint (SHA1):
        47:2B:36:EF:6A:E2:22:83:7C:CE:1D:90:20:3A:BB:21:44:82:13:2E
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4856: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174196 (0x25712d74)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:56 2016
            Not After : Mon Jun 28 18:05:56 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:7a:08:6e:8e:91:a2:5b:7d:2c:67:bb:6c:a2:3d:26:
                    5e:bf:0b:46:f9:56:05:89:52:03:ec:ba:83:25:1d:a5:
                    58:66:3c:42:62:9e:65:1f:ba:a3:b8:05:8c:92:77:f5:
                    71:33:ab:8e:48:cf:3f:5a:30:87:78:6f:46:cf:a4:5e:
                    c3:72:de:8f:6c:5e:2d:94:79:54:b5:e5:ba:7f:34:97:
                    ab:ae:76:3d:9d:00:25:88:aa:d1:24:8c:c9:e5:2e:bb:
                    c9:51:92:46:3d:85:de:48:cc:61:40:9e:53:a8:ff:3e:
                    fd:eb:e3:65:fb:d7:58:30:45:e4:6f:f0:78:4a:63:0a:
                    3e:82:d6:83:b2:c7:43:67:f5:96:c7:15:bc:6f:ef:99:
                    7b:88:12:e2:49:18:cc:c2:cb:24:85:b3:2a:5d:01:54:
                    e9:92:97:b3:89:4e:84:9f:d9:74:c0:5a:3d:a9:73:12:
                    2e:de:33:d8:75:5d:75:0b:81:5f:4d:73:c8:e2:77:69:
                    6e:f7:42:25:b7:f7:bf:96:2d:5a:42:37:01:bd:80:1f:
                    d1:23:76:de:0b:87:e3:38:a0:9e:67:3b:ca:cd:85:38:
                    2f:ce:08:52:76:3a:45:05:e3:9b:5b:18:73:98:a8:ea:
                    17:6c:28:43:d0:38:0b:fb:27:78:a3:e6:4a:1e:45:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:30:0e:f5:91:d1:ff:cd:c8:4d:68:b0:47:a4:88:2e:
        61:83:8b:63:fa:2b:23:d3:07:97:b7:6f:8c:10:ff:ca:
        cf:64:bf:e8:38:d3:7f:48:5a:7d:57:fe:2a:b6:7c:f3:
        45:9d:af:42:49:f2:80:e2:b6:1e:0e:95:4d:da:9c:bb:
        ea:f6:bb:9b:98:2d:31:da:af:d6:99:0c:90:58:16:51:
        2c:60:ce:09:61:9e:37:27:89:8f:28:83:cb:d4:5e:52:
        1c:7e:1a:08:c1:6e:79:fe:c0:10:24:4c:17:10:ec:80:
        9e:77:19:75:3a:95:dc:b1:ac:a7:cd:79:73:ae:1e:49:
        47:42:f0:e1:a2:30:e0:3f:7a:94:79:51:b7:32:c5:7d:
        11:72:e4:76:f9:d5:62:f6:19:a0:6e:ed:82:9d:1f:eb:
        c7:c4:93:6a:bb:49:83:c9:a1:4f:f9:c6:54:8a:e6:49:
        ba:a0:ad:92:24:0e:d6:4d:76:e3:e5:dc:68:fe:29:f0:
        39:68:71:7e:3e:77:77:f9:3b:a5:26:67:b6:71:47:b6:
        04:c5:ca:c2:ab:0e:01:fd:e4:53:a8:22:fc:2b:df:99:
        2c:41:7e:23:ec:61:52:b8:57:7c:60:36:02:e7:61:81:
        a1:ef:98:91:5e:4e:f5:a7:82:a6:b4:8a:19:4d:ee:a1
    Fingerprint (SHA-256):
        68:9C:8D:08:57:3D:8C:02:F7:94:C9:51:CA:C4:48:79:C9:81:63:24:DC:3E:0D:8A:9A:7E:3A:D1:20:42:51:C6
    Fingerprint (SHA1):
        B8:4F:13:0E:CE:1B:D8:EB:50:3A:6A:CA:A5:32:14:B3:BF:88:DB:B9
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4857: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174196 (0x25712d74)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:05:56 2016
            Not After : Mon Jun 28 18:05:56 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:7a:08:6e:8e:91:a2:5b:7d:2c:67:bb:6c:a2:3d:26:
                    5e:bf:0b:46:f9:56:05:89:52:03:ec:ba:83:25:1d:a5:
                    58:66:3c:42:62:9e:65:1f:ba:a3:b8:05:8c:92:77:f5:
                    71:33:ab:8e:48:cf:3f:5a:30:87:78:6f:46:cf:a4:5e:
                    c3:72:de:8f:6c:5e:2d:94:79:54:b5:e5:ba:7f:34:97:
                    ab:ae:76:3d:9d:00:25:88:aa:d1:24:8c:c9:e5:2e:bb:
                    c9:51:92:46:3d:85:de:48:cc:61:40:9e:53:a8:ff:3e:
                    fd:eb:e3:65:fb:d7:58:30:45:e4:6f:f0:78:4a:63:0a:
                    3e:82:d6:83:b2:c7:43:67:f5:96:c7:15:bc:6f:ef:99:
                    7b:88:12:e2:49:18:cc:c2:cb:24:85:b3:2a:5d:01:54:
                    e9:92:97:b3:89:4e:84:9f:d9:74:c0:5a:3d:a9:73:12:
                    2e:de:33:d8:75:5d:75:0b:81:5f:4d:73:c8:e2:77:69:
                    6e:f7:42:25:b7:f7:bf:96:2d:5a:42:37:01:bd:80:1f:
                    d1:23:76:de:0b:87:e3:38:a0:9e:67:3b:ca:cd:85:38:
                    2f:ce:08:52:76:3a:45:05:e3:9b:5b:18:73:98:a8:ea:
                    17:6c:28:43:d0:38:0b:fb:27:78:a3:e6:4a:1e:45:b5
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        66:30:0e:f5:91:d1:ff:cd:c8:4d:68:b0:47:a4:88:2e:
        61:83:8b:63:fa:2b:23:d3:07:97:b7:6f:8c:10:ff:ca:
        cf:64:bf:e8:38:d3:7f:48:5a:7d:57:fe:2a:b6:7c:f3:
        45:9d:af:42:49:f2:80:e2:b6:1e:0e:95:4d:da:9c:bb:
        ea:f6:bb:9b:98:2d:31:da:af:d6:99:0c:90:58:16:51:
        2c:60:ce:09:61:9e:37:27:89:8f:28:83:cb:d4:5e:52:
        1c:7e:1a:08:c1:6e:79:fe:c0:10:24:4c:17:10:ec:80:
        9e:77:19:75:3a:95:dc:b1:ac:a7:cd:79:73:ae:1e:49:
        47:42:f0:e1:a2:30:e0:3f:7a:94:79:51:b7:32:c5:7d:
        11:72:e4:76:f9:d5:62:f6:19:a0:6e:ed:82:9d:1f:eb:
        c7:c4:93:6a:bb:49:83:c9:a1:4f:f9:c6:54:8a:e6:49:
        ba:a0:ad:92:24:0e:d6:4d:76:e3:e5:dc:68:fe:29:f0:
        39:68:71:7e:3e:77:77:f9:3b:a5:26:67:b6:71:47:b6:
        04:c5:ca:c2:ab:0e:01:fd:e4:53:a8:22:fc:2b:df:99:
        2c:41:7e:23:ec:61:52:b8:57:7c:60:36:02:e7:61:81:
        a1:ef:98:91:5e:4e:f5:a7:82:a6:b4:8a:19:4d:ee:a1
    Fingerprint (SHA-256):
        68:9C:8D:08:57:3D:8C:02:F7:94:C9:51:CA:C4:48:79:C9:81:63:24:DC:3E:0D:8A:9A:7E:3A:D1:20:42:51:C6
    Fingerprint (SHA1):
        B8:4F:13:0E:CE:1B:D8:EB:50:3A:6A:CA:A5:32:14:B3:BF:88:DB:B9
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #4858: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #4859: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174203 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4860: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #4861: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #4862: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174204 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4863: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #4864: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #4865: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4866: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628174205   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4867: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4868: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #4869: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4870: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628174206   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4871: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4872: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #4873: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4874: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628174207 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4875: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4876: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628174208 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #4877: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4878: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #4879: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4880: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4881: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628174209   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4882: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4883: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4884: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4885: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628174210   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4886: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4887: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4888: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4889: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174211   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4890: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4891: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4892: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4893: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174212   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #4894: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4895: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4896: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174203 (0x25712d7b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:06:25 2016
            Not After : Mon Jun 28 18:06:25 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:fc:b7:4b:c9:e1:ef:f6:3d:4d:50:d9:81:0b:ca:bd:
                    a1:6f:a1:2a:bf:7e:ed:7b:de:16:85:59:a7:bf:f4:bf:
                    5e:af:e4:2b:57:24:7d:32:10:8a:16:1a:a5:e9:28:0a:
                    19:db:16:c5:fc:89:0c:4b:14:a4:88:62:4f:ef:6a:41:
                    8c:fd:e8:40:53:20:f3:05:a0:ce:7b:13:d9:fe:f2:f9:
                    dd:b3:52:de:4e:7f:eb:25:5b:3d:c0:36:12:27:7c:43:
                    68:12:60:12:29:e0:84:13:40:e3:9a:c5:e1:cc:35:1c:
                    1a:91:ad:4d:c3:55:d1:56:92:d8:e0:0d:00:f6:c6:0f:
                    bf:7d:f3:1c:bf:64:d5:42:b4:9b:d9:58:4d:2a:65:53:
                    7e:fd:9c:e1:a7:67:0e:6e:90:af:8f:37:c4:16:d1:de:
                    28:be:0e:c8:17:02:77:dd:69:f8:07:b0:03:e5:41:6f:
                    f9:a5:e9:f2:b7:4a:74:dc:d0:03:4f:0f:8b:39:75:c9:
                    c2:7d:24:15:7d:a5:d9:45:92:e4:63:2b:37:d2:93:a7:
                    1a:69:40:1a:63:ce:37:f3:4a:73:ad:91:77:80:23:0a:
                    29:c4:35:3f:21:ff:7d:6f:5b:3a:30:ef:cd:e0:03:49:
                    e4:f4:2c:1f:8b:67:8f:6e:d3:8a:6b:5e:fb:79:ce:d9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bd:95:4d:62:f1:8c:a8:2d:a8:50:a2:6e:b3:f2:a2:29:
        70:53:5c:00:f8:a9:83:10:c4:6b:05:bb:9e:2f:b1:31:
        e3:5b:f2:1d:bc:7f:34:f3:8b:92:20:ca:51:8d:f7:ce:
        aa:83:ea:7b:e5:6c:ac:73:dd:8e:d4:47:8b:98:7b:c3:
        ae:d4:1d:67:7b:f0:3f:79:c1:e5:ed:b3:fd:63:79:56:
        50:17:db:d3:f1:f5:d6:db:b4:3e:66:62:4f:66:30:bf:
        97:d6:25:9b:78:85:0b:77:fb:04:ac:dd:08:d5:e1:d1:
        b7:9e:8f:79:57:d6:34:31:c5:f0:53:d0:d9:a9:ee:0b:
        91:8c:8d:f5:f3:f9:25:78:31:fa:84:a4:dd:85:3c:fd:
        4b:fd:31:59:41:18:d4:4b:d7:a4:5f:46:44:3c:0c:0f:
        94:56:b1:4a:d8:1e:02:63:df:48:3e:e6:da:ad:5f:b0:
        3b:54:14:a0:a0:87:ae:a0:70:d9:88:05:f6:9f:b6:a3:
        d6:f3:eb:7f:74:32:2e:52:b3:7e:fe:53:ee:7f:b3:0c:
        1a:00:fd:41:e7:c5:ba:21:ec:d8:d9:ef:ab:a7:6c:52:
        d8:22:2d:7e:ce:39:ff:2c:fa:bd:1b:2b:b0:be:ae:a3:
        db:93:59:61:2a:1e:47:c7:a3:c6:14:c5:37:df:1e:31
    Fingerprint (SHA-256):
        2F:40:72:CF:75:20:C4:A9:62:C6:8D:85:64:12:BF:91:39:C3:C0:A6:D4:0C:FE:C9:69:BF:AC:3D:3C:99:D6:6C
    Fingerprint (SHA1):
        DB:30:41:FE:15:47:13:DF:FB:39:90:DE:EF:56:B7:1D:81:A8:C1:5D
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #4897: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4898: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4899: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4900: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4901: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4902: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4903: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4904: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4905: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174204 (0x25712d7c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:06:37 2016
            Not After : Mon Jun 28 18:06:37 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:b7:72:29:9f:77:9a:b2:5b:91:a6:7e:22:81:be:e1:
                    99:68:82:01:f8:9e:7e:dc:0e:bd:21:71:ae:92:13:b4:
                    7a:44:ef:b3:2c:65:62:f8:1b:41:12:90:6f:09:a5:47:
                    94:63:a8:f6:2e:dc:55:9b:e3:11:85:29:ea:9e:6f:48:
                    51:01:62:b5:67:52:67:ae:f8:78:6f:e7:80:54:e7:e4:
                    cf:f7:d8:eb:5d:64:6f:fd:e7:4d:96:ef:46:20:d3:38:
                    55:e1:23:10:4a:ce:b8:c5:c9:01:27:2c:be:a1:ec:97:
                    15:6a:64:0c:35:7c:52:58:dd:73:8e:1c:bb:83:2f:ac:
                    42:d3:f9:e9:b1:14:14:16:a2:21:7b:26:ba:45:58:91:
                    01:ca:ac:a0:55:f4:9d:53:67:58:92:e8:22:90:11:b5:
                    d3:f9:43:89:7e:d5:cd:77:91:0f:46:39:30:07:dc:71:
                    39:4e:8b:94:1e:3f:aa:db:8b:b0:c6:88:19:d4:16:8b:
                    2c:f6:3c:b9:93:3e:c2:78:a4:a6:85:9f:19:fe:58:45:
                    cc:be:da:61:82:ff:64:ac:15:a7:e4:b4:69:ef:ae:78:
                    0d:c6:61:9a:b9:ee:b9:48:98:81:92:02:f4:65:b5:d9:
                    82:c8:6d:38:61:72:77:3a:93:7c:c5:bb:6b:96:02:dd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b1:69:51:8c:4f:04:d4:79:83:3f:3b:24:29:6f:71:89:
        c7:fb:df:99:4e:99:68:c1:fa:aa:0a:52:d3:2a:a7:d0:
        12:24:93:49:af:ef:47:92:f4:09:3e:5f:13:fb:26:67:
        93:cc:e7:fd:eb:71:64:dd:87:02:6c:29:76:cc:05:65:
        a7:70:dd:ad:75:e1:44:1f:37:f7:44:55:0c:10:5c:5b:
        21:ac:85:81:0f:d1:27:0f:aa:69:53:d2:eb:d2:ab:a6:
        f1:ee:ed:72:74:80:3c:e8:ad:e8:9d:ae:09:77:47:3a:
        80:53:c7:72:f8:e7:f8:ca:09:5f:22:24:81:55:c9:79:
        99:b8:0e:e3:32:66:d6:e5:27:49:79:18:cb:2d:67:ea:
        bf:24:8f:b0:9c:e1:b9:fa:bb:60:1f:0a:ea:68:b0:7c:
        07:df:42:6d:dc:76:f2:ea:d6:48:23:47:89:8d:f5:52:
        30:6f:c4:3b:67:bd:9e:33:41:6f:a6:90:ab:e4:c3:46:
        f2:d4:f4:f4:64:84:35:15:38:7d:3e:a5:73:99:b3:c1:
        f4:cd:a4:7a:72:29:92:e6:79:f9:f8:3a:68:c3:14:93:
        a8:08:9d:8d:e2:6d:2a:d4:6a:36:12:8a:9b:b3:89:6a:
        2b:f8:18:01:e2:e6:f9:be:40:5f:cd:97:d3:ee:22:54
    Fingerprint (SHA-256):
        F0:50:D0:10:E8:39:55:84:31:05:30:0D:8A:AC:EB:7E:86:22:3D:13:1F:F8:C1:C4:49:47:1B:FF:B3:22:32:16
    Fingerprint (SHA1):
        8D:B6:F8:C7:F6:54:6A:92:8C:38:E8:AE:2E:DC:86:B0:FD:2F:CE:B7
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #4906: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4907: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4908: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4909: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4910: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #4911: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4912: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #4913: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #4914: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #4915: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #4916: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #4917: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #4918: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #4919: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4920: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #4921: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #4922: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #4923: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4924: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174213 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4925: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4926: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4927: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4928: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628174214   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4929: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4930: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #4931: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4932: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628174215   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4933: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4934: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4935: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4936: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628174216   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4937: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4938: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #4939: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4940: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628174217   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4941: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4942: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #4943: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4944: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628174218   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4945: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4946: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #4947: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4948: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628174219   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4949: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4950: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #4951: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4952: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628174220   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4953: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4954: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #4955: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4956: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628174221   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4957: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4958: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4959: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174213 (0x25712d85)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:21 2016
            Not After : Mon Jun 28 18:07:21 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    5b:e8:17:61:59:ee:17:4c:33:fb:86:df:f4:a0:dd:57:
                    ac:6e:ca:6a:94:8c:1a:dd:d1:e4:36:d8:1d:b0:00:b1:
                    a6:d6:a8:74:4d:fe:3d:8b:12:56:04:d1:7f:46:5a:7a:
                    a6:ec:e5:6f:04:e3:56:3f:9e:02:8c:ef:3d:f5:1a:2f:
                    5b:67:aa:c1:05:15:db:9e:39:9d:b6:d7:2a:07:64:ed:
                    74:06:ef:14:aa:53:42:32:18:77:97:b8:3d:33:01:1f:
                    2b:e9:7d:15:5a:72:81:1b:48:0d:f1:5a:b0:12:98:da:
                    72:5c:55:61:d3:44:0f:84:73:ac:29:53:24:56:ff:f2:
                    a3:4c:18:5a:bf:e3:f7:21:9b:ac:88:26:df:cb:da:5b:
                    4a:03:7b:69:69:3b:96:88:fb:b8:84:15:cf:96:cd:f8:
                    83:02:0e:65:42:6e:b8:5c:71:3b:61:db:34:12:28:f4:
                    8d:6a:5d:f3:27:6d:38:a0:4a:ab:38:85:46:31:c3:86:
                    a5:c8:37:4d:0e:b6:bf:a9:c5:01:d6:db:9c:e8:83:ce:
                    fc:a8:3b:80:a7:d1:b6:23:99:92:81:9f:82:1e:56:3b:
                    72:86:0e:bc:3a:36:27:eb:90:4e:bc:56:49:cf:db:2c:
                    76:45:6f:76:9a:a1:01:d6:6c:5a:34:ab:cb:33:e4:96
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:34:97:aa:db:93:bd:9c:8d:5f:4c:31:c8:
        29:49:51:87:87:68:7e:ee:de:2f:42:65:dd:e4:43:48:
        02:1d:00:d3:80:68:f6:8d:48:71:3e:56:27:2e:e2:73:
        db:b5:d5:fb:a8:f5:c2:34:8f:df:a0:ac:01:e5:e5
    Fingerprint (SHA-256):
        6C:75:42:DC:3E:33:AE:CC:1B:C5:E3:6D:B7:27:7F:34:18:76:45:B1:E8:36:5B:9B:F0:C0:D6:81:B3:FB:B6:D8
    Fingerprint (SHA1):
        37:09:19:6D:89:6C:29:92:67:E0:76:7B:D2:B6:B7:AC:00:F6:61:27
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #4960: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174213 (0x25712d85)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:21 2016
            Not After : Mon Jun 28 18:07:21 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    5b:e8:17:61:59:ee:17:4c:33:fb:86:df:f4:a0:dd:57:
                    ac:6e:ca:6a:94:8c:1a:dd:d1:e4:36:d8:1d:b0:00:b1:
                    a6:d6:a8:74:4d:fe:3d:8b:12:56:04:d1:7f:46:5a:7a:
                    a6:ec:e5:6f:04:e3:56:3f:9e:02:8c:ef:3d:f5:1a:2f:
                    5b:67:aa:c1:05:15:db:9e:39:9d:b6:d7:2a:07:64:ed:
                    74:06:ef:14:aa:53:42:32:18:77:97:b8:3d:33:01:1f:
                    2b:e9:7d:15:5a:72:81:1b:48:0d:f1:5a:b0:12:98:da:
                    72:5c:55:61:d3:44:0f:84:73:ac:29:53:24:56:ff:f2:
                    a3:4c:18:5a:bf:e3:f7:21:9b:ac:88:26:df:cb:da:5b:
                    4a:03:7b:69:69:3b:96:88:fb:b8:84:15:cf:96:cd:f8:
                    83:02:0e:65:42:6e:b8:5c:71:3b:61:db:34:12:28:f4:
                    8d:6a:5d:f3:27:6d:38:a0:4a:ab:38:85:46:31:c3:86:
                    a5:c8:37:4d:0e:b6:bf:a9:c5:01:d6:db:9c:e8:83:ce:
                    fc:a8:3b:80:a7:d1:b6:23:99:92:81:9f:82:1e:56:3b:
                    72:86:0e:bc:3a:36:27:eb:90:4e:bc:56:49:cf:db:2c:
                    76:45:6f:76:9a:a1:01:d6:6c:5a:34:ab:cb:33:e4:96
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:34:97:aa:db:93:bd:9c:8d:5f:4c:31:c8:
        29:49:51:87:87:68:7e:ee:de:2f:42:65:dd:e4:43:48:
        02:1d:00:d3:80:68:f6:8d:48:71:3e:56:27:2e:e2:73:
        db:b5:d5:fb:a8:f5:c2:34:8f:df:a0:ac:01:e5:e5
    Fingerprint (SHA-256):
        6C:75:42:DC:3E:33:AE:CC:1B:C5:E3:6D:B7:27:7F:34:18:76:45:B1:E8:36:5B:9B:F0:C0:D6:81:B3:FB:B6:D8
    Fingerprint (SHA1):
        37:09:19:6D:89:6C:29:92:67:E0:76:7B:D2:B6:B7:AC:00:F6:61:27
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #4961: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174213 (0x25712d85)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:21 2016
            Not After : Mon Jun 28 18:07:21 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    5b:e8:17:61:59:ee:17:4c:33:fb:86:df:f4:a0:dd:57:
                    ac:6e:ca:6a:94:8c:1a:dd:d1:e4:36:d8:1d:b0:00:b1:
                    a6:d6:a8:74:4d:fe:3d:8b:12:56:04:d1:7f:46:5a:7a:
                    a6:ec:e5:6f:04:e3:56:3f:9e:02:8c:ef:3d:f5:1a:2f:
                    5b:67:aa:c1:05:15:db:9e:39:9d:b6:d7:2a:07:64:ed:
                    74:06:ef:14:aa:53:42:32:18:77:97:b8:3d:33:01:1f:
                    2b:e9:7d:15:5a:72:81:1b:48:0d:f1:5a:b0:12:98:da:
                    72:5c:55:61:d3:44:0f:84:73:ac:29:53:24:56:ff:f2:
                    a3:4c:18:5a:bf:e3:f7:21:9b:ac:88:26:df:cb:da:5b:
                    4a:03:7b:69:69:3b:96:88:fb:b8:84:15:cf:96:cd:f8:
                    83:02:0e:65:42:6e:b8:5c:71:3b:61:db:34:12:28:f4:
                    8d:6a:5d:f3:27:6d:38:a0:4a:ab:38:85:46:31:c3:86:
                    a5:c8:37:4d:0e:b6:bf:a9:c5:01:d6:db:9c:e8:83:ce:
                    fc:a8:3b:80:a7:d1:b6:23:99:92:81:9f:82:1e:56:3b:
                    72:86:0e:bc:3a:36:27:eb:90:4e:bc:56:49:cf:db:2c:
                    76:45:6f:76:9a:a1:01:d6:6c:5a:34:ab:cb:33:e4:96
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:34:97:aa:db:93:bd:9c:8d:5f:4c:31:c8:
        29:49:51:87:87:68:7e:ee:de:2f:42:65:dd:e4:43:48:
        02:1d:00:d3:80:68:f6:8d:48:71:3e:56:27:2e:e2:73:
        db:b5:d5:fb:a8:f5:c2:34:8f:df:a0:ac:01:e5:e5
    Fingerprint (SHA-256):
        6C:75:42:DC:3E:33:AE:CC:1B:C5:E3:6D:B7:27:7F:34:18:76:45:B1:E8:36:5B:9B:F0:C0:D6:81:B3:FB:B6:D8
    Fingerprint (SHA1):
        37:09:19:6D:89:6C:29:92:67:E0:76:7B:D2:B6:B7:AC:00:F6:61:27
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #4962: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174213 (0x25712d85)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:21 2016
            Not After : Mon Jun 28 18:07:21 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    5b:e8:17:61:59:ee:17:4c:33:fb:86:df:f4:a0:dd:57:
                    ac:6e:ca:6a:94:8c:1a:dd:d1:e4:36:d8:1d:b0:00:b1:
                    a6:d6:a8:74:4d:fe:3d:8b:12:56:04:d1:7f:46:5a:7a:
                    a6:ec:e5:6f:04:e3:56:3f:9e:02:8c:ef:3d:f5:1a:2f:
                    5b:67:aa:c1:05:15:db:9e:39:9d:b6:d7:2a:07:64:ed:
                    74:06:ef:14:aa:53:42:32:18:77:97:b8:3d:33:01:1f:
                    2b:e9:7d:15:5a:72:81:1b:48:0d:f1:5a:b0:12:98:da:
                    72:5c:55:61:d3:44:0f:84:73:ac:29:53:24:56:ff:f2:
                    a3:4c:18:5a:bf:e3:f7:21:9b:ac:88:26:df:cb:da:5b:
                    4a:03:7b:69:69:3b:96:88:fb:b8:84:15:cf:96:cd:f8:
                    83:02:0e:65:42:6e:b8:5c:71:3b:61:db:34:12:28:f4:
                    8d:6a:5d:f3:27:6d:38:a0:4a:ab:38:85:46:31:c3:86:
                    a5:c8:37:4d:0e:b6:bf:a9:c5:01:d6:db:9c:e8:83:ce:
                    fc:a8:3b:80:a7:d1:b6:23:99:92:81:9f:82:1e:56:3b:
                    72:86:0e:bc:3a:36:27:eb:90:4e:bc:56:49:cf:db:2c:
                    76:45:6f:76:9a:a1:01:d6:6c:5a:34:ab:cb:33:e4:96
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:34:97:aa:db:93:bd:9c:8d:5f:4c:31:c8:
        29:49:51:87:87:68:7e:ee:de:2f:42:65:dd:e4:43:48:
        02:1d:00:d3:80:68:f6:8d:48:71:3e:56:27:2e:e2:73:
        db:b5:d5:fb:a8:f5:c2:34:8f:df:a0:ac:01:e5:e5
    Fingerprint (SHA-256):
        6C:75:42:DC:3E:33:AE:CC:1B:C5:E3:6D:B7:27:7F:34:18:76:45:B1:E8:36:5B:9B:F0:C0:D6:81:B3:FB:B6:D8
    Fingerprint (SHA1):
        37:09:19:6D:89:6C:29:92:67:E0:76:7B:D2:B6:B7:AC:00:F6:61:27
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #4963: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #4964: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #4965: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #4966: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #4967: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4968: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4969: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4970: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #4971: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4972: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4973: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4974: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #4975: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4976: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4977: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4978: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #4979: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4980: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4981: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4982: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #4983: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #4984: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4985: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4986: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #4987: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #4988: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #4989: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4990: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628180820Z
nextupdate=20170628180820Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 18:08:20 2016
    Next Update: Wed Jun 28 18:08:20 2017
    CRL Extensions:
chains.sh: #4991: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628180820Z
nextupdate=20170628180820Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:08:20 2016
    Next Update: Wed Jun 28 18:08:20 2017
    CRL Extensions:
chains.sh: #4992: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628180820Z
nextupdate=20170628180820Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:08:20 2016
    Next Update: Wed Jun 28 18:08:20 2017
    CRL Extensions:
chains.sh: #4993: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628180820Z
nextupdate=20170628180820Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 18:08:20 2016
    Next Update: Wed Jun 28 18:08:20 2017
    CRL Extensions:
chains.sh: #4994: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628180821Z
addcert 14 20160628180821Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:08:21 2016
    Next Update: Wed Jun 28 18:08:20 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 18:08:21 2016
    CRL Extensions:
chains.sh: #4995: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628180822Z
addcert 15 20160628180822Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:08:22 2016
    Next Update: Wed Jun 28 18:08:20 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 18:08:22 2016
    CRL Extensions:
chains.sh: #4996: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #4997: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #4998: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #4999: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #5000: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #5001: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #5002: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #5003: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #5004: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #5005: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:55 2016
            Not After : Mon Jun 28 18:07:55 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:c1:eb:ab:c1:f2:1b:06:d3:32:28:64:c8:db:ac:a8:
                    4b:81:17:4d:a5:a0:0e:d1:be:17:b0:c0:5a:82:93:76:
                    f7:a4:0d:ad:e9:0a:ea:10:7d:84:72:ee:47:64:3a:a7:
                    1a:3a:ff:19:d7:6f:30:bf:04:33:bc:ef:22:35:24:b0:
                    4d:ef:2a:f9:89:76:8c:90:89:bb:ff:a9:a1:a4:71:d3:
                    b2:ac:e7:40:3d:6f:67:dd:f2:89:4e:04:b6:23:1d:51:
                    3f:fc:2e:f2:3a:d1:4c:10:a5:fb:ad:3a:5e:e9:e0:f5:
                    ac:67:5e:6e:ca:69:cf:36:87:cf:19:13:b8:9d:db:c5:
                    cc:4f:39:79:83:be:0d:51:1a:e4:d2:6b:f6:a6:78:37:
                    2d:ec:b3:a2:d8:5a:b6:86:e1:f1:0a:09:84:ad:f4:8a:
                    d4:62:42:3d:56:e7:33:10:10:d7:2c:1d:dc:19:07:a0:
                    a0:54:ad:81:a4:fd:7d:22:34:09:0e:05:86:1b:bf:76:
                    19:0e:bd:57:4d:ca:db:4d:18:64:2b:71:e5:ae:c5:80:
                    cf:e9:5c:f2:5c:3c:55:4f:d1:9a:b8:56:a6:fc:eb:89:
                    57:d7:9a:8e:ce:38:01:bd:3f:f6:f8:c3:59:4e:79:4e:
                    02:78:84:db:06:14:7f:8b:06:aa:f6:d4:62:86:ce:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        23:80:3f:da:aa:8a:78:38:6d:f9:b8:26:cb:85:60:06:
        5b:96:dc:98:46:5e:07:2a:3f:46:6e:7d:e1:cc:84:ef:
        1c:e5:b8:92:d6:e5:1d:46:b6:f7:9b:9b:54:1a:72:28:
        7c:e3:64:f6:8d:e5:7b:bb:6e:8b:14:d3:f1:6d:fe:44:
        9f:e6:b6:99:65:a2:60:78:f3:ea:59:72:51:fc:93:1c:
        b2:fb:5a:5d:9c:cd:60:f7:46:95:39:13:dc:2d:fd:1e:
        73:4a:84:d0:cb:ea:b6:43:35:ab:6d:5f:28:cd:b2:59:
        42:cd:46:37:23:cb:10:78:1d:8b:70:a1:5f:97:53:83:
        20:3e:d4:5b:8f:0c:15:58:19:fd:2a:90:16:4f:c9:e7:
        d5:98:82:62:97:26:26:12:b6:32:6a:ec:ca:d1:09:e8:
        5a:58:b5:d2:da:0b:98:90:c4:54:a5:ee:53:e3:9f:b2:
        86:84:5b:95:9d:c2:68:fc:29:c3:d6:bc:cb:48:27:54:
        80:90:d1:cc:64:50:bf:18:27:57:6a:dc:8d:25:74:84:
        2d:2b:d9:67:e1:53:d4:d0:c4:f7:58:76:05:57:20:11:
        2a:ad:ee:2a:91:a7:25:7e:62:90:31:c4:01:9e:99:86:
        b1:41:4e:cb:58:53:7a:bf:da:6f:2f:d1:e0:1e:d0:ca
    Fingerprint (SHA-256):
        E0:14:C2:78:A6:50:8C:8B:6C:C8:02:DC:53:D9:AB:DF:55:F6:85:CC:6C:C0:D7:0C:99:6B:AF:10:28:65:45:48
    Fingerprint (SHA1):
        82:81:A7:07:AC:B0:83:44:73:1F:54:38:9A:A4:EB:38:33:FF:80:32
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #5006: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #5007: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:07:55 2016
            Not After : Mon Jun 28 18:07:55 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:c1:eb:ab:c1:f2:1b:06:d3:32:28:64:c8:db:ac:a8:
                    4b:81:17:4d:a5:a0:0e:d1:be:17:b0:c0:5a:82:93:76:
                    f7:a4:0d:ad:e9:0a:ea:10:7d:84:72:ee:47:64:3a:a7:
                    1a:3a:ff:19:d7:6f:30:bf:04:33:bc:ef:22:35:24:b0:
                    4d:ef:2a:f9:89:76:8c:90:89:bb:ff:a9:a1:a4:71:d3:
                    b2:ac:e7:40:3d:6f:67:dd:f2:89:4e:04:b6:23:1d:51:
                    3f:fc:2e:f2:3a:d1:4c:10:a5:fb:ad:3a:5e:e9:e0:f5:
                    ac:67:5e:6e:ca:69:cf:36:87:cf:19:13:b8:9d:db:c5:
                    cc:4f:39:79:83:be:0d:51:1a:e4:d2:6b:f6:a6:78:37:
                    2d:ec:b3:a2:d8:5a:b6:86:e1:f1:0a:09:84:ad:f4:8a:
                    d4:62:42:3d:56:e7:33:10:10:d7:2c:1d:dc:19:07:a0:
                    a0:54:ad:81:a4:fd:7d:22:34:09:0e:05:86:1b:bf:76:
                    19:0e:bd:57:4d:ca:db:4d:18:64:2b:71:e5:ae:c5:80:
                    cf:e9:5c:f2:5c:3c:55:4f:d1:9a:b8:56:a6:fc:eb:89:
                    57:d7:9a:8e:ce:38:01:bd:3f:f6:f8:c3:59:4e:79:4e:
                    02:78:84:db:06:14:7f:8b:06:aa:f6:d4:62:86:ce:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        23:80:3f:da:aa:8a:78:38:6d:f9:b8:26:cb:85:60:06:
        5b:96:dc:98:46:5e:07:2a:3f:46:6e:7d:e1:cc:84:ef:
        1c:e5:b8:92:d6:e5:1d:46:b6:f7:9b:9b:54:1a:72:28:
        7c:e3:64:f6:8d:e5:7b:bb:6e:8b:14:d3:f1:6d:fe:44:
        9f:e6:b6:99:65:a2:60:78:f3:ea:59:72:51:fc:93:1c:
        b2:fb:5a:5d:9c:cd:60:f7:46:95:39:13:dc:2d:fd:1e:
        73:4a:84:d0:cb:ea:b6:43:35:ab:6d:5f:28:cd:b2:59:
        42:cd:46:37:23:cb:10:78:1d:8b:70:a1:5f:97:53:83:
        20:3e:d4:5b:8f:0c:15:58:19:fd:2a:90:16:4f:c9:e7:
        d5:98:82:62:97:26:26:12:b6:32:6a:ec:ca:d1:09:e8:
        5a:58:b5:d2:da:0b:98:90:c4:54:a5:ee:53:e3:9f:b2:
        86:84:5b:95:9d:c2:68:fc:29:c3:d6:bc:cb:48:27:54:
        80:90:d1:cc:64:50:bf:18:27:57:6a:dc:8d:25:74:84:
        2d:2b:d9:67:e1:53:d4:d0:c4:f7:58:76:05:57:20:11:
        2a:ad:ee:2a:91:a7:25:7e:62:90:31:c4:01:9e:99:86:
        b1:41:4e:cb:58:53:7a:bf:da:6f:2f:d1:e0:1e:d0:ca
    Fingerprint (SHA-256):
        E0:14:C2:78:A6:50:8C:8B:6C:C8:02:DC:53:D9:AB:DF:55:F6:85:CC:6C:C0:D7:0C:99:6B:AF:10:28:65:45:48
    Fingerprint (SHA1):
        82:81:A7:07:AC:B0:83:44:73:1F:54:38:9A:A4:EB:38:33:FF:80:32
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #5008: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #5009: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #5010: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174222 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #5011: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #5012: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #5013: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #5014: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628174223   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5015: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5016: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #5017: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173994.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #5018: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173968.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #5019: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5020: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #5021: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173994.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #5022: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628174224   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5023: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5024: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #5025: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173994.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #5026: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173969.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #5027: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5028: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #5029: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #5030: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628174225   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5031: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5032: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #5033: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173994.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #5034: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173970.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #5035: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5036: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #5037: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628173994.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #5038: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628173971.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #5039: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5040: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628180907Z
nextupdate=20170628180907Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 18:09:07 2016
    Next Update: Wed Jun 28 18:09:07 2017
    CRL Extensions:
chains.sh: #5041: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628180907Z
nextupdate=20170628180907Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:09:07 2016
    Next Update: Wed Jun 28 18:09:07 2017
    CRL Extensions:
chains.sh: #5042: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628180907Z
nextupdate=20170628180907Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:09:07 2016
    Next Update: Wed Jun 28 18:09:07 2017
    CRL Extensions:
chains.sh: #5043: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628180908Z
nextupdate=20170628180908Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 18:09:08 2016
    Next Update: Wed Jun 28 18:09:08 2017
    CRL Extensions:
chains.sh: #5044: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628180909Z
addcert 20 20160628180909Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:09:09 2016
    Next Update: Wed Jun 28 18:09:07 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 18:09:09 2016
    CRL Extensions:
chains.sh: #5045: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628180910Z
addcert 40 20160628180910Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:09:10 2016
    Next Update: Wed Jun 28 18:09:07 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 18:09:09 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 18:09:10 2016
    CRL Extensions:
chains.sh: #5046: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #5047: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5048: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #5049: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174222 (0x25712d8e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:08:26 2016
            Not After : Mon Jun 28 18:08:26 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:d2:52:a1:1f:2f:d7:01:4f:78:da:62:48:d6:3e:9b:
                    84:4b:c3:8e:dd:d6:1a:5c:5e:d1:94:0d:0b:63:7b:4f:
                    8b:31:d9:72:02:9d:e3:a3:81:74:e5:05:db:91:fc:ee:
                    18:1d:e5:e0:0e:10:61:0e:0f:57:ee:de:79:d8:86:72:
                    0a:64:47:d1:c4:80:00:61:5a:b9:37:8c:d4:13:4e:cd:
                    6e:e6:6b:58:9d:f1:54:04:c6:d6:39:19:e6:60:c1:25:
                    5a:f6:10:a6:5d:e6:91:4a:3c:30:3e:ae:1d:3b:e6:ae:
                    4d:d9:0a:af:e4:4b:e6:b7:e1:03:ef:db:1c:07:df:90:
                    e4:08:82:de:4a:c1:93:f8:e3:b8:d8:d3:5b:11:b3:cf:
                    dc:24:61:72:bb:1d:36:f3:94:44:8d:9f:83:90:b3:66:
                    b3:68:56:50:63:91:2d:eb:15:eb:f9:2b:55:d3:51:4e:
                    95:22:5f:8c:43:b5:34:d7:e4:47:d5:f5:1c:db:ba:85:
                    b3:14:fe:f2:23:c6:55:b8:f4:a1:35:e8:c8:de:e4:fe:
                    95:19:35:85:21:7b:20:69:a0:49:1b:cc:e6:cf:b8:e5:
                    53:b0:3c:51:5a:15:9d:23:68:f4:95:b2:96:cd:f3:71:
                    d0:63:e3:32:01:fa:6f:1b:af:a5:da:5f:5f:b2:20:7b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d1:e8:61:fe:eb:31:6a:93:54:6d:2b:db:0a:47:22:e1:
        f1:e3:1d:da:6d:e1:e7:96:30:da:5a:9e:59:90:31:1e:
        e0:9f:57:17:97:16:6a:06:0d:5e:4b:72:e0:9e:57:49:
        66:d1:26:30:7d:d2:f4:f7:2d:cf:ea:8c:85:12:38:77:
        cd:e8:3f:20:23:21:dd:e2:bf:3f:f9:ba:61:84:d1:53:
        64:36:48:30:8a:a8:05:13:0d:cb:e0:b6:76:ad:39:60:
        ca:b7:48:74:51:49:12:2c:b4:14:20:5a:d3:3d:aa:59:
        41:79:bf:30:ee:48:ba:cd:27:d5:74:c6:45:3a:5e:65:
        d7:01:e4:cb:a7:f6:c8:01:c5:d0:b4:91:84:f7:20:a3:
        2f:c1:72:9d:d6:d5:79:84:57:ab:27:5b:95:27:7e:49:
        d5:51:0c:79:3d:1c:af:4d:e7:14:70:10:c4:de:0d:c8:
        65:eb:18:0f:64:97:b6:e6:ba:45:f5:57:97:3a:e9:ba:
        54:b1:f1:08:3d:6f:02:14:e9:eb:c1:c8:05:0e:91:9b:
        6f:25:58:2f:b9:2a:48:3e:59:6c:85:67:46:d3:a3:51:
        3f:3b:55:18:96:f7:e8:4f:6b:05:39:ca:b5:c4:f3:40:
        83:42:7f:a0:e9:ec:b2:a0:82:c6:e5:3e:cc:ae:61:0f
    Fingerprint (SHA-256):
        82:C3:60:25:5F:EC:C6:EE:78:0A:FD:A9:0D:55:A6:26:CF:ED:74:BF:B2:29:00:1F:16:C9:A0:88:69:EE:D3:24
    Fingerprint (SHA1):
        60:DB:84:F0:53:37:4B:28:74:1E:D0:55:49:04:F8:BD:D2:C8:E6:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #5050: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #5051: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174222 (0x25712d8e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:08:26 2016
            Not After : Mon Jun 28 18:08:26 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:d2:52:a1:1f:2f:d7:01:4f:78:da:62:48:d6:3e:9b:
                    84:4b:c3:8e:dd:d6:1a:5c:5e:d1:94:0d:0b:63:7b:4f:
                    8b:31:d9:72:02:9d:e3:a3:81:74:e5:05:db:91:fc:ee:
                    18:1d:e5:e0:0e:10:61:0e:0f:57:ee:de:79:d8:86:72:
                    0a:64:47:d1:c4:80:00:61:5a:b9:37:8c:d4:13:4e:cd:
                    6e:e6:6b:58:9d:f1:54:04:c6:d6:39:19:e6:60:c1:25:
                    5a:f6:10:a6:5d:e6:91:4a:3c:30:3e:ae:1d:3b:e6:ae:
                    4d:d9:0a:af:e4:4b:e6:b7:e1:03:ef:db:1c:07:df:90:
                    e4:08:82:de:4a:c1:93:f8:e3:b8:d8:d3:5b:11:b3:cf:
                    dc:24:61:72:bb:1d:36:f3:94:44:8d:9f:83:90:b3:66:
                    b3:68:56:50:63:91:2d:eb:15:eb:f9:2b:55:d3:51:4e:
                    95:22:5f:8c:43:b5:34:d7:e4:47:d5:f5:1c:db:ba:85:
                    b3:14:fe:f2:23:c6:55:b8:f4:a1:35:e8:c8:de:e4:fe:
                    95:19:35:85:21:7b:20:69:a0:49:1b:cc:e6:cf:b8:e5:
                    53:b0:3c:51:5a:15:9d:23:68:f4:95:b2:96:cd:f3:71:
                    d0:63:e3:32:01:fa:6f:1b:af:a5:da:5f:5f:b2:20:7b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d1:e8:61:fe:eb:31:6a:93:54:6d:2b:db:0a:47:22:e1:
        f1:e3:1d:da:6d:e1:e7:96:30:da:5a:9e:59:90:31:1e:
        e0:9f:57:17:97:16:6a:06:0d:5e:4b:72:e0:9e:57:49:
        66:d1:26:30:7d:d2:f4:f7:2d:cf:ea:8c:85:12:38:77:
        cd:e8:3f:20:23:21:dd:e2:bf:3f:f9:ba:61:84:d1:53:
        64:36:48:30:8a:a8:05:13:0d:cb:e0:b6:76:ad:39:60:
        ca:b7:48:74:51:49:12:2c:b4:14:20:5a:d3:3d:aa:59:
        41:79:bf:30:ee:48:ba:cd:27:d5:74:c6:45:3a:5e:65:
        d7:01:e4:cb:a7:f6:c8:01:c5:d0:b4:91:84:f7:20:a3:
        2f:c1:72:9d:d6:d5:79:84:57:ab:27:5b:95:27:7e:49:
        d5:51:0c:79:3d:1c:af:4d:e7:14:70:10:c4:de:0d:c8:
        65:eb:18:0f:64:97:b6:e6:ba:45:f5:57:97:3a:e9:ba:
        54:b1:f1:08:3d:6f:02:14:e9:eb:c1:c8:05:0e:91:9b:
        6f:25:58:2f:b9:2a:48:3e:59:6c:85:67:46:d3:a3:51:
        3f:3b:55:18:96:f7:e8:4f:6b:05:39:ca:b5:c4:f3:40:
        83:42:7f:a0:e9:ec:b2:a0:82:c6:e5:3e:cc:ae:61:0f
    Fingerprint (SHA-256):
        82:C3:60:25:5F:EC:C6:EE:78:0A:FD:A9:0D:55:A6:26:CF:ED:74:BF:B2:29:00:1F:16:C9:A0:88:69:EE:D3:24
    Fingerprint (SHA1):
        60:DB:84:F0:53:37:4B:28:74:1E:D0:55:49:04:F8:BD:D2:C8:E6:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #5052: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #5053: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #5054: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174226 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #5055: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #5056: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #5057: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #5058: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628174227   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5059: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5060: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #5061: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #5062: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628174228   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5063: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5064: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #5065: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #5066: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628174229   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5067: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5068: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #5069: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -m 628174230 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #5070: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #5071: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #5072: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #5073: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628174231   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5074: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5075: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #5076: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #5077: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628174232   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/cu_data
=== Certutil input data ===
===
chains.sh: #5078: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #5079: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #5080: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #5081: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #5082: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174226 (0x25712d92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:15 2016
            Not After : Mon Jun 28 18:09:15 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:7c:ae:0e:15:ef:ea:8c:57:e4:63:f2:f7:39:d5:ef:
                    5a:bd:2a:85:7c:8b:8a:a7:51:a4:46:94:11:31:c8:68:
                    0f:bc:99:63:a3:e8:b1:83:bb:bb:2e:80:fc:5e:63:0e:
                    70:59:5f:29:8c:6d:5c:af:e7:17:2d:33:7d:53:bf:0d:
                    d8:fd:cb:c8:6b:96:fd:4d:a9:ac:82:68:87:38:76:c1:
                    31:66:6a:16:0d:ae:61:60:ce:b9:86:64:05:70:72:4d:
                    8f:d4:34:83:81:40:63:45:0b:bc:ce:88:3c:fd:49:5a:
                    1e:17:67:e8:7e:5a:d3:af:bb:0c:c7:71:31:5a:7b:a9:
                    e6:73:ff:55:2e:8d:7c:a7:00:a1:13:0f:a9:d1:a8:13:
                    87:72:99:42:dc:63:82:d9:06:2e:86:6c:63:a6:da:56:
                    22:ec:7c:c4:d8:82:6d:56:dd:a0:e9:f1:17:2b:db:86:
                    55:fe:55:05:e8:3c:43:df:d0:a2:6f:ab:69:b7:f7:3a:
                    69:c4:c9:bb:ed:7d:18:1b:14:89:cb:05:48:82:0e:0a:
                    e6:17:2a:12:8d:92:64:09:37:e4:df:4b:90:92:cc:ed:
                    70:43:1f:69:ac:44:b4:c4:80:b3:c3:d4:f9:7a:a9:bf:
                    93:d2:ac:2b:9a:3e:7f:d7:79:1e:5a:42:4f:6f:fc:c7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:d3:3f:98:6e:1b:f7:a8:81:2e:ea:9c:ee:a0:f0:e4:
        19:eb:38:82:c2:c1:45:2c:64:f1:30:93:3e:d3:a9:d0:
        82:af:f8:fe:a8:d0:44:dc:9b:89:89:c6:1a:e7:17:29:
        2b:77:7d:c3:09:4c:6b:9c:66:2d:36:8a:55:f3:9c:b6:
        21:c1:38:6d:22:c2:1b:db:a1:17:53:0b:1c:3a:97:e0:
        7b:5d:5a:c7:0c:9f:d4:c3:b3:2f:a9:f6:fe:2c:18:c2:
        fa:9e:e0:f4:dc:ce:c2:05:6f:ab:b0:f3:9f:ca:6e:bb:
        64:40:0d:6e:52:96:ce:bd:19:87:7a:6b:0e:77:93:6b:
        2a:35:e3:df:9d:cc:fe:b6:44:9c:8b:24:af:ba:11:45:
        60:1a:b8:95:de:d0:f1:68:6f:2e:f2:9a:49:bc:27:7e:
        17:c5:ff:68:f1:f1:97:12:5d:93:b0:13:ca:58:5b:d6:
        bd:46:5f:70:40:de:d5:f8:c8:11:43:29:c1:ac:a1:f5:
        37:70:0c:ff:af:a0:b8:49:8e:b2:70:48:4c:9a:05:2b:
        50:71:f0:4c:e6:bb:91:f9:9f:77:f3:81:e8:b3:e4:f8:
        ac:d3:f0:10:4f:30:94:8d:a5:48:13:17:4d:d7:46:5f:
        b5:46:c7:be:3f:50:95:fd:77:83:bc:db:4f:a5:93:fa
    Fingerprint (SHA-256):
        3D:17:BD:D0:CF:F3:DE:50:73:0E:F9:14:44:D8:1B:70:A2:CF:FA:AB:3D:89:10:2A:2F:86:62:4B:37:B1:16:15
    Fingerprint (SHA1):
        D3:D3:08:48:A4:1E:FC:5E:9A:2E:11:55:06:D9:9E:0F:F2:CE:58:B8
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5083: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174228 (0x25712d94)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:25 2016
            Not After : Mon Jun 28 18:09:25 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:77:0f:87:1d:43:8d:80:52:e4:38:90:d7:01:1f:18:
                    97:a0:8d:bd:29:d3:f4:5f:db:65:16:27:97:76:f4:d6:
                    e1:1d:08:72:aa:fd:29:a3:be:21:dd:c5:9f:90:d9:4e:
                    ee:8e:14:14:14:f8:b9:2c:fe:e1:b7:5a:d4:f7:e6:d5:
                    d5:02:6c:21:f6:97:b2:2e:ce:28:1f:e6:67:53:e3:cb:
                    fd:2d:11:d3:3e:0b:0e:8e:f2:c5:2e:fb:8f:bf:91:bd:
                    73:89:6d:41:62:da:08:e7:c7:22:82:bf:49:8f:6c:2f:
                    f4:3d:fc:c2:ae:37:2e:71:98:b3:90:cf:de:b4:cc:10:
                    7d:15:37:00:e2:3c:a6:a5:8b:42:c2:71:47:6a:56:52:
                    35:8a:a3:8b:7b:08:a8:3a:15:b1:47:0a:11:cb:87:80:
                    89:61:97:ac:6f:06:e7:b9:0f:74:ea:14:25:6a:0a:a2:
                    f7:ec:c9:34:f2:b9:04:a4:67:e7:db:25:55:41:29:06:
                    c8:54:b3:e0:49:a1:9f:c5:bd:ae:2a:5e:fe:21:6f:e7:
                    b6:51:2a:53:6b:7b:a1:80:a4:a3:cc:c3:d8:db:b5:b1:
                    55:8c:88:7f:34:23:0d:44:f6:16:33:18:9e:09:e7:3a:
                    11:92:c4:83:d8:27:76:7f:f1:10:9e:57:4b:4c:d0:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:fb:60:27:11:f6:b6:de:2f:46:04:ad:35:b3:dd:5a:
        3b:3e:62:40:74:37:ce:c5:a7:26:91:6c:a4:97:94:00:
        3a:69:49:d1:59:b7:45:38:2d:8c:a9:50:6f:6f:1e:64:
        b0:34:35:5f:6e:11:73:c8:2f:12:31:8f:0c:6c:f5:d7:
        06:42:27:9b:33:ef:f1:c9:85:ac:89:2f:4d:2a:ef:ab:
        38:e3:b4:88:d0:78:82:9c:0e:7e:11:78:6b:a7:ab:43:
        63:6f:22:cc:c6:58:ca:d3:58:52:24:a0:35:ec:96:34:
        fd:e4:14:39:f5:3a:ba:5b:40:83:73:1d:64:2a:5d:c6:
        2f:12:c2:3a:7d:56:c3:fc:ff:79:aa:40:4e:db:06:4b:
        4c:7c:28:b0:b7:97:b5:18:0d:e6:bc:0a:c2:ca:5f:ae:
        31:0b:e9:25:9e:88:6b:97:d0:a0:00:61:0c:3c:4e:8f:
        ed:d6:81:4a:22:16:5f:de:5e:d0:28:94:cd:e1:7b:55:
        11:eb:a7:89:9d:e6:14:12:25:13:16:84:d2:d1:62:2f:
        f7:bd:13:76:35:a1:32:f1:4b:b3:50:16:e5:46:a2:bd:
        b2:ea:a8:76:93:a9:3f:e6:9e:1a:f4:04:f9:96:1e:94:
        99:81:72:ee:87:27:4e:7f:6d:bf:df:1b:28:92:07:65
    Fingerprint (SHA-256):
        A7:90:8F:46:75:7D:36:3B:28:3E:2D:78:0F:A7:87:C9:8A:30:FC:52:5A:86:E3:ED:4B:36:8E:5D:B7:37:5C:FB
    Fingerprint (SHA1):
        E3:60:F5:F8:BF:77:6E:E7:C9:2E:18:65:D6:AC:11:D9:34:2C:13:F8
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5084: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174226 (0x25712d92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:15 2016
            Not After : Mon Jun 28 18:09:15 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:7c:ae:0e:15:ef:ea:8c:57:e4:63:f2:f7:39:d5:ef:
                    5a:bd:2a:85:7c:8b:8a:a7:51:a4:46:94:11:31:c8:68:
                    0f:bc:99:63:a3:e8:b1:83:bb:bb:2e:80:fc:5e:63:0e:
                    70:59:5f:29:8c:6d:5c:af:e7:17:2d:33:7d:53:bf:0d:
                    d8:fd:cb:c8:6b:96:fd:4d:a9:ac:82:68:87:38:76:c1:
                    31:66:6a:16:0d:ae:61:60:ce:b9:86:64:05:70:72:4d:
                    8f:d4:34:83:81:40:63:45:0b:bc:ce:88:3c:fd:49:5a:
                    1e:17:67:e8:7e:5a:d3:af:bb:0c:c7:71:31:5a:7b:a9:
                    e6:73:ff:55:2e:8d:7c:a7:00:a1:13:0f:a9:d1:a8:13:
                    87:72:99:42:dc:63:82:d9:06:2e:86:6c:63:a6:da:56:
                    22:ec:7c:c4:d8:82:6d:56:dd:a0:e9:f1:17:2b:db:86:
                    55:fe:55:05:e8:3c:43:df:d0:a2:6f:ab:69:b7:f7:3a:
                    69:c4:c9:bb:ed:7d:18:1b:14:89:cb:05:48:82:0e:0a:
                    e6:17:2a:12:8d:92:64:09:37:e4:df:4b:90:92:cc:ed:
                    70:43:1f:69:ac:44:b4:c4:80:b3:c3:d4:f9:7a:a9:bf:
                    93:d2:ac:2b:9a:3e:7f:d7:79:1e:5a:42:4f:6f:fc:c7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:d3:3f:98:6e:1b:f7:a8:81:2e:ea:9c:ee:a0:f0:e4:
        19:eb:38:82:c2:c1:45:2c:64:f1:30:93:3e:d3:a9:d0:
        82:af:f8:fe:a8:d0:44:dc:9b:89:89:c6:1a:e7:17:29:
        2b:77:7d:c3:09:4c:6b:9c:66:2d:36:8a:55:f3:9c:b6:
        21:c1:38:6d:22:c2:1b:db:a1:17:53:0b:1c:3a:97:e0:
        7b:5d:5a:c7:0c:9f:d4:c3:b3:2f:a9:f6:fe:2c:18:c2:
        fa:9e:e0:f4:dc:ce:c2:05:6f:ab:b0:f3:9f:ca:6e:bb:
        64:40:0d:6e:52:96:ce:bd:19:87:7a:6b:0e:77:93:6b:
        2a:35:e3:df:9d:cc:fe:b6:44:9c:8b:24:af:ba:11:45:
        60:1a:b8:95:de:d0:f1:68:6f:2e:f2:9a:49:bc:27:7e:
        17:c5:ff:68:f1:f1:97:12:5d:93:b0:13:ca:58:5b:d6:
        bd:46:5f:70:40:de:d5:f8:c8:11:43:29:c1:ac:a1:f5:
        37:70:0c:ff:af:a0:b8:49:8e:b2:70:48:4c:9a:05:2b:
        50:71:f0:4c:e6:bb:91:f9:9f:77:f3:81:e8:b3:e4:f8:
        ac:d3:f0:10:4f:30:94:8d:a5:48:13:17:4d:d7:46:5f:
        b5:46:c7:be:3f:50:95:fd:77:83:bc:db:4f:a5:93:fa
    Fingerprint (SHA-256):
        3D:17:BD:D0:CF:F3:DE:50:73:0E:F9:14:44:D8:1B:70:A2:CF:FA:AB:3D:89:10:2A:2F:86:62:4B:37:B1:16:15
    Fingerprint (SHA1):
        D3:D3:08:48:A4:1E:FC:5E:9A:2E:11:55:06:D9:9E:0F:F2:CE:58:B8
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5085: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #5086: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174226 (0x25712d92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:15 2016
            Not After : Mon Jun 28 18:09:15 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:7c:ae:0e:15:ef:ea:8c:57:e4:63:f2:f7:39:d5:ef:
                    5a:bd:2a:85:7c:8b:8a:a7:51:a4:46:94:11:31:c8:68:
                    0f:bc:99:63:a3:e8:b1:83:bb:bb:2e:80:fc:5e:63:0e:
                    70:59:5f:29:8c:6d:5c:af:e7:17:2d:33:7d:53:bf:0d:
                    d8:fd:cb:c8:6b:96:fd:4d:a9:ac:82:68:87:38:76:c1:
                    31:66:6a:16:0d:ae:61:60:ce:b9:86:64:05:70:72:4d:
                    8f:d4:34:83:81:40:63:45:0b:bc:ce:88:3c:fd:49:5a:
                    1e:17:67:e8:7e:5a:d3:af:bb:0c:c7:71:31:5a:7b:a9:
                    e6:73:ff:55:2e:8d:7c:a7:00:a1:13:0f:a9:d1:a8:13:
                    87:72:99:42:dc:63:82:d9:06:2e:86:6c:63:a6:da:56:
                    22:ec:7c:c4:d8:82:6d:56:dd:a0:e9:f1:17:2b:db:86:
                    55:fe:55:05:e8:3c:43:df:d0:a2:6f:ab:69:b7:f7:3a:
                    69:c4:c9:bb:ed:7d:18:1b:14:89:cb:05:48:82:0e:0a:
                    e6:17:2a:12:8d:92:64:09:37:e4:df:4b:90:92:cc:ed:
                    70:43:1f:69:ac:44:b4:c4:80:b3:c3:d4:f9:7a:a9:bf:
                    93:d2:ac:2b:9a:3e:7f:d7:79:1e:5a:42:4f:6f:fc:c7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:d3:3f:98:6e:1b:f7:a8:81:2e:ea:9c:ee:a0:f0:e4:
        19:eb:38:82:c2:c1:45:2c:64:f1:30:93:3e:d3:a9:d0:
        82:af:f8:fe:a8:d0:44:dc:9b:89:89:c6:1a:e7:17:29:
        2b:77:7d:c3:09:4c:6b:9c:66:2d:36:8a:55:f3:9c:b6:
        21:c1:38:6d:22:c2:1b:db:a1:17:53:0b:1c:3a:97:e0:
        7b:5d:5a:c7:0c:9f:d4:c3:b3:2f:a9:f6:fe:2c:18:c2:
        fa:9e:e0:f4:dc:ce:c2:05:6f:ab:b0:f3:9f:ca:6e:bb:
        64:40:0d:6e:52:96:ce:bd:19:87:7a:6b:0e:77:93:6b:
        2a:35:e3:df:9d:cc:fe:b6:44:9c:8b:24:af:ba:11:45:
        60:1a:b8:95:de:d0:f1:68:6f:2e:f2:9a:49:bc:27:7e:
        17:c5:ff:68:f1:f1:97:12:5d:93:b0:13:ca:58:5b:d6:
        bd:46:5f:70:40:de:d5:f8:c8:11:43:29:c1:ac:a1:f5:
        37:70:0c:ff:af:a0:b8:49:8e:b2:70:48:4c:9a:05:2b:
        50:71:f0:4c:e6:bb:91:f9:9f:77:f3:81:e8:b3:e4:f8:
        ac:d3:f0:10:4f:30:94:8d:a5:48:13:17:4d:d7:46:5f:
        b5:46:c7:be:3f:50:95:fd:77:83:bc:db:4f:a5:93:fa
    Fingerprint (SHA-256):
        3D:17:BD:D0:CF:F3:DE:50:73:0E:F9:14:44:D8:1B:70:A2:CF:FA:AB:3D:89:10:2A:2F:86:62:4B:37:B1:16:15
    Fingerprint (SHA1):
        D3:D3:08:48:A4:1E:FC:5E:9A:2E:11:55:06:D9:9E:0F:F2:CE:58:B8
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5087: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174228 (0x25712d94)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:25 2016
            Not After : Mon Jun 28 18:09:25 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:77:0f:87:1d:43:8d:80:52:e4:38:90:d7:01:1f:18:
                    97:a0:8d:bd:29:d3:f4:5f:db:65:16:27:97:76:f4:d6:
                    e1:1d:08:72:aa:fd:29:a3:be:21:dd:c5:9f:90:d9:4e:
                    ee:8e:14:14:14:f8:b9:2c:fe:e1:b7:5a:d4:f7:e6:d5:
                    d5:02:6c:21:f6:97:b2:2e:ce:28:1f:e6:67:53:e3:cb:
                    fd:2d:11:d3:3e:0b:0e:8e:f2:c5:2e:fb:8f:bf:91:bd:
                    73:89:6d:41:62:da:08:e7:c7:22:82:bf:49:8f:6c:2f:
                    f4:3d:fc:c2:ae:37:2e:71:98:b3:90:cf:de:b4:cc:10:
                    7d:15:37:00:e2:3c:a6:a5:8b:42:c2:71:47:6a:56:52:
                    35:8a:a3:8b:7b:08:a8:3a:15:b1:47:0a:11:cb:87:80:
                    89:61:97:ac:6f:06:e7:b9:0f:74:ea:14:25:6a:0a:a2:
                    f7:ec:c9:34:f2:b9:04:a4:67:e7:db:25:55:41:29:06:
                    c8:54:b3:e0:49:a1:9f:c5:bd:ae:2a:5e:fe:21:6f:e7:
                    b6:51:2a:53:6b:7b:a1:80:a4:a3:cc:c3:d8:db:b5:b1:
                    55:8c:88:7f:34:23:0d:44:f6:16:33:18:9e:09:e7:3a:
                    11:92:c4:83:d8:27:76:7f:f1:10:9e:57:4b:4c:d0:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:fb:60:27:11:f6:b6:de:2f:46:04:ad:35:b3:dd:5a:
        3b:3e:62:40:74:37:ce:c5:a7:26:91:6c:a4:97:94:00:
        3a:69:49:d1:59:b7:45:38:2d:8c:a9:50:6f:6f:1e:64:
        b0:34:35:5f:6e:11:73:c8:2f:12:31:8f:0c:6c:f5:d7:
        06:42:27:9b:33:ef:f1:c9:85:ac:89:2f:4d:2a:ef:ab:
        38:e3:b4:88:d0:78:82:9c:0e:7e:11:78:6b:a7:ab:43:
        63:6f:22:cc:c6:58:ca:d3:58:52:24:a0:35:ec:96:34:
        fd:e4:14:39:f5:3a:ba:5b:40:83:73:1d:64:2a:5d:c6:
        2f:12:c2:3a:7d:56:c3:fc:ff:79:aa:40:4e:db:06:4b:
        4c:7c:28:b0:b7:97:b5:18:0d:e6:bc:0a:c2:ca:5f:ae:
        31:0b:e9:25:9e:88:6b:97:d0:a0:00:61:0c:3c:4e:8f:
        ed:d6:81:4a:22:16:5f:de:5e:d0:28:94:cd:e1:7b:55:
        11:eb:a7:89:9d:e6:14:12:25:13:16:84:d2:d1:62:2f:
        f7:bd:13:76:35:a1:32:f1:4b:b3:50:16:e5:46:a2:bd:
        b2:ea:a8:76:93:a9:3f:e6:9e:1a:f4:04:f9:96:1e:94:
        99:81:72:ee:87:27:4e:7f:6d:bf:df:1b:28:92:07:65
    Fingerprint (SHA-256):
        A7:90:8F:46:75:7D:36:3B:28:3E:2D:78:0F:A7:87:C9:8A:30:FC:52:5A:86:E3:ED:4B:36:8E:5D:B7:37:5C:FB
    Fingerprint (SHA1):
        E3:60:F5:F8:BF:77:6E:E7:C9:2E:18:65:D6:AC:11:D9:34:2C:13:F8
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5088: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #5089: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #5090: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #5091: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174226 (0x25712d92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:15 2016
            Not After : Mon Jun 28 18:09:15 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:7c:ae:0e:15:ef:ea:8c:57:e4:63:f2:f7:39:d5:ef:
                    5a:bd:2a:85:7c:8b:8a:a7:51:a4:46:94:11:31:c8:68:
                    0f:bc:99:63:a3:e8:b1:83:bb:bb:2e:80:fc:5e:63:0e:
                    70:59:5f:29:8c:6d:5c:af:e7:17:2d:33:7d:53:bf:0d:
                    d8:fd:cb:c8:6b:96:fd:4d:a9:ac:82:68:87:38:76:c1:
                    31:66:6a:16:0d:ae:61:60:ce:b9:86:64:05:70:72:4d:
                    8f:d4:34:83:81:40:63:45:0b:bc:ce:88:3c:fd:49:5a:
                    1e:17:67:e8:7e:5a:d3:af:bb:0c:c7:71:31:5a:7b:a9:
                    e6:73:ff:55:2e:8d:7c:a7:00:a1:13:0f:a9:d1:a8:13:
                    87:72:99:42:dc:63:82:d9:06:2e:86:6c:63:a6:da:56:
                    22:ec:7c:c4:d8:82:6d:56:dd:a0:e9:f1:17:2b:db:86:
                    55:fe:55:05:e8:3c:43:df:d0:a2:6f:ab:69:b7:f7:3a:
                    69:c4:c9:bb:ed:7d:18:1b:14:89:cb:05:48:82:0e:0a:
                    e6:17:2a:12:8d:92:64:09:37:e4:df:4b:90:92:cc:ed:
                    70:43:1f:69:ac:44:b4:c4:80:b3:c3:d4:f9:7a:a9:bf:
                    93:d2:ac:2b:9a:3e:7f:d7:79:1e:5a:42:4f:6f:fc:c7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:d3:3f:98:6e:1b:f7:a8:81:2e:ea:9c:ee:a0:f0:e4:
        19:eb:38:82:c2:c1:45:2c:64:f1:30:93:3e:d3:a9:d0:
        82:af:f8:fe:a8:d0:44:dc:9b:89:89:c6:1a:e7:17:29:
        2b:77:7d:c3:09:4c:6b:9c:66:2d:36:8a:55:f3:9c:b6:
        21:c1:38:6d:22:c2:1b:db:a1:17:53:0b:1c:3a:97:e0:
        7b:5d:5a:c7:0c:9f:d4:c3:b3:2f:a9:f6:fe:2c:18:c2:
        fa:9e:e0:f4:dc:ce:c2:05:6f:ab:b0:f3:9f:ca:6e:bb:
        64:40:0d:6e:52:96:ce:bd:19:87:7a:6b:0e:77:93:6b:
        2a:35:e3:df:9d:cc:fe:b6:44:9c:8b:24:af:ba:11:45:
        60:1a:b8:95:de:d0:f1:68:6f:2e:f2:9a:49:bc:27:7e:
        17:c5:ff:68:f1:f1:97:12:5d:93:b0:13:ca:58:5b:d6:
        bd:46:5f:70:40:de:d5:f8:c8:11:43:29:c1:ac:a1:f5:
        37:70:0c:ff:af:a0:b8:49:8e:b2:70:48:4c:9a:05:2b:
        50:71:f0:4c:e6:bb:91:f9:9f:77:f3:81:e8:b3:e4:f8:
        ac:d3:f0:10:4f:30:94:8d:a5:48:13:17:4d:d7:46:5f:
        b5:46:c7:be:3f:50:95:fd:77:83:bc:db:4f:a5:93:fa
    Fingerprint (SHA-256):
        3D:17:BD:D0:CF:F3:DE:50:73:0E:F9:14:44:D8:1B:70:A2:CF:FA:AB:3D:89:10:2A:2F:86:62:4B:37:B1:16:15
    Fingerprint (SHA1):
        D3:D3:08:48:A4:1E:FC:5E:9A:2E:11:55:06:D9:9E:0F:F2:CE:58:B8
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5092: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174230 (0x25712d96)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:38 2016
            Not After : Mon Jun 28 18:09:38 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:c2:b8:5e:ab:d5:a6:5c:39:37:42:75:7a:44:5e:f2:
                    1b:1c:42:3a:bf:22:14:d8:e3:16:90:20:44:f1:a8:9a:
                    92:b9:f8:cf:74:09:61:1e:e9:37:ae:b7:5e:2a:2e:ae:
                    50:d2:3a:15:7c:2d:6e:7e:73:b2:ae:ca:09:77:5c:ff:
                    c7:ad:53:af:b6:d0:95:e0:07:61:53:f4:28:5f:2d:44:
                    e4:bf:35:1e:82:b6:1c:c5:84:cb:59:a1:eb:ac:2f:84:
                    06:0b:c3:f5:81:ed:cd:c2:db:ef:27:7e:08:74:ad:a1:
                    62:b8:16:98:8d:42:a0:5f:25:f2:13:a7:b0:cc:84:7b:
                    d0:dc:f8:31:85:2c:5c:9b:95:d2:77:08:d2:82:4e:3a:
                    4d:3b:d7:b8:6e:f6:5d:cf:2a:0c:77:9c:bc:06:99:32:
                    71:42:55:95:ea:39:91:71:cd:58:5a:7d:d9:5f:7b:51:
                    5e:77:f0:54:8f:fe:57:1b:9b:a8:b9:c0:bc:a5:4e:36:
                    d7:0b:e3:37:f9:91:68:bc:6c:4f:e8:ae:70:a9:9a:92:
                    59:1f:87:90:00:18:61:a2:99:1d:8e:f6:92:bd:7e:b1:
                    6b:3e:54:cf:7d:a8:39:30:52:72:e0:69:04:a9:8f:f2:
                    94:2d:98:9a:60:75:93:c9:30:ed:9a:f3:2b:4d:bb:0b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5a:b8:fe:4c:2b:00:ab:79:d0:dd:3f:96:f1:2a:f5:a3:
        31:ba:99:5a:54:8f:c8:3c:68:c0:1f:1c:f9:48:23:de:
        c5:7e:6c:1a:00:9c:b6:9e:87:05:e1:9b:54:1f:5d:fc:
        11:fa:ef:7a:f5:d7:3d:50:e3:50:99:7e:97:ff:13:6f:
        9d:c5:6d:20:f6:4c:8d:43:60:a8:40:30:6a:e7:25:23:
        2e:91:65:19:64:09:79:eb:31:e2:8c:5e:ea:58:11:ed:
        ae:96:cd:e0:20:41:5e:9b:43:ed:7f:4d:8a:85:10:6b:
        ba:4a:09:26:f7:b0:f0:40:bf:5d:8d:4a:5f:03:9b:b9:
        6f:71:9a:db:5b:22:88:35:b1:bc:19:c3:25:ea:0b:52:
        3e:f2:42:d5:f4:7b:34:62:12:2a:13:9a:6f:e9:34:85:
        94:46:dd:5c:43:f4:0e:69:0d:42:51:c5:ba:1c:57:ed:
        05:b0:4d:3c:b9:92:3d:0d:33:ca:6f:9f:48:7d:a1:95:
        9b:f8:73:68:4d:63:2b:51:02:23:6f:09:7f:f8:1d:5c:
        90:d5:8c:92:f3:30:6f:d1:74:d8:d1:a2:da:4a:f9:a1:
        08:c7:3d:82:17:eb:c5:ff:75:7b:93:70:68:b3:04:10:
        1f:0e:14:44:df:64:3c:a6:2e:2b:dc:ad:a6:f5:e2:65
    Fingerprint (SHA-256):
        A3:00:43:1A:E1:05:68:4B:73:C7:30:4A:4A:67:80:48:2F:CD:19:A1:55:BA:BF:5D:C7:DF:17:0B:E0:EF:4E:B8
    Fingerprint (SHA1):
        D9:66:87:42:5E:72:AB:CE:52:66:C6:8D:0D:71:B8:A1:31:00:A2:6F
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #5093: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174226 (0x25712d92)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:15 2016
            Not After : Mon Jun 28 18:09:15 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    be:7c:ae:0e:15:ef:ea:8c:57:e4:63:f2:f7:39:d5:ef:
                    5a:bd:2a:85:7c:8b:8a:a7:51:a4:46:94:11:31:c8:68:
                    0f:bc:99:63:a3:e8:b1:83:bb:bb:2e:80:fc:5e:63:0e:
                    70:59:5f:29:8c:6d:5c:af:e7:17:2d:33:7d:53:bf:0d:
                    d8:fd:cb:c8:6b:96:fd:4d:a9:ac:82:68:87:38:76:c1:
                    31:66:6a:16:0d:ae:61:60:ce:b9:86:64:05:70:72:4d:
                    8f:d4:34:83:81:40:63:45:0b:bc:ce:88:3c:fd:49:5a:
                    1e:17:67:e8:7e:5a:d3:af:bb:0c:c7:71:31:5a:7b:a9:
                    e6:73:ff:55:2e:8d:7c:a7:00:a1:13:0f:a9:d1:a8:13:
                    87:72:99:42:dc:63:82:d9:06:2e:86:6c:63:a6:da:56:
                    22:ec:7c:c4:d8:82:6d:56:dd:a0:e9:f1:17:2b:db:86:
                    55:fe:55:05:e8:3c:43:df:d0:a2:6f:ab:69:b7:f7:3a:
                    69:c4:c9:bb:ed:7d:18:1b:14:89:cb:05:48:82:0e:0a:
                    e6:17:2a:12:8d:92:64:09:37:e4:df:4b:90:92:cc:ed:
                    70:43:1f:69:ac:44:b4:c4:80:b3:c3:d4:f9:7a:a9:bf:
                    93:d2:ac:2b:9a:3e:7f:d7:79:1e:5a:42:4f:6f:fc:c7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:d3:3f:98:6e:1b:f7:a8:81:2e:ea:9c:ee:a0:f0:e4:
        19:eb:38:82:c2:c1:45:2c:64:f1:30:93:3e:d3:a9:d0:
        82:af:f8:fe:a8:d0:44:dc:9b:89:89:c6:1a:e7:17:29:
        2b:77:7d:c3:09:4c:6b:9c:66:2d:36:8a:55:f3:9c:b6:
        21:c1:38:6d:22:c2:1b:db:a1:17:53:0b:1c:3a:97:e0:
        7b:5d:5a:c7:0c:9f:d4:c3:b3:2f:a9:f6:fe:2c:18:c2:
        fa:9e:e0:f4:dc:ce:c2:05:6f:ab:b0:f3:9f:ca:6e:bb:
        64:40:0d:6e:52:96:ce:bd:19:87:7a:6b:0e:77:93:6b:
        2a:35:e3:df:9d:cc:fe:b6:44:9c:8b:24:af:ba:11:45:
        60:1a:b8:95:de:d0:f1:68:6f:2e:f2:9a:49:bc:27:7e:
        17:c5:ff:68:f1:f1:97:12:5d:93:b0:13:ca:58:5b:d6:
        bd:46:5f:70:40:de:d5:f8:c8:11:43:29:c1:ac:a1:f5:
        37:70:0c:ff:af:a0:b8:49:8e:b2:70:48:4c:9a:05:2b:
        50:71:f0:4c:e6:bb:91:f9:9f:77:f3:81:e8:b3:e4:f8:
        ac:d3:f0:10:4f:30:94:8d:a5:48:13:17:4d:d7:46:5f:
        b5:46:c7:be:3f:50:95:fd:77:83:bc:db:4f:a5:93:fa
    Fingerprint (SHA-256):
        3D:17:BD:D0:CF:F3:DE:50:73:0E:F9:14:44:D8:1B:70:A2:CF:FA:AB:3D:89:10:2A:2F:86:62:4B:37:B1:16:15
    Fingerprint (SHA1):
        D3:D3:08:48:A4:1E:FC:5E:9A:2E:11:55:06:D9:9E:0F:F2:CE:58:B8
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #5094: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #5095: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #5096: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #5097: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #5098: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #5099: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628174231 (0x25712d97)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:09:49 2016
            Not After : Mon Jun 28 18:09:49 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:d9:6c:af:62:4a:da:2d:e6:70:13:3d:29:6c:c8:0d:
                    92:d6:0c:a9:99:30:df:30:9a:98:61:bf:fc:8b:61:03:
                    d5:3a:54:31:38:7b:ce:65:67:90:8d:12:29:51:72:f2:
                    e0:b2:8b:a1:29:e1:d3:c9:9c:ff:72:c4:98:dd:cb:a5:
                    17:a7:79:e4:6f:59:a5:8d:91:84:9f:5f:83:a3:be:93:
                    c0:41:bd:86:af:14:fe:48:23:05:e4:24:69:a2:36:71:
                    f5:4e:5f:58:f9:1e:e3:1d:43:09:db:39:a8:f6:47:cb:
                    26:6d:75:d6:70:29:fb:bf:24:16:a1:6e:b1:68:34:bb:
                    78:2b:13:49:47:12:09:90:32:bb:f7:f2:43:5d:b8:15:
                    be:04:fe:9c:5d:a5:11:32:89:60:71:55:7a:52:8b:2c:
                    89:54:57:c3:a9:4e:52:75:58:df:6d:66:f2:7f:b1:98:
                    ef:62:2a:b0:b6:5c:d6:08:ad:b5:b7:87:b4:c7:e6:a7:
                    f2:03:d1:66:c0:ec:d5:5a:74:f0:75:e2:0a:c4:bd:87:
                    98:a7:2b:23:cd:f5:3a:53:c1:75:1b:34:a9:64:35:e9:
                    85:e9:57:b5:ae:95:01:5d:1e:2b:74:f1:55:24:bb:e0:
                    49:b3:75:f7:e0:11:72:f1:bf:7b:11:7b:f7:dd:b0:97
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        25:a1:38:61:18:89:d1:82:90:59:41:73:fb:67:05:9b:
        43:9f:51:bd:93:80:c0:a0:2a:42:38:d6:12:1e:aa:2b:
        67:2c:2f:46:40:53:9e:6e:46:24:7e:c4:e8:1f:53:9d:
        69:a3:7b:74:fe:b6:a6:04:29:5d:c9:bc:89:21:7c:51:
        f9:c6:16:fe:55:e8:87:e4:78:a6:83:85:b5:a5:9a:14:
        ee:c8:fc:88:1e:c9:1a:3b:1d:fb:5b:c2:6a:dd:5c:7f:
        7a:b3:fc:44:1b:b6:91:2f:34:d9:9a:d8:0d:3b:67:5f:
        3a:45:b7:37:ef:23:e0:88:93:42:4e:3c:f1:f6:8a:f1:
        8c:ed:5a:7b:44:0e:71:6d:3a:03:d6:68:df:dc:e0:2d:
        0e:9f:1a:5e:82:a9:d0:bc:1f:f1:f6:13:ae:57:0f:c1:
        ba:9a:11:54:d7:fb:e5:99:ae:8a:50:52:00:3d:01:6f:
        c5:64:3e:6b:57:cc:4a:a3:cf:01:5e:09:03:21:0a:41:
        37:fb:e3:8b:ef:db:51:9b:51:c3:73:64:12:4e:f6:e5:
        f4:48:3a:a1:f8:6d:2c:a9:4c:db:29:72:61:29:aa:34:
        30:85:ea:48:22:b1:cf:82:fe:7c:e0:cb:ef:b5:cb:4a:
        6d:07:8a:23:0f:62:eb:22:29:68:cc:27:17:67:a1:98
    Fingerprint (SHA-256):
        1D:6F:DE:35:1E:67:69:87:E4:B9:FC:34:29:0C:02:F5:10:69:E2:A9:D3:43:64:0C:B3:6D:76:26:F9:88:BF:C7
    Fingerprint (SHA1):
        E2:25:DD:DB:A2:00:4B:3D:47:6F:C8:FF:3A:04:DF:95:86:E5:40:78
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #5100: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #5101: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #5102: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #5103: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #5104: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #5105: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5106: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #5107: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #5108: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5109: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #5110: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #5111: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #5112: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #5113: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5114: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #5115: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5116: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8174: security library: bad database.
Returned value is 1, expected result is fail
chains.sh: #5117: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5118: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #5119: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5120: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #5121: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #5122: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #5123: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 18491 at Tue Jun 28 18:09:57 UTC 2016
kill -USR1 18491
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 18491 killed at Tue Jun 28 18:09:57 UTC 2016
TIMESTAMP chains END: Tue Jun 28 18:09:57 UTC 2016
Running tests for ec
TIMESTAMP ec BEGIN: Tue Jun 28 18:09:57 UTC 2016
Running ec tests for ecperf
TIMESTAMP ecperf BEGIN: Tue Jun 28 18:09:57 UTC 2016
ecperf.sh: ecperf test ===============================
./ecperf.sh: line 44: ecperf: command not found
ecperf.sh: #5124: ec(perf) test - PASSED
chmod: missing operand after 'a+rw'
Try 'chmod --help' for more information.
TIMESTAMP ecperf END: Tue Jun 28 18:09:57 UTC 2016
TIMESTAMP ec END: Tue Jun 28 18:09:57 UTC 2016
Running tests for gtests
TIMESTAMP gtests BEGIN: Tue Jun 28 18:09:58 UTC 2016
gtests: der_gtest pk11_gtest util_gtest
gtests.sh: der_gtest ===============================
[==========] Running 11 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 11 tests from DERIntegerDecodingTest
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus126
[       OK ] DERIntegerDecodingTest.DecodeLongMinus126 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong130
[       OK ] DERIntegerDecodingTest.DecodeLong130 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong0
[       OK ] DERIntegerDecodingTest.DecodeLong0 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong1
[       OK ] DERIntegerDecodingTest.DecodeLong1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMax
[       OK ] DERIntegerDecodingTest.DecodeLongMax (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMin
[       OK ] DERIntegerDecodingTest.DecodeLongMin (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinPlus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxPlus1 (0 ms)
[----------] 11 tests from DERIntegerDecodingTest (0 ms total)
[----------] Global test environment tear-down
[==========] 11 tests from 1 test case ran. (1 ms total)
[  PASSED  ] 11 tests.
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/der_gtest/report.xml
gtests.sh: #5125: der_gtest run successfully  - PASSED
gtests.sh: pk11_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk11_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/pk11_gtest/report.xml
gtests.sh: #5137: pk11_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/pk11_gtest/report.xml: No such file or directory
gtests.sh: util_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/util_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/util_gtest/report.xml
gtests.sh: #5138: util_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/pkix/util_gtest/report.xml: No such file or directory
TIMESTAMP gtests END: Tue Jun 28 18:09:58 UTC 2016
Running tests for ssl_gtests
TIMESTAMP ssl_gtests BEGIN: Tue Jun 28 18:09:58 UTC 2016
ssl_gtest.sh: SSL Gtests ===============================
ssl_gtest.sh: #5139: create ssl_gtest database  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5140: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5141: create certificate: sign kex - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5142: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5143: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5144: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5145: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5146: create certificate: sign  - PASSED
ssl_gtest.sh: #5147: Skipping ssl_gtest (not built) - UNKNOWN
TIMESTAMP ssl_gtests END: Tue Jun 28 18:10:02 UTC 2016
ssl_gtests.sh: Testing with upgraded library ===============================
cp: cannot stat '/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/cert.done': No such file or directory
Running tests for dbupgrade
TIMESTAMP dbupgrade BEGIN: Tue Jun 28 18:10:03 UTC 2016
dbupgrade.sh: DB upgrade tests ===============================
Reset databases to their initial values:
certutil: could not find certificate named "objsigner": SEC_ERROR_BAD_DATABASE: security library: bad database.
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
dbupgrade.sh: Legacy to shared Library update ===============================
alicedir
upgrading db alicedir
Generating key.  This may take a few moments...
dbupgrade.sh: #5148: Upgrading alicedir  - PASSED
bobdir
upgrading db bobdir
Generating key.  This may take a few moments...
dbupgrade.sh: #5149: Upgrading bobdir  - PASSED
CA
upgrading db CA
Generating key.  This may take a few moments...
dbupgrade.sh: #5150: Upgrading CA  - PASSED
cert_extensions
upgrading db cert_extensions
Generating key.  This may take a few moments...
dbupgrade.sh: #5151: Upgrading cert_extensions  - PASSED
client
upgrading db client
Generating key.  This may take a few moments...
dbupgrade.sh: #5152: Upgrading client  - PASSED
clientCA
upgrading db clientCA
Generating key.  This may take a few moments...
dbupgrade.sh: #5153: Upgrading clientCA  - PASSED
dave
upgrading db dave
Generating key.  This may take a few moments...
dbupgrade.sh: #5154: Upgrading dave  - PASSED
eccurves
upgrading db eccurves
Generating key.  This may take a few moments...
dbupgrade.sh: #5155: Upgrading eccurves  - PASSED
eve
upgrading db eve
Generating key.  This may take a few moments...
dbupgrade.sh: #5156: Upgrading eve  - PASSED
ext_client
upgrading db ext_client
Generating key.  This may take a few moments...
dbupgrade.sh: #5157: Upgrading ext_client  - PASSED
ext_server
upgrading db ext_server
Generating key.  This may take a few moments...
dbupgrade.sh: #5158: Upgrading ext_server  - PASSED
SDR
upgrading db SDR
Generating key.  This may take a few moments...
dbupgrade.sh: #5159: Upgrading SDR  - PASSED
server
upgrading db server
Generating key.  This may take a few moments...
dbupgrade.sh: #5160: Upgrading server  - PASSED
serverCA
upgrading db serverCA
Generating key.  This may take a few moments...
dbupgrade.sh: #5161: Upgrading serverCA  - PASSED
ssl_gtests
skipping db ssl_gtests
dbupgrade.sh: #5162: No directory ssl_gtests  - PASSED
stapling
upgrading db stapling
Generating key.  This may take a few moments...
dbupgrade.sh: #5163: Upgrading stapling  - PASSED
tools/copydir
skipping db tools/copydir
dbupgrade.sh: #5164: No directory tools/copydir  - PASSED
upgrading db fips
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
dbupgrade.sh: #5165: Upgrading fips  - PASSED
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
TIMESTAMP dbupgrade END: Tue Jun 28 18:11:22 UTC 2016
Running tests for tools
TIMESTAMP tools BEGIN: Tue Jun 28 18:11:22 UTC 2016
tools.sh: Tools Tests with ECC ===============================
tools.sh: Exporting Alice's email cert & key - default ciphers
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5166: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                4f:e7:6d:dc:84:4b:28:6f:1e:8b:17:d7:cd:7d:b2:ca
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5167: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5168: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's email EC cert & key---------------
pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \
         -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5169: Exporting Alice's email EC cert & key (pk12util -o)  - PASSED
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5170: Importing Alice's email EC cert & key (pk12util -i)  - PASSED
tools.sh: Listing Alice's pk12 EC file -----------------
pk12util -l Alice-ec.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice-ec
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                ad:82:bc:d2:07:56:36:67:93:99:bf:e2:8c:16:48:a7
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 16:55:13 2016
            Not After : Mon Jun 28 16:55:13 2066
        Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor
            nia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:23
            EC Public Key:
                PublicValue:
                    04:01:10:1b:1a:1f:ab:08:ae:9d:6e:8e:83:b9:49:9a:
                    c4:23:d4:ed:fc:53:cc:62:e9:bc:ec:31:bd:cc:62:e4:
                    e7:88:b7:e8:31:5e:66:0b:cc:4f:85:7f:b8:15:bc:e0:
                    5f:e7:88:85:a5:00:66:58:93:70:e4:a6:25:2f:8e:ef:
                    c6:e5:86:01:d5:e8:83:f4:4d:f2:6a:24:fe:d2:1c:5c:
                    b8:79:9c:30:1a:fd:b0:69:50:29:fe:dc:a0:8b:b6:46:
                    c6:a9:09:91:e7:c3:12:d1:36:c1:e4:a8:a7:03:92:d7:
                    ac:46:7d:cc:c5:92:f7:41:29:a7:86:64:69:da:16:dd:
                    5c:2b:cc:1d:16
                Curve: SECG elliptic curve secp521r1 (aka NIST P-521)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:00:a7:11:22:08:bb:90:96:5e:2a:13:
        b3:a1:73:7b:d7:cf:5a:a7:4f:80:28:6c:08:17:36:32:
        99:95:b0:ce:f9:8d:b1:1a:37:f1:80:a7:59:f6:63:59:
        91:6b:b4:e2:aa:09:6f:5d:5a:b8:dc:84:58:e6:e0:62:
        72:29:4f:2d:b2:21:8a:02:42:01:7b:58:f1:95:9f:5d:
        d4:51:71:db:1a:78:27:a6:68:37:3d:3d:65:d1:d1:68:
        74:c8:1f:81:fa:e8:b7:6f:f4:9e:d6:1f:19:b4:14:00:
        5b:13:b1:b5:dd:ac:27:51:5a:d6:5c:b4:42:d3:90:1a:
        10:ea:b5:9c:db:ef:cf:e0:f5:dd:e0
    Fingerprint (SHA-256):
        0C:57:A0:03:3A:91:BF:37:97:C5:70:E1:CF:A9:C4:84:10:F1:51:5F:10:80:F6:37:87:3C:91:33:27:79:4E:69
    Fingerprint (SHA1):
        BC:D6:01:F5:1F:5E:E0:58:7E:A2:87:C1:6D:EB:62:E0:39:02:99:19
    Friendly Name: TestCA-ec
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 16:56:00 2016
            Not After : Mon Jun 28 16:56:00 2021
        Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S
            T=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:22
            EC Public Key:
                PublicValue:
                    04:ea:61:59:d9:f1:7a:44:53:f3:27:84:5a:95:73:04:
                    62:62:4a:e3:50:79:96:c0:26:a9:98:3e:70:6c:70:8d:
                    0e:53:75:5f:8e:fe:34:03:cb:4b:dc:a9:0b:9e:96:46:
                    74:71:f2:c0:40:ca:e2:a1:5e:ec:92:79:0c:96:45:9d:
                    0e:1a:c6:cb:44:e6:8d:96:6e:ce:e4:87:69:49:74:84:
                    c0:e7:a4:2a:c7:95:14:ad:90:e4:97:d8:91:26:40:1d:
                    2c
                Curve: SECG elliptic curve secp384r1 (aka NIST P-384)
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:00:91:7f:4a:7b:76:e7:17:50:56:af:
        6f:e5:c1:fe:16:df:e1:cc:ee:db:1c:76:57:ea:b6:7f:
        6e:dd:6c:ea:81:b4:52:ad:14:52:e0:cd:93:f8:55:95:
        50:21:91:0c:5c:71:5e:88:2b:2e:42:fe:3f:3c:19:4d:
        4d:fe:ef:c9:5b:aa:62:02:42:01:96:e1:36:c4:18:97:
        4b:6b:b1:32:dd:3b:22:2e:e5:d2:ea:94:3b:cd:65:58:
        c1:89:e2:07:0f:1f:21:73:f9:9f:32:3e:83:1f:ce:71:
        33:b6:ec:97:90:7d:bd:07:7f:eb:10:be:e0:f6:39:a7:
        20:a1:dd:82:06:2a:4d:58:88:f9:64
    Fingerprint (SHA-256):
        D1:D5:FF:42:91:73:9B:17:0A:40:B6:92:3A:D5:70:B9:01:6B:D3:69:98:17:A0:A9:38:7B:B5:71:8D:AC:51:4E
    Fingerprint (SHA1):
        33:C3:40:81:01:64:C1:78:E5:9F:DF:8F:8F:CF:1F:E0:ED:F0:5A:A3
    Friendly Name: Alice-ec
tools.sh: #5171: Listing Alice's pk12 EC file (pk12util -l)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5172: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                47:36:4e:6f:a5:db:8a:7d:9a:72:54:d5:87:a4:6d:c2
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5173: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5174: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5175: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                c2:0b:93:d9:cd:e8:1c:7d:d7:ad:e5:0f:e9:76:70:7a
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5176: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5177: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5178: Exporting with [RC2-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                68:a6:61:a6:6e:86:70:01:cd:73:b7:d1:10:28:8c:29
            Iteration Count: 2000 (0x7d0)
tools.sh: #5179: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5180: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5181: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                ce:78:56:bd:16:c1:02:e6:a3:4f:97:e7:16:a7:40:8f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5182: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5183: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5184: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                59:d7:17:c9:cd:f6:cd:b1:c0:23:ce:4f:78:82:f2:f6
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5185: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5186: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5187: Exporting with [DES-EDE3-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                32:59:13:b1:bf:d2:4e:3f:ad:63:63:25:bc:d4:4f:34
            Iteration Count: 2000 (0x7d0)
tools.sh: #5188: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5189: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5190: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        d0:f5:47:6a:ec:2f:59:75:ec:12:3c:62:13:e5:a7:72
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:1f:88:d8:dc:49:bd:7f:e9:f6:7a:48:5f:e5:bd:
                    5c:aa
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5191: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5192: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5193: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        ee:bd:a5:f0:47:db:4b:1a:b4:b7:8a:1a:0a:e9:37:f3
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:f7:3d:ed:da:72:a7:b7:de:30:de:57:5c:c4:80:
                    d7:84
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5194: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5195: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5196: Exporting with [AES-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        50:97:9a:5e:d0:d3:de:a7:b7:fc:aa:22:18:29:38:39
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:b0:0f:55:17:ad:92:5e:a0:02:c5:89:35:72:19:
                    d0:68
tools.sh: #5197: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5198: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5199: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        8b:cf:12:43:74:b7:7e:99:67:c4:91:da:3b:3c:f9:0b
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:f6:21:74:09:32:25:88:c2:a6:2e:8b:59:f7:0d:
                    f6:3d
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5200: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5201: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5202: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        63:8c:23:d3:47:ff:1e:62:b5:b3:93:fb:70:af:2c:c3
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:95:98:3f:a3:c3:3e:8e:1e:5b:42:de:47:2d:57:
                    23:6e
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5203: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5204: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5205: Exporting with [AES-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        37:b8:64:ab:81:dd:29:56:a6:5b:c2:fd:82:4c:28:e3
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:65:6f:b0:ad:34:24:e9:ef:8d:73:f7:73:a3:fc:
                    9d:11
tools.sh: #5206: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5207: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5208: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        02:0d:4a:f8:f4:f7:17:85:e9:98:6a:e2:f9:4a:86:27
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:4e:8a:99:4f:6b:79:d7:0c:44:0d:92:c3:88:7d:
                    cf:4a
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5209: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5210: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5211: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        9c:79:ae:a9:be:f1:8c:ed:55:5f:4d:d7:b1:79:e4:98
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:1a:f6:af:c1:26:4d:28:e6:7e:37:96:44:48:d3:
                    58:c4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5212: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5213: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5214: Exporting with [AES-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        57:ec:90:8e:ed:a0:f2:aa:f7:f9:25:cf:07:04:a5:37
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:eb:7f:34:7a:f1:68:8a:41:bf:f8:c9:67:be:46:
                    ed:89
tools.sh: #5215: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5216: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5217: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        e6:6b:0e:f9:24:56:44:e8:8e:54:9a:b9:23:f3:cb:a8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:fa:ad:3e:66:25:52:eb:58:4f:1f:c7:03:4b:c9:
                    92:1e
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5218: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5219: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5220: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        20:97:68:37:11:70:61:d8:78:f8:6a:e9:73:91:27:72
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:b9:68:9c:55:c7:77:e5:0b:a2:1a:66:79:66:84:
                    6d:3c
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5221: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5222: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5223: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        ed:41:46:29:6c:38:c7:4e:3a:85:ad:a4:0f:a7:86:e4
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:14:55:2a:79:a2:46:89:a4:98:fe:01:6a:0f:ba:
                    94:77
tools.sh: #5224: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5225: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5226: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        c8:9f:2a:91:e7:6e:89:a2:51:79:79:22:5a:47:08:43
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:3d:cb:91:40:7e:10:02:47:d1:78:14:4c:1b:01:
                    8e:ae
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5227: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5228: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5229: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        42:0c:0c:6e:5c:44:f5:34:a5:92:69:54:f0:c2:2f:c4
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:4b:dd:a8:75:ff:6c:99:b0:48:18:1b:24:2a:f8:
                    06:0d
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5230: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5231: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5232: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        2b:64:6a:a7:e9:9d:16:37:b0:2d:1f:36:ec:55:ab:e0
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:9b:d6:c0:c5:c3:bd:eb:01:1d:49:b5:30:1a:78:
                    ef:20
tools.sh: #5233: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5234: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5235: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        5b:dc:ee:8c:ce:e0:0d:a1:eb:22:34:32:d4:aa:13:7d
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:03:ba:8f:39:35:6d:50:3b:73:77:53:74:c6:ff:
                    e9:36
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5236: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5237: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5238: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        92:73:37:90:52:b8:32:0a:66:4d:cc:1d:3c:b1:fb:18
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:ad:7e:64:49:43:ac:db:b6:80:ab:48:28:e1:53:
                    20:64
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5239: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5240: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5241: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        e3:ae:7d:2d:60:82:05:72:28:95:a6:7f:e4:ad:6e:b6
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:7b:c4:cd:f9:1c:8b:ea:d0:b6:d2:f5:b0:9f:70:
                    7c:c7
tools.sh: #5242: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5243: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5244: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                6f:37:38:1f:e4:f0:af:49:17:1f:32:d8:b0:9b:7b:d2
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5245: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5246: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5247: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                86:a5:b1:46:65:5e:00:b6:05:90:a9:03:c8:6f:c0:db
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5248: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5249: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5250: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                29:ed:91:f7:38:b6:db:50:06:69:fa:a0:b7:80:4c:b5
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5251: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5252: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5253: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                bf:7f:8d:e5:59:36:82:1f:d0:30:0d:37:57:cf:47:6b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5254: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5255: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5256: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                67:5d:1b:63:e3:73:7f:1d:dc:54:68:b3:7e:7e:ce:fa
            Iteration Count: 2000 (0x7d0)
tools.sh: #5257: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5258: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5259: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                26:e0:bf:eb:c5:40:31:4a:13:0b:22:cc:db:0b:9e:74
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5260: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5261: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5262: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                0f:ff:4d:d1:e4:a3:8b:3b:34:9e:4c:50:02:fa:f1:3b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5263: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5264: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5265: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                57:69:c9:ef:36:5d:0b:e8:c8:d3:a1:7a:f5:01:d3:f1
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5266: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5267: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5268: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                f2:8f:f5:0b:37:25:2b:68:95:23:e0:d5:57:db:e3:6b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5269: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5270: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5271: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                e4:52:8f:1d:4d:6a:d3:7f:0e:52:56:d0:d2:b4:c1:95
            Iteration Count: 2000 (0x7d0)
tools.sh: #5272: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5273: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5274: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                31:57:02:89:52:0f:99:64:32:1f:fb:b6:7a:3d:a5:78
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5275: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5276: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5277: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                71:41:fc:e8:d8:81:7c:1a:ef:e3:6e:e7:8b:03:9f:c9
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5278: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5279: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5280: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                1e:9e:1f:c7:77:03:0b:73:57:db:52:75:95:03:91:ea
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5281: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5282: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5283: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                25:01:5b:4e:2d:cc:d9:50:a7:f3:45:93:e3:37:c8:8f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5284: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5285: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5286: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                d4:b3:a0:6d:58:77:92:eb:01:ad:7c:95:0c:4f:9a:48
            Iteration Count: 2000 (0x7d0)
tools.sh: #5287: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5288: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5289: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                cc:c0:ef:89:8b:c0:29:d3:60:9c:d1:8d:11:ae:83:30
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5290: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5291: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5292: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                26:02:0c:c0:9d:a0:03:93:c5:27:6e:91:33:4c:81:ee
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5293: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5294: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5295: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                c5:37:67:eb:38:64:4f:2f:c6:68:c9:8f:41:b2:68:c2
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5296: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5297: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5298: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                3f:1c:7a:77:85:3f:9c:dd:b5:94:65:c2:25:e9:3f:23
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5299: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5300: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:null]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5301: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                44:01:bf:6a:98:d7:c6:2c:f2:31:ac:df:dc:d4:d6:eb
            Iteration Count: 2000 (0x7d0)
tools.sh: #5302: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5303: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5304: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                2a:48:93:6f:eb:34:ac:8f:2c:75:9e:b5:7f:08:a8:0b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5305: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5306: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5307: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                d3:4c:1e:12:0a:76:17:f4:64:34:27:15:f6:59:63:07
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5308: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5309: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5310: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                b5:0d:9b:b0:e0:78:e6:8e:d6:ab:c9:dc:f5:8b:93:79
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5311: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5312: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5313: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                74:f8:89:31:e9:02:73:bd:90:ec:c9:5e:63:51:bf:bd
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5314: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5315: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5316: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                b0:cc:65:95:67:21:7c:ad:be:f8:b1:9e:27:0d:e5:36
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5317: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5318: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5319: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                13:25:ed:74:6b:0a:9d:46:c3:d0:7f:39:c7:43:ff:3b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5320: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5321: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5322: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                22:03:36:59:80:b3:2a:9d:c7:69:2f:0d:4a:4a:04:cc
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5323: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5324: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5325: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                e5:29:55:24:61:99:94:97:78:3d:a2:41:32:4c:65:62
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5326: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5327: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5328: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                17:08:2b:a7:83:cb:33:10:30:ab:68:d6:db:b1:6e:63
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5329: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5330: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5331: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                60:88:86:43:29:b9:52:ef:21:fb:a1:8d:b2:97:4c:f1
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:54:44 2016
            Not After : Mon Jun 28 16:54:44 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:93:50:05:6f:c2:51:1f:0d:d0:b9:cd:28:15:99:db:
                    2d:1e:30:e2:01:a4:60:52:a4:37:0a:3d:ad:91:c4:bf:
                    9d:76:b2:cc:98:e4:ef:b9:78:68:1c:5a:28:ad:c4:06:
                    77:90:14:ed:65:7a:7d:91:d3:28:73:ce:54:83:6e:9c:
                    20:7f:98:0d:81:58:57:f3:19:f2:68:14:cf:57:96:22:
                    be:51:00:3b:5b:3e:cb:a2:8c:95:ee:60:50:9e:83:cf:
                    52:ed:30:0a:71:35:b7:e2:ed:6f:c2:eb:86:89:0c:ff:
                    3c:01:07:ad:c2:d8:70:e1:52:a4:d0:58:92:b4:ee:66:
                    8d:99:1d:70:e9:c9:50:8e:2e:68:2c:d9:61:c5:96:1e:
                    bd:a1:72:bb:08:4a:c0:5c:ce:6e:a1:7b:f7:53:78:74:
                    da:ad:05:ca:57:30:9c:3e:f6:c6:eb:db:eb:80:4d:a1:
                    74:ad:67:cc:a1:73:5c:9e:50:58:cc:2a:67:61:e2:b6:
                    87:49:e6:ef:42:6b:67:5a:8d:96:ac:1c:56:b9:58:65:
                    94:46:d9:73:f5:31:51:08:47:82:2a:58:bc:21:90:34:
                    c7:7f:79:5e:d2:8e:e7:5c:92:b3:f1:1c:75:a9:f2:50:
                    99:a0:b6:62:68:03:ea:4a:43:20:b0:be:3f:c5:3f:81
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6d:79:12:57:40:52:61:b4:46:1b:ac:88:ad:c9:2d:6f:
        23:97:22:5d:ac:33:7a:d6:4d:1c:ea:9a:8f:8e:73:b7:
        81:df:57:24:16:cb:c1:de:ae:16:93:63:3b:5f:d2:99:
        24:b0:95:23:11:6b:a5:3d:26:f9:c4:29:aa:cb:4a:b2:
        a6:06:86:bf:fe:33:62:19:cb:3c:0f:41:34:d6:3b:63:
        73:35:59:b5:7b:06:6b:a6:a8:5e:d0:ec:1e:31:7a:8a:
        3e:6b:b6:15:99:28:74:fb:4d:5a:00:ef:22:13:1d:36:
        c0:14:ab:6d:94:70:1e:82:3f:d2:d6:4e:9d:31:0d:23:
        d7:57:03:ce:21:d3:d4:24:fb:c3:f8:fb:ce:96:3a:2a:
        6d:3c:96:5b:02:dd:eb:6f:ae:1d:61:3a:4b:60:02:77:
        51:9b:91:5e:c9:db:c4:58:a4:00:21:16:d0:10:ec:31:
        3c:9e:06:95:ee:a6:a6:7c:79:dd:52:a1:a5:5f:a1:cf:
        e1:29:57:c6:9c:c1:9d:78:a6:47:f0:54:57:36:67:bd:
        b1:26:8f:96:ae:e2:fd:c4:76:e5:ed:75:d2:26:ad:08:
        b6:18:67:bb:c7:1c:21:bb:79:5c:98:ad:75:88:f0:67:
        b5:ef:15:d4:0c:54:17:4b:16:4c:d0:23:7c:fd:96:7a
    Fingerprint (SHA-256):
        89:1B:BD:8D:8A:4D:FD:63:10:E9:30:8A:99:B2:50:9B:33:7D:92:C0:4D:2B:2E:BF:9A:8B:93:BD:B7:01:5C:94
    Fingerprint (SHA1):
        14:4C:13:CC:72:BD:6C:FA:95:5E:0D:58:08:B5:7F:06:15:E2:F6:BE
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:55:59 2016
            Not After : Mon Jun 28 16:55:59 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:54:ee:13:55:b9:28:22:3a:0c:4a:e6:74:dd:5d:34:
                    18:e4:1f:eb:79:08:04:34:e8:0f:ba:01:bb:1a:80:5b:
                    5c:a9:0e:23:f0:82:c9:23:9b:ce:5b:02:e1:54:ad:9d:
                    c2:ac:d4:27:a8:b6:ab:53:d3:c4:8c:57:7b:14:96:fb:
                    17:60:0e:4d:b6:32:ab:5f:ba:c5:7d:70:b1:0e:09:5e:
                    0e:88:80:75:b6:2b:94:92:bd:6c:ed:0e:0b:39:d7:8b:
                    5c:6f:c5:6c:97:df:54:ff:87:cf:b5:0f:88:9e:d1:07:
                    81:16:71:7c:73:69:15:04:4a:e1:96:85:fc:34:a8:37:
                    27:74:5c:b1:e7:77:07:ab:08:a0:13:cf:aa:57:00:c8:
                    c2:54:02:ea:4d:99:c3:f2:63:9f:6c:41:4d:2e:08:f6:
                    41:94:44:59:2e:1f:b5:a9:d3:52:ce:a9:1e:89:c2:36:
                    9c:25:ba:8f:b4:5d:9b:10:43:3c:9f:5e:c4:a3:f5:6d:
                    0a:33:11:cd:ed:10:b0:1d:f2:5e:8b:d3:9a:cc:f9:42:
                    b5:99:d3:f0:54:ed:c7:46:26:e7:77:6c:4f:fa:2f:94:
                    42:01:c8:08:d3:3f:6c:3c:92:39:70:6d:0b:bd:c4:81:
                    03:f0:c3:1a:35:11:6a:2b:9e:2e:2b:61:99:cc:8f:69
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1a:76:18:6d:78:b5:86:6c:af:37:a0:40:20:a8:38:c3:
        f3:71:c5:f4:21:76:e9:06:b3:c3:51:84:6a:d5:3b:99:
        23:51:59:4a:5f:bb:e4:39:43:1f:17:16:0f:7c:59:0a:
        ad:fe:50:ec:81:3d:22:05:3e:f4:93:d9:7b:c7:f8:36:
        47:2e:90:54:63:27:ec:ea:6d:02:54:bc:03:f2:26:1b:
        6d:e2:04:88:ee:61:ac:c8:4e:c1:5f:da:0e:cc:8b:ed:
        d2:4e:80:8b:86:4a:ab:18:81:db:fd:ec:74:bf:37:d0:
        e1:e0:7c:ba:24:33:e0:51:5b:1e:57:d8:be:41:d3:08:
        59:b4:9f:ef:43:25:0e:c6:50:6f:55:0f:d2:d5:6c:34:
        59:91:af:b3:36:b1:66:e1:49:93:0e:ee:6d:a5:58:dc:
        90:a9:dc:09:66:c6:9a:9d:78:83:78:7d:59:e1:d3:47:
        dc:ac:0d:17:90:be:99:59:d5:99:4b:82:70:6d:59:09:
        24:74:a2:61:ed:8a:e3:2b:2b:5b:47:5f:12:fd:f9:d7:
        e2:ce:d4:79:1f:31:72:85:eb:62:34:4c:7b:9a:07:fc:
        80:15:6b:a7:ac:de:5c:50:a9:c2:30:31:ae:c5:0b:1f:
        4a:b4:97:e6:ea:f8:db:72:43:c3:f1:95:f0:cd:97:80
    Fingerprint (SHA-256):
        E9:D5:FD:5D:0A:9A:B5:01:13:8C:13:7E:ED:95:CA:DC:4D:7E:90:EF:67:A7:00:48:52:3E:38:7D:FC:05:F5:EC
    Fingerprint (SHA1):
        10:42:F0:63:68:12:C2:BC:48:90:48:17:35:31:97:D5:E6:8A:F1:32
    Friendly Name: Alice
tools.sh: #5332: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #5333: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c null
pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm.
tools.sh: #5334: Exporting with [null:default] (pk12util -o)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #5335: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Create objsign cert -------------------------------
signtool -G "objectsigner" -d ../tools/signdir -p "nss"
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit the browser before continuing this operation. Enter 
"y" to continue, or anything else to abort: 
Enter certificate information.  All fields are optional. Acceptable
characters are numbers, letters, spaces, and apostrophes.
certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair
certificate request generated
certificate has been signed
certificate "objsigner" added to database
Exported certificate to x509.raw and x509.cacert.
tools.sh: #5336: Create objsign cert (signtool -G)  - PASSED
tools.sh: Signing a jar of files ----------------------------
signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
adding ../tools/html/signjs.html to nojs.jar...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.jar...(deflated 26%)
Generating zigbert.sf file..
adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 37%)
adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%)
tree "../tools/html" signed successfully
tools.sh: #5337: Signing a jar of files (signtool -Z)  - PASSED
tools.sh: Listing signed files in jar ----------------------
signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner
archive "nojs.jar" has passed crypto verification.
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
found a RSA signature file: META-INF/zigbert.rsa
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #5338: Listing signed files in jar (signtool -v)  - PASSED
tools.sh: Show who signed jar ------------------------------
signtool -w nojs.jar -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #5339: Show who signed jar (signtool -w)  - PASSED
tools.sh: Signing a xpi of files ----------------------------
signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
--> sign.html
Generating zigbert.sf file..
Creating XPI Compatible Archive 
adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 32%)
--> signjs.html
adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.xpi...(deflated 26%)
adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 37%)
tree "../tools/html" signed successfully
tools.sh: #5340: Signing a xpi of files (signtool -Z -X)  - PASSED
tools.sh: Listing signed files in xpi ----------------------
signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner
archive "nojs.xpi" has passed crypto verification.
found a RSA signature file: META-INF/zigbert.rsa
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #5341: Listing signed files in xpi (signtool -v)  - PASSED
tools.sh: Show who signed xpi ------------------------------
signtool -w nojs.xpi -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #5342: Show who signed xpi (signtool -w)  - PASSED
TIMESTAMP tools END: Tue Jun 28 18:12:32 UTC 2016
Running tests for fips
TIMESTAMP fips BEGIN: Tue Jun 28 18:12:32 UTC 2016
fips.sh: FIPS 140 Compliance Tests ===============================
fips.sh: Verify this module is in FIPS mode  -----------------
modutil -dbdir ../fips -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal FIPS PKCS #11 Module
	 slots: 1 slot attached
	status: loaded
	 slot: NSS FIPS 140-2 User Private Key Services
	token: NSS FIPS 140-2 Certificate DB
  2. RootCerts
	library name: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so
	 slots: 1 slot attached
	status: loaded
	 slot: NSS Builtin Objects
	token: Builtin Object Token
-----------------------------------------------------------
FIPS mode enabled.
fips.sh: #5343: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #5344: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys -------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   FIPS_PUB_140_Test_Certificate
fips.sh: #5345: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Attempt to list FIPS module keys with incorrect password
certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/tests.fipsbadpw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
fips.sh: #5346: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED
certutil -K returned 255
fips.sh: Validate the certificate --------------------------
certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw
certutil: certificate is valid
fips.sh: #5347: Validate the certificate (certutil -V -e) . - PASSED
fips.sh: Export the certificate and key as a PKCS#12 file --
pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 EXPORT SUCCESSFUL
fips.sh: #5348: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED
fips.sh: Export the certificate as a DER-encoded file ------
certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt
fips.sh: #5349: Export the certificate as a DER (certutil -L -r) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #5350: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Delete the certificate and key from the FIPS module
certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw
fips.sh: #5351: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #5352: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys.
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
certutil: no keys found
fips.sh: #5353: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #5354: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #5355: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   FIPS_PUB_140_Test_Certificate
fips.sh: #5356: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Delete the certificate from the FIPS module
certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate
fips.sh: #5357: Delete the certificate from the FIPS module (certutil -D) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #5358: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #5359: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #5360: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      d8420ee5a7845c5d29f943cd984d1fb4b8e496e6   FIPS_PUB_140_Test_Certificate
fips.sh: #5361: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Run PK11MODE in FIPSMODE  -----------------
pk11mode -d ../fips -p fips- -f ../tests.fipspw
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
**** Total number of TESTS ran in FIPS MODE is 106. ****
**** ALL TESTS PASSED ****
fips.sh: #5362: Run PK11MODE in FIPS mode (pk11mode) . - PASSED
fips.sh: Run PK11MODE in Non FIPSMODE  -----------------
pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
**** Total number of TESTS ran in NON FIPS MODE is 104. ****
**** ALL TESTS PASSED ****
fips.sh: #5363: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED
mkdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
mkdir: cannot create directory '/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle': File exists
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest1.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle
fips.sh: Detect mangled softoken--------------------------
mangling /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so
mangle -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle/libsoftokn3.so -o -8 -b 5
Changing byte 0x00033e94 (212628): from 21 (33) to 01 (1)
LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/fips/mangle dbtest -r -d ../fips
fips.sh: #5364: Init NSS with a corrupted library (dbtest -r) . - PASSED
fips.sh done
TIMESTAMP fips END: Tue Jun 28 18:13:16 UTC 2016
Running tests for crmf
TIMESTAMP crmf BEGIN: Tue Jun 28 18:13:16 UTC 2016
crmf.sh: CRMF/CMMF Tests ===============================
crmf.sh: CRMF/CMMF Tests ------------------------------
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode
crmftest v1.0
Generating CRMF request
Decoding CRMF request
crmftest: Processing cert request 0
crmftest: Processing cert request 1
Exiting successfully!!!
crmf.sh: #5365: CRMF test . - PASSED
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf
crmftest v1.0
Doing CMMF Stuff
Exiting successfully!!!
crmf.sh: #5366: CMMF test . - PASSED
TIMESTAMP crmf END: Tue Jun 28 18:13:17 UTC 2016
Running tests for smime
TIMESTAMP smime BEGIN: Tue Jun 28 18:13:17 UTC 2016
smime.sh: S/MIME Tests with ECC ===============================
smime.sh: Signing Detached Message {SHA1} ------------------
cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1
smime.sh: #5367: Create Detached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5368: Verifying Alice's Detached Signature (SHA1) . - PASSED
smime.sh: Signing Attached Message (SHA1) ------------------
cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1
smime.sh: #5369: Create Attached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1
smime.sh: #5370: Decode Alice's Attached Signature (SHA1) . - PASSED
diff alice.txt alice.data.SHA1
smime.sh: #5371: Compare Attached Signed Data and Original (SHA1) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------
cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1
smime.sh: #5372: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5373: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------
cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1
smime.sh: #5374: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1
smime.sh: #5375: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED
diff alice.txt alice-ec.data.SHA1
smime.sh: #5376: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Detached Message {SHA256} ------------------
cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256
smime.sh: #5377: Create Detached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5378: Verifying Alice's Detached Signature (SHA256) . - PASSED
smime.sh: Signing Attached Message (SHA256) ------------------
cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256
smime.sh: #5379: Create Attached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256
smime.sh: #5380: Decode Alice's Attached Signature (SHA256) . - PASSED
diff alice.txt alice.data.SHA256
smime.sh: #5381: Compare Attached Signed Data and Original (SHA256) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------
cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256
smime.sh: #5382: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5383: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------
cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256
smime.sh: #5384: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256
smime.sh: #5385: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED
diff alice.txt alice-ec.data.SHA256
smime.sh: #5386: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Detached Message {SHA384} ------------------
cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384
smime.sh: #5387: Create Detached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5388: Verifying Alice's Detached Signature (SHA384) . - PASSED
smime.sh: Signing Attached Message (SHA384) ------------------
cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384
smime.sh: #5389: Create Attached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384
smime.sh: #5390: Decode Alice's Attached Signature (SHA384) . - PASSED
diff alice.txt alice.data.SHA384
smime.sh: #5391: Compare Attached Signed Data and Original (SHA384) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------
cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384
smime.sh: #5392: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5393: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------
cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384
smime.sh: #5394: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384
smime.sh: #5395: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED
diff alice.txt alice-ec.data.SHA384
smime.sh: #5396: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Detached Message {SHA512} ------------------
cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512
smime.sh: #5397: Create Detached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5398: Verifying Alice's Detached Signature (SHA512) . - PASSED
smime.sh: Signing Attached Message (SHA512) ------------------
cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512
smime.sh: #5399: Create Attached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512
smime.sh: #5400: Decode Alice's Attached Signature (SHA512) . - PASSED
diff alice.txt alice.data.SHA512
smime.sh: #5401: Compare Attached Signed Data and Original (SHA512) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------
cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512
smime.sh: #5402: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #5403: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------
cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512
smime.sh: #5404: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512
smime.sh: #5405: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED
diff alice.txt alice-ec.data.SHA512
smime.sh: #5406: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED
smime.sh: Enveloped Data Tests ------------------------------
cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \
        -o alice.env
smime.sh: #5407: Create Enveloped Data Alice . - PASSED
cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1
smime.sh: #5408: Decode Enveloped Data Alice . - PASSED
diff alice.txt alice.data1
smime.sh: #5409: Compare Decoded Enveloped Data and Original . - PASSED
smime.sh: Testing multiple recipients ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \
        -r bob@bogus.com,dave@bogus.com
smime.sh: #5410: Create Multiple Recipients Enveloped Data Alice . - PASSED
smime.sh: Testing multiple email addrs ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \
        -r eve@bogus.net
smime.sh: #5411: Encrypt to a Multiple Email cert . - PASSED
cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2
smime.sh: #5412: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED
cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3
smime.sh: #5413: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED
cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4
smime.sh: #5414: Decrypt with a Multiple Email cert . - PASSED
smime.sh: #5415: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED
smime.sh: #5416: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED
smime.sh: #5417: Compare Decoded with Multiple Email cert . - PASSED
smime.sh: Sending CERTS-ONLY Message ------------------------------
cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \
        -d ../alicedir > co.der
smime.sh: #5418: Create Certs-Only Alice . - PASSED
cmsutil -D -i co.der -d ../bobdir
smime.sh: #5419: Verify Certs-Only by CA . - PASSED
smime.sh: Encrypted-Data Message ---------------------------------
cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \
        -r "bob@bogus.com" > alice.enc
smime.sh: #5420: Create Encrypted-Data . - PASSED
cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \
        -o alice.data2
smime.sh: #5421: Decode Encrypted-Data . - PASSED
smime.sh: #5422: Compare Decoded and Original Data . - PASSED
smime.sh: p7 util Data Tests ------------------------------
p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env
smime.sh: #5423: Creating envelope for user Alice . - PASSED
p7content -d ../alicedir -i alice.env -o alice_p7.data
smime.sh: #5424: Verifying file delivered to user Alice . - PASSED
diff alice.txt alice_p7.data.sed
smime.sh: #5425: Compare Decoded Enveloped Data and Original . - PASSED
p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e
smime.sh: #5426: Signing file for user Alice . - PASSED
p7verify -d ../alicedir -c alice.txt -s alice.sig
Signature is valid.
smime.sh: #5427: Verifying file delivered to user Alice . - PASSED
TIMESTAMP smime END: Tue Jun 28 18:13:28 UTC 2016
Running tests for ssl
TIMESTAMP ssl BEGIN: Tue Jun 28 18:13:28 UTC 2016
./ssl.sh: line 306: syntax error near unexpected token `('
./ssl.sh: line 306: `            echo "exp/ssl2/ssl3 test should fail: (NSS_NO_SSL2,EXP,SSL2,SSL3)=(${NSS_NO_SSL2},${EXP},${SSL2},${SSL3})"'
TIMESTAMP ssl END: Tue Jun 28 18:13:28 UTC 2016
Running tests for merge
TIMESTAMP merge BEGIN: Tue Jun 28 18:13:28 UTC 2016
merge.sh: Merge Tests ===============================
merge.sh: Creating an SDR key & Encrypt
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #5428: Creating SDR Key  - PASSED
merge.sh: Merging in Key for Existing user
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id dave --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5429: Merging Dave  - PASSED
merge.sh: Merging in new user 
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id server --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5430: Merging server  - PASSED
merge.sh: Merging in new chain 
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id ext_client --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5431: Merging ext_client  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict1 --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5432: Merging conflicting nicknames 1  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id conflict2 --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5433: Merging conflicting nicknames 2  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #4)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45 (0x2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:59:30 2016
            Not After : Mon Jun 28 16:59:30 2021
        Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c7:f5:6a:bc:f1:20:04:d2:2c:66:61:eb:2f:ff:51:71:
                    d4:a5:75:47:8c:ad:11:ab:2b:84:c6:4f:d6:c2:36:2b:
                    1b:8c:0b:ef:e7:ba:27:ff:d6:9c:c5:4f:02:0c:3a:35:
                    78:a4:70:bf:d7:76:6a:95:07:e6:43:c6:de:c9:ba:c8:
                    06:5d:46:7d:cb:d4:f5:46:20:28:e9:65:f7:44:60:f5:
                    a6:7f:ff:13:42:26:a3:52:c6:90:07:af:4d:38:3f:07:
                    6e:0c:bd:72:cb:d2:e3:24:9a:93:7c:0c:82:16:03:83:
                    22:aa:03:8b:91:05:f1:6f:df:b3:ec:7c:a9:bf:c1:7c:
                    4b:59:3e:d0:c7:a3:e3:f4:0a:02:24:27:da:09:e0:9a:
                    aa:a4:16:9a:76:e1:72:ed:0a:cd:25:36:41:5b:09:4d:
                    ba:7a:af:a6:3e:db:d5:10:81:21:7f:fc:ed:62:63:6d:
                    23:fd:0a:94:51:ad:34:95:ad:00:1d:b5:2b:50:65:07:
                    b9:7c:33:4c:1f:78:6d:b8:da:66:4a:3b:51:29:e9:e0:
                    46:4e:ef:3f:0d:e9:3d:d8:81:9f:9b:00:96:ae:78:67:
                    90:7f:37:f1:d2:77:f6:dc:5f:9b:24:28:7f:e5:d1:dc:
                    c7:34:8b:bf:7b:33:40:4a:ac:60:15:1a:d6:49:f6:45
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        76:8e:97:eb:d2:e2:a0:e4:18:06:4e:60:e7:9b:39:b4:
        21:76:26:ed:c9:66:64:a5:49:b3:3a:e0:ff:26:4b:72:
        38:71:26:2a:d5:aa:c5:d1:d3:4a:d7:56:60:46:fb:d2:
        cf:b1:9a:c2:ce:44:f3:a9:8d:57:d8:7d:6d:e6:a7:22:
        79:58:e0:5e:32:14:b2:2c:23:f0:cd:16:08:e9:66:7c:
        34:f5:62:5f:9a:60:66:85:09:51:82:e2:c4:fe:b4:cb:
        91:99:1f:87:44:46:67:b0:7c:be:0b:a9:a8:3f:8e:f6:
        14:02:95:4a:36:cf:ca:c0:98:41:b9:31:5f:71:74:15:
        9a:73:70:d1:11:89:9e:e7:96:e7:f7:71:c2:90:11:be:
        78:e8:cc:6c:45:53:75:f6:63:be:ba:59:e2:5c:9a:be:
        c6:5f:15:fd:2f:ff:0b:5c:05:ea:9c:f3:6c:dc:89:53:
        5b:b2:7f:12:6e:4b:5f:cc:37:79:a2:dc:88:7b:eb:24:
        0e:2f:12:1d:74:eb:48:25:29:bc:bd:9d:66:90:bc:84:
        c2:64:2f:a2:6c:6a:25:f8:25:56:56:13:e0:05:a9:7a:
        35:e5:ae:2a:b6:d7:d2:a5:a5:bd:b7:44:3f:d2:6a:15:
        80:f3:87:82:52:73:20:00:2d:40:20:0c:53:a3:fc:22
    Fingerprint (SHA-256):
        B7:4D:33:E4:38:9E:CB:8D:83:6C:0B:3E:3A:53:1B:57:E8:42:F6:ED:08:CF:B4:53:C8:61:1B:86:3E:07:BD:2D
    Fingerprint (SHA1):
        64:04:D6:97:DB:43:2A:A9:C2:1E:92:95:BB:13:DB:20:A9:14:6D:C0
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #5434: Verify nicknames were deconflicted (Alice #4)  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #100)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 16:59:34 2016
            Not After : Mon Jun 28 16:59:34 2021
        Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:f3:b8:f4:56:66:f8:76:cc:dc:79:07:3a:73:a8:dc:
                    bc:f0:ac:90:a0:29:e3:34:e5:05:15:2a:00:e0:aa:fd:
                    51:4e:c0:c6:6a:c7:5a:b4:bc:81:08:dd:6b:96:34:ef:
                    75:46:c8:4f:0e:60:61:ff:34:0a:9e:43:2c:70:55:43:
                    68:d0:98:fb:d2:15:b4:9d:a3:b7:58:87:3e:1e:98:5d:
                    10:e9:35:9c:e3:e2:29:42:e2:b7:c7:2c:04:0f:07:dc:
                    e1:f7:50:d4:d7:99:81:aa:f8:24:09:62:46:81:f7:0a:
                    ac:6c:75:82:0b:fd:b5:3f:4c:2c:ca:fa:ce:80:89:72:
                    4c:f9:50:a5:a6:c5:82:72:85:ee:69:fb:7f:7e:c4:8f:
                    9d:d4:1b:59:7e:0b:e9:0a:16:c1:77:b0:41:c8:b9:be:
                    55:02:df:80:93:4b:f7:49:15:77:d3:98:dd:44:6c:0b:
                    76:26:61:43:9a:e1:93:1e:5c:d2:07:ca:78:90:35:f2:
                    53:70:f7:99:1e:91:84:9b:67:d2:17:df:76:e5:28:d5:
                    4f:aa:9a:4f:1b:f2:cb:07:c1:34:0d:57:db:70:67:c0:
                    86:09:8b:93:91:b8:ae:dc:67:75:ee:15:59:da:05:4c:
                    eb:b9:69:52:71:46:09:6d:c4:6b:93:ef:d1:0f:58:f1
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3c:04:86:ad:de:30:9d:6a:23:81:32:d8:6a:1f:ac:2c:
        e7:e4:2e:c8:6d:36:0f:5a:50:68:3c:2a:0d:d1:be:fc:
        f2:1f:9c:4e:7e:b7:a0:1d:53:c6:5e:9f:1e:02:4f:91:
        72:69:b2:2e:9c:cd:56:eb:99:d0:e4:f3:16:b2:31:0f:
        92:ec:be:96:34:94:a8:ac:b7:2d:fd:c7:09:b3:d9:3d:
        9b:ab:96:51:8e:2b:5e:8e:b9:9b:11:30:6e:86:04:62:
        e1:dc:4a:a1:21:e9:10:94:9c:69:3f:70:f3:6c:10:36:
        b0:66:37:f3:3e:41:37:c9:79:d2:8f:16:55:de:56:74:
        52:5a:3f:dd:92:9f:43:fc:8e:41:f9:f6:9d:0b:cf:de:
        e6:2a:24:26:f9:d4:e0:2d:d8:40:4e:9d:4b:4b:39:9b:
        4a:e2:c5:c5:dc:b6:d9:7c:39:c6:3f:59:73:b6:58:bc:
        10:f7:c0:eb:ea:20:87:68:d8:c4:ef:64:0c:c8:b4:ee:
        1f:5d:9a:1e:69:a8:4d:df:19:0e:f8:04:39:f6:01:df:
        b5:24:19:16:d5:b7:b8:7b:67:7f:65:32:61:d3:67:bf:
        ee:c7:8b:13:bb:9e:b7:f3:f1:8b:05:2e:7e:e0:b3:ab:
        21:b4:e8:34:bb:2e:9a:75:4b:a9:6c:ed:25:83:a0:c9
    Fingerprint (SHA-256):
        F7:44:3E:C7:CE:A8:23:AC:E0:91:CA:3C:0B:E9:F2:A7:2A:17:15:B9:13:FE:28:F1:97:66:C8:14:38:9D:D4:B9
    Fingerprint (SHA1):
        17:8E:63:C6:02:90:4E:96:59:99:6A:69:03:43:C2:A4:23:2D:48:A9
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #5435: Verify nicknames were deconflicted (Alice #100)  - PASSED
merge.sh: Merging in SDR 
certutil --upgrade-merge --upgrade-token-name OldDB --upgrade-id sdr --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw
upgrade complete!
merge.sh: #5436: Merging SDR  - PASSED
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
TestCA-dsa                                                   CT,C,C
Alice                                                        u,u,u
Alice-dsamixed                                               u,u,u
Alice-ec                                                     u,u,u
bob@bogus.com                                                ,,   
Dave                                                         u,u,u
eve@bogus.com                                                ,,   
bob-ec@bogus.com                                             ,,   
Dave-ec                                                      u,u,u
TestCA                                                       CT,C,C
TestCA-ec                                                    CT,C,C
Alice-dsa                                                    u,u,u
Alice-ecmixed                                                u,u,u
Dave-dsamixed                                                u,u,u
Dave-dsa                                                     u,u,u
Dave-ecmixed                                                 u,u,u
localhost.localdomain                                        u,u,u
localhost.localdomain-dsamixed                               u,u,u
localhost.localdomain-ec                                     u,u,u
localhost-sni.localdomain-dsa                                u,u,u
localhost-sni.localdomain-ecmixed                            u,u,u
localhost.localdomain-dsa                                    u,u,u
localhost.localdomain-ecmixed                                u,u,u
localhost-sni.localdomain                                    u,u,u
localhost-sni.localdomain-dsamixed                           u,u,u
localhost-sni.localdomain-ec                                 u,u,u
ExtendedSSLUser-dsa                                          u,u,u
serverCA-dsa                                                 C,C,C
ExtendedSSLUser-ecmixed                                      u,u,u
chain-2-clientCA                                             ,,   
chain-1-clientCA-dsa                                         ,,   
clientCA                                                     T,C,C
chain-2-clientCA-ec                                          ,,   
clientCA-ec                                                  T,C,C
ExtendedSSLUser                                              u,u,u
serverCA                                                     C,C,C
ExtendedSSLUser-dsamixed                                     u,u,u
ExtendedSSLUser-ec                                           u,u,u
serverCA-ec                                                  C,C,C
chain-1-clientCA                                             ,,   
chain-2-clientCA-dsa                                         ,,   
clientCA-dsa                                                 T,C,C
chain-1-clientCA-ec                                          ,,   
Alice #1                                                     ,,   
Alice #2                                                     ,,   
Alice #99                                                    ,,   
Alice #3                                                     ,,   
Alice #100                                                   ,,   
Alice #4                                                     ,,   
CRL names                                CRL Type
TestCA                                   CRL  
TestCA-ec                                CRL  
merge.sh: Decrypt - With Original SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #5437: Decrypt - Value 3  - PASSED
merge.sh: Decrypt - With Merged SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/tests.v1.14577 -t Test1 -f ../tests.pw
merge.sh: #5438: Decrypt - Value 1  - PASSED
merge.sh: Signing with merged key  ------------------
cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig
merge.sh: #5439: Create Detached Signature Dave . - PASSED
cmsutil -D -i dave.dsig -c alice.txt -d . 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
merge.sh: #5440: Verifying Dave's Detached Signature  - PASSED
merge.sh: verifying  merged cert  ------------------
certutil -V -n ExtendedSSLUser -u C -d .
certutil: certificate is valid
merge.sh: #5441: Verifying ExtendedSSL User Cert  - PASSED
merge.sh: verifying  merged crl  ------------------
crlutil -L -n TestCA -d .
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US"
    This Update: Tue Jun 28 17:00:23 2016
    Entry 1 (0x1):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 16:54:43 2016
        Entry Extensions:
            Name: CRL reason code
    Entry 2 (0x2):
        Serial Number: 42 (0x2a)
        Revocation Date: Tue Jun 28 17:00:19 2016
    CRL Extensions:
        Name: Certificate Issuer Alt Name
        RFC822 Name: "caemail@ca.com"
        DNS name: "ca.com"
        Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo
            rnia,C=US"
        URI: "http://ca.com"
        IP Address:
            87:0b:31:39:32:2e:31:36:38:2e:30:2e:31
merge.sh: #5442: Verifying TestCA CRL  - PASSED
TIMESTAMP merge END: Tue Jun 28 18:13:39 UTC 2016
Running tests for ec
TIMESTAMP ec BEGIN: Tue Jun 28 18:13:39 UTC 2016
Running ec tests for ecperf
TIMESTAMP ecperf BEGIN: Tue Jun 28 18:13:39 UTC 2016
ecperf.sh: ecperf test ===============================
./ecperf.sh: line 44: ecperf: command not found
ecperf.sh: #5443: ec(perf) test - PASSED
chmod: missing operand after 'a+rw'
Try 'chmod --help' for more information.
TIMESTAMP ecperf END: Tue Jun 28 18:13:39 UTC 2016
TIMESTAMP ec END: Tue Jun 28 18:13:39 UTC 2016
Running tests for gtests
TIMESTAMP gtests BEGIN: Tue Jun 28 18:13:39 UTC 2016
gtests: der_gtest pk11_gtest util_gtest
gtests.sh: der_gtest ===============================
[==========] Running 11 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 11 tests from DERIntegerDecodingTest
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus126
[       OK ] DERIntegerDecodingTest.DecodeLongMinus126 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong130
[       OK ] DERIntegerDecodingTest.DecodeLong130 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong0
[       OK ] DERIntegerDecodingTest.DecodeLong0 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong1
[       OK ] DERIntegerDecodingTest.DecodeLong1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMax
[       OK ] DERIntegerDecodingTest.DecodeLongMax (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMin
[       OK ] DERIntegerDecodingTest.DecodeLongMin (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinPlus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxPlus1 (0 ms)
[----------] 11 tests from DERIntegerDecodingTest (0 ms total)
[----------] Global test environment tear-down
[==========] 11 tests from 1 test case ran. (0 ms total)
[  PASSED  ] 11 tests.
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/der_gtest/report.xml
gtests.sh: #5444: der_gtest run successfully  - PASSED
gtests.sh: pk11_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk11_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/pk11_gtest/report.xml
gtests.sh: #5456: pk11_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/pk11_gtest/report.xml: No such file or directory
gtests.sh: util_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/util_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/util_gtest/report.xml
gtests.sh: #5457: util_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/upgradedb/util_gtest/report.xml: No such file or directory
TIMESTAMP gtests END: Tue Jun 28 18:13:39 UTC 2016
Running tests for ssl_gtests
TIMESTAMP ssl_gtests BEGIN: Tue Jun 28 18:13:39 UTC 2016
ssl_gtest.sh: SSL Gtests ===============================
ssl_gtest.sh: #5458: create ssl_gtest database  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5459: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5460: create certificate: sign kex - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5461: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5462: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5463: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5464: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #5465: create certificate: sign  - PASSED
ssl_gtest.sh: #5466: Skipping ssl_gtest (not built) - UNKNOWN
TIMESTAMP ssl_gtests END: Tue Jun 28 18:13:53 UTC 2016
ssl_gtests.sh: Testing with shared library ===============================
Running tests for cert
TIMESTAMP cert BEGIN: Tue Jun 28 18:13:53 UTC 2016
cert.sh: Certutil and Crlutil Tests with ECC ===============================
cert.sh: #5467: Looking for root certs module. - PASSED
cert.sh: Creating a CA Certificate TestCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -f ../tests.pw
cert.sh: #5468: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5469: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert TestCA  --------------------------
certutil -s "CN=NSS Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5470: Creating CA Cert TestCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n TestCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -o root.cert
cert.sh: #5471: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -f ../tests.pw
cert.sh: #5472: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5473: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert serverCA  --------------------------
certutil -s "CN=NSS Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA -t Cu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5474: Creating CA Cert serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -o root.cert
cert.sh: #5475: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating CA Cert chain-1-serverCA  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA -t u,u,u -v 600 -c serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5476: Creating CA Cert chain-1-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -o root.cert
cert.sh: #5477: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-serverCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating CA Cert chain-2-serverCA  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA -t u,u,u -v 600 -c chain-1-serverCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5478: Creating CA Cert chain-2-serverCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-serverCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -o root.cert
cert.sh: #5479: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating CA Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -f ../tests.pw
cert.sh: #5480: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5481: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert clientCA  --------------------------
certutil -s "CN=NSS Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA -t Tu,Cu,Cu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5482: Creating CA Cert clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -o root.cert
cert.sh: #5483: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-1-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating CA Cert chain-1-clientCA  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA -t u,u,u -v 600 -c clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5484: Creating CA Cert chain-1-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-1-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -o root.cert
cert.sh: #5485: Exporting Root Cert - PASSED
cert.sh: Creating a CA Certificate chain-2-clientCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating CA Cert chain-2-clientCA  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA, O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA -t u,u,u -v 600 -c chain-1-clientCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5486: Creating CA Cert chain-2-clientCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n chain-2-clientCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -o root.cert
cert.sh: #5487: Exporting Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate TestCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA
cert.sh: Creating DSA CA Cert TestCA-dsa  --------------------------
certutil -s "CN=NSS Test CA (DSA), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-dsa -k dsa -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5488: Creating DSA CA Cert TestCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n TestCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5489: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating DSA CA Cert serverCA-dsa  --------------------------
certutil -s "CN=NSS Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-dsa -k dsa -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5490: Creating DSA CA Cert serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5491: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating DSA CA Cert chain-1-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-dsa -k dsa -t u,u,u -v 600 -c serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5492: Creating DSA CA Cert chain-1-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5493: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-serverCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating DSA CA Cert chain-2-serverCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-serverCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5494: Creating DSA CA Cert chain-2-serverCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-serverCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5495: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating DSA CA Cert clientCA-dsa  --------------------------
certutil -s "CN=NSS Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-dsa -k dsa -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5496: Creating DSA CA Cert clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5497: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-1-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating DSA CA Cert chain-1-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-dsa -k dsa -t u,u,u -v 600 -c clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5498: Creating DSA CA Cert chain-1-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-1-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5499: Exporting DSA Root Cert - PASSED
cert.sh: Creating an DSA CA Certificate chain-2-clientCA-dsa ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating DSA CA Cert chain-2-clientCA-dsa  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (DSA), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-dsa -k dsa -t u,u,u -v 600 -c chain-1-clientCA-dsa -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5500: Creating DSA CA Cert chain-2-clientCA-dsa  - PASSED
cert.sh: Exporting DSA Root Cert --------------------------
certutil -L -n chain-2-clientCA-dsa -r -d . -o dsaroot.cert
cert.sh: #5501: Exporting DSA Root Cert - PASSED
cert.sh: Creating an EC CA Certificate TestCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA
cert.sh: Creating EC CA Cert TestCA-ec  --------------------------
certutil -s "CN=NSS Test CA (ECC), O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n TestCA-ec -k ec -q secp521r1 -t CTu,CTu,CTu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5502: Creating EC CA Cert TestCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n TestCA-ec -r -d . -o ecroot.cert
cert.sh: #5503: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating EC CA Cert serverCA-ec  --------------------------
certutil -s "CN=NSS Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n serverCA-ec -k ec -q secp521r1 -t Cu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5504: Creating EC CA Cert serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n serverCA-ec -r -d . -o ecroot.cert
cert.sh: #5505: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating EC CA Cert chain-1-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 3
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5506: Creating EC CA Cert chain-1-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #5507: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-serverCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA
cert.sh: Creating EC CA Cert chain-2-serverCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Server Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-serverCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-serverCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 4
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5508: Creating EC CA Cert chain-2-serverCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-serverCA-ec -r -d . -o ecroot.cert
cert.sh: #5509: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating EC CA Cert clientCA-ec  --------------------------
certutil -s "CN=NSS Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n clientCA-ec -k ec -q secp521r1 -t Tu,Cu,Cu -v 600 -x -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 5
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5510: Creating EC CA Cert clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n clientCA-ec -r -d . -o ecroot.cert
cert.sh: #5511: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-1-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating EC CA Cert chain-1-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain1 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-1-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 6
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5512: Creating EC CA Cert chain-1-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-1-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #5513: Exporting EC Root Cert - PASSED
cert.sh: Creating an EC CA Certificate chain-2-clientCA-ec ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA
cert.sh: Creating EC CA Cert chain-2-clientCA-ec  --------------------------
certutil -s "CN=NSS Chain2 Client Test CA (ECC), O=BOGUS NSS, L=Santa Clara, ST=California, C=US" -S -n chain-2-clientCA-ec -k ec -q secp521r1 -t u,u,u -v 600 -c chain-1-clientCA-ec -d . -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 7
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5514: Creating EC CA Cert chain-2-clientCA-ec  - PASSED
cert.sh: Exporting EC Root Cert --------------------------
certutil -L -n chain-2-clientCA-ec -r -d . -o ecroot.cert
cert.sh: #5515: Exporting EC Root Cert - PASSED
cert.sh: Creating Certificates, issued by the last ===============
     of a chain of CA's which are not in the same database============
Server Cert
cert.sh: Initializing localhost.localdomain's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw
cert.sh: #5516: Initializing localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5517: Loading root cert module to localhost.localdomain's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5518: Generate Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain.cert -f ../tests.pw
cert.sh: #5519: Sign localhost.localdomain's Request (ext) - PASSED
cert.sh: Import localhost.localdomain's Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5520: Import localhost.localdomain's Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert
cert.sh: #5521: Import Client Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5522: Generate DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA-dsa -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw
cert.sh: #5523: Sign localhost.localdomain's DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5524: Import localhost.localdomain's DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA-dsa.ca.cert
cert.sh: #5525: Import Client DSA Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5526: Generate mixed DSA Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 202 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw
cert.sh: #5527: Sign localhost.localdomain's mixed DSA Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5528: Import localhost.localdomain's mixed DSA Cert  -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5529: Generate EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA-ec -m 200 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ec.cert -f ../tests.pw
cert.sh: #5530: Sign localhost.localdomain's EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5531: Import localhost.localdomain's EC Cert  -t u,u,u (ext) - PASSED
cert.sh: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) --------------------------
certutil -A -n clientCA-ec -t T,, -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert
cert.sh: #5532: Import Client EC Root CA -t T,, for localhost.localdomain (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for localhost.localdomain (ext) --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5533: Generate mixed EC Cert Request for localhost.localdomain (ext) - PASSED
cert.sh: Sign localhost.localdomain's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-serverCA -m 201 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw
cert.sh: #5534: Sign localhost.localdomain's mixed EC Request (ext) - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5535: Import localhost.localdomain's mixed EC Cert  -t u,u,u (ext) - PASSED
Importing all the server's own CA chain into the servers DB
cert.sh: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5536: Import chain-2-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5537: Import chain-2-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-2-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-2-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5538: Import chain-2-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5539: Import chain-1-serverCA-dsa CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5540: Import chain-1-serverCA-ec CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert
cert.sh: #5541: Import serverCA CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert
cert.sh: #5542: Import serverCA-ec CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA-dsa.ca.cert
cert.sh: #5543: Import serverCA-dsa CA -t C,C,C for localhost.localdomain (ext.)  - PASSED
cert.sh: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  --------------------------
certutil -A -n chain-1-serverCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_server -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/chain-1-serverCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5544: Import chain-1-serverCA CA -t u,u,u for localhost.localdomain (ext.)  - PASSED
Client Cert
cert.sh: Initializing ExtendedSSLUser's Cert DB (ext.) --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw
cert.sh: #5545: Initializing ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5546: Loading root cert module to ExtendedSSLUser's Cert DB (ext.) - PASSED
cert.sh: Generate Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5547: Generate Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser.cert -f ../tests.pw
cert.sh: #5548: Sign ExtendedSSLUser's Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5549: Import ExtendedSSLUser's Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA.ca.cert
cert.sh: #5550: Import Server Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5551: Generate DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA-dsa -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-dsa.cert -f ../tests.pw
cert.sh: #5552: Sign ExtendedSSLUser's DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5553: Import ExtendedSSLUser's DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-dsa -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA-dsa.ca.cert
cert.sh: #5554: Import Server DSA Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -k dsa -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5555: Generate mixed DSA Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed DSA Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 302 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-dsamixed.cert -f ../tests.pw
cert.sh: #5556: Sign ExtendedSSLUser's mixed DSA Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5557: Import ExtendedSSLUser's mixed DSA Cert -t u,u,u (ext) - PASSED
cert.sh: Generate EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5558: Generate EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA-ec -m 300 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ec.cert -f ../tests.pw
cert.sh: #5559: Sign ExtendedSSLUser's EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5560: Import ExtendedSSLUser's EC Cert -t u,u,u (ext) - PASSED
cert.sh: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n serverCA-ec -t C,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA/serverCA-ec.ca.cert
cert.sh: #5561: Import Server EC Root CA -t C,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Generate mixed EC Cert Request for ExtendedSSLUser (ext) --------------------------
certutil -s "CN=ExtendedSSLUser, E=ExtendedSSLUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -k ec -q secp256r1 -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5562: Generate mixed EC Cert Request for ExtendedSSLUser (ext) - PASSED
cert.sh: Sign ExtendedSSLUser's mixed EC Request (ext) --------------------------
certutil -C -c chain-2-clientCA -m 301 -v 60 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA -i req -o ExtendedSSLUser-ecmixed.cert -f ../tests.pw
cert.sh: #5563: Sign ExtendedSSLUser's mixed EC Request (ext) - PASSED
cert.sh: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) --------------------------
certutil -A -n ExtendedSSLUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -f ../tests.pw -i ExtendedSSLUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5564: Import ExtendedSSLUser's mixed EC Cert -t u,u,u (ext) - PASSED
Importing all the client's own CA chain into the servers DB
cert.sh: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5565: Import chain-2-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5566: Import chain-1-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5567: Import chain-1-clientCA CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-dsa -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA-dsa.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5568: Import chain-2-clientCA-dsa CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-dsa -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA-dsa.ca.cert
cert.sh: #5569: Import clientCA-dsa CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-1-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-1-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5570: Import chain-1-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA.ca.cert
cert.sh: #5571: Import clientCA CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) --------------------------
certutil -A -n chain-2-clientCA-ec -t u,u,u -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/chain-2-clientCA-ec.ca.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5572: Import chain-2-clientCA-ec CA -t u,u,u for ExtendedSSLUser (ext.) - PASSED
cert.sh: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) --------------------------
certutil -A -n clientCA-ec -t T,C,C -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ext_client -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/clientCA/clientCA-ec.ca.cert
cert.sh: #5573: Import clientCA-ec CA -t T,C,C for ExtendedSSLUser (ext.) - PASSED
cert.sh SUCCESS: EXT passed
cert.sh: Creating Client CA Issued Certificates ===============
cert.sh: Initializing TestUser's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw
cert.sh: #5574: Initializing TestUser's Cert DB - PASSED
cert.sh: Loading root cert module to TestUser's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5575: Loading root cert module to TestUser's Cert DB - PASSED
cert.sh: Import Root CA for TestUser --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA.ca.cert
cert.sh: #5576: Import Root CA for TestUser - PASSED
cert.sh: Import DSA Root CA for TestUser --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5577: Import DSA Root CA for TestUser - PASSED
cert.sh: Import EC Root CA for TestUser --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -i ../CA/TestCA-ec.ca.cert
cert.sh: #5578: Import EC Root CA for TestUser - PASSED
cert.sh: Generate Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5579: Generate Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's Request --------------------------
certutil -C -c TestCA -m 70 -v 60 -d ../CA -i req -o TestUser.cert -f ../tests.pw 
cert.sh: #5580: Sign TestUser's Request - PASSED
cert.sh: Import TestUser's Cert --------------------------
certutil -A -n TestUser -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5581: Import TestUser's Cert - PASSED
cert.sh SUCCESS: TestUser's Cert Created
cert.sh: Generate DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5582: Generate DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 70 -v 60 -d ../CA -i req -o TestUser-dsa.cert -f ../tests.pw 
cert.sh: #5583: Sign TestUser's DSA Request - PASSED
cert.sh: Import TestUser's DSA Cert --------------------------
certutil -A -n TestUser-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5584: Import TestUser's DSA Cert - PASSED
cert.sh SUCCESS: TestUser's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5585: Generate mixed DSA Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20070 -v 60 -d ../CA -i req -o TestUser-dsamixed.cert -f ../tests.pw 
cert.sh: #5586: Sign TestUser's DSA Request with RSA - PASSED
cert.sh: Import TestUser's mixed DSA Cert --------------------------
certutil -A -n TestUser-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5587: Import TestUser's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5588: Generate EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request --------------------------
certutil -C -c TestCA-ec -m 70 -v 60 -d ../CA -i req -o TestUser-ec.cert -f ../tests.pw 
cert.sh: #5589: Sign TestUser's EC Request - PASSED
cert.sh: Import TestUser's EC Cert --------------------------
certutil -A -n TestUser-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5590: Import TestUser's EC Cert - PASSED
cert.sh SUCCESS: TestUser's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser --------------------------
certutil -s "CN=TestUser, E=TestUser-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5591: Generate mixed EC Cert Request for TestUser - PASSED
cert.sh: Sign TestUser's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10070 -v 60 -d ../CA -i req -o TestUser-ecmixed.cert -f ../tests.pw 
cert.sh: #5592: Sign TestUser's EC Request with RSA - PASSED
cert.sh: Import TestUser's mixed EC Cert --------------------------
certutil -A -n TestUser-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5593: Import TestUser's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain ------------------------------------
cert.sh: Initializing localhost.localdomain's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw
cert.sh: #5594: Initializing localhost.localdomain's Cert DB - PASSED
cert.sh: Loading root cert module to localhost.localdomain's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5595: Loading root cert module to localhost.localdomain's Cert DB - PASSED
cert.sh: Import Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA.ca.cert
cert.sh: #5596: Import Root CA for localhost.localdomain - PASSED
cert.sh: Import DSA Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5597: Import DSA Root CA for localhost.localdomain - PASSED
cert.sh: Import EC Root CA for localhost.localdomain --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -i ../CA/TestCA-ec.ca.cert
cert.sh: #5598: Import EC Root CA for localhost.localdomain - PASSED
cert.sh: Generate Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5599: Generate Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's Request --------------------------
certutil -C -c TestCA -m 100 -v 60 -d ../CA -i req -o localhost.localdomain.cert -f ../tests.pw 
cert.sh: #5600: Sign localhost.localdomain's Request - PASSED
cert.sh: Import localhost.localdomain's Cert --------------------------
certutil -A -n localhost.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5601: Import localhost.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5602: Generate DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #5603: Sign localhost.localdomain's DSA Request - PASSED
cert.sh: Import localhost.localdomain's DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5604: Import localhost.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5605: Generate mixed DSA Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20100 -v 60 -d ../CA -i req -o localhost.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #5606: Sign localhost.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5607: Import localhost.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5608: Generate EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 100 -v 60 -d ../CA -i req -o localhost.localdomain-ec.cert -f ../tests.pw 
cert.sh: #5609: Sign localhost.localdomain's EC Request - PASSED
cert.sh: Import localhost.localdomain's EC Cert --------------------------
certutil -A -n localhost.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5610: Import localhost.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost.localdomain --------------------------
certutil -s "CN=localhost.localdomain, E=localhost.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5611: Generate mixed EC Cert Request for localhost.localdomain - PASSED
cert.sh: Sign localhost.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10100 -v 60 -d ../CA -i req -o localhost.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #5612: Sign localhost.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5613: Import localhost.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost.localdomain's mixed EC Cert Created
cert.sh: Creating Server CA Issued Certificate for \
             localhost.localdomain-sni --------------------------------
cert.sh: Generate Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5614: Generate Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's Request --------------------------
certutil -C -c TestCA -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain.cert -f ../tests.pw 
cert.sh: #5615: Sign localhost-sni.localdomain's Request - PASSED
cert.sh: Import localhost-sni.localdomain's Cert --------------------------
certutil -A -n localhost-sni.localdomain -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5616: Import localhost-sni.localdomain's Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's Cert Created
cert.sh: Generate DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5617: Generate DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsa.cert -f ../tests.pw 
cert.sh: #5618: Sign localhost-sni.localdomain's DSA Request - PASSED
cert.sh: Import localhost-sni.localdomain's DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5619: Import localhost-sni.localdomain's DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5620: Generate mixed DSA Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-dsamixed.cert -f ../tests.pw 
cert.sh: #5621: Sign localhost-sni.localdomain's DSA Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed DSA Cert --------------------------
certutil -A -n localhost-sni.localdomain-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5622: Import localhost-sni.localdomain's mixed DSA Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5623: Generate EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request --------------------------
certutil -C -c TestCA-ec -m 101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ec.cert -f ../tests.pw 
cert.sh: #5624: Sign localhost-sni.localdomain's EC Request - PASSED
cert.sh: Import localhost-sni.localdomain's EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5625: Import localhost-sni.localdomain's EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's EC Cert Created
cert.sh: Generate mixed EC Cert Request for localhost-sni.localdomain --------------------------
certutil -s "CN=localhost-sni.localdomain, E=localhost-sni.localdomain-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5626: Generate mixed EC Cert Request for localhost-sni.localdomain - PASSED
cert.sh: Sign localhost-sni.localdomain's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10101 -v 60 -d ../CA -i req -o localhost-sni.localdomain-ecmixed.cert -f ../tests.pw 
cert.sh: #5627: Sign localhost-sni.localdomain's EC Request with RSA - PASSED
cert.sh: Import localhost-sni.localdomain's mixed EC Cert --------------------------
certutil -A -n localhost-sni.localdomain-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw -i localhost-sni.localdomain-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5628: Import localhost-sni.localdomain's mixed EC Cert - PASSED
cert.sh SUCCESS: localhost-sni.localdomain's mixed EC Cert Created
cert.sh: Modify trust attributes of Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw
cert.sh: #5629: Modify trust attributes of Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of DSA Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-dsa -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw
cert.sh: #5630: Modify trust attributes of DSA Root CA -t TC,TC,TC - PASSED
cert.sh: Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
certutil -M -n TestCA-ec -t TC,TC,TC -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server -f ../tests.pw
cert.sh: #5631: Modify trust attributes of EC Root CA -t TC,TC,TC - PASSED
cert.sh SUCCESS: SSL passed
cert.sh: Creating database for OCSP stapling tests  ===============
cp -r /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/server /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/stapling
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -o ../stapling/ca.p12 -n TestCA -k ../tests.pw -w ../tests.pw -d ../CA
pk12util: PKCS12 EXPORT SUCCESSFUL
Modify trust attributes of EC Root CA -t TC,TC,TC --------------------------
pk12util -i ../stapling/ca.p12 -k ../tests.pw -w ../tests.pw -d ../stapling
pk12util: PKCS12 IMPORT SUCCESSFUL
cert.sh: Creating Client CA Issued Certificates ==============
cert.sh: Initializing Alice's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw
cert.sh: #5632: Initializing Alice's Cert DB - PASSED
cert.sh: Loading root cert module to Alice's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5633: Loading root cert module to Alice's Cert DB - PASSED
cert.sh: Import Root CA for Alice --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA.ca.cert
cert.sh: #5634: Import Root CA for Alice - PASSED
cert.sh: Import DSA Root CA for Alice --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5635: Import DSA Root CA for Alice - PASSED
cert.sh: Import EC Root CA for Alice --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -i ../CA/TestCA-ec.ca.cert
cert.sh: #5636: Import EC Root CA for Alice - PASSED
cert.sh: Generate Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5637: Generate Cert Request for Alice - PASSED
cert.sh: Sign Alice's Request --------------------------
certutil -C -c TestCA -m 30 -v 60 -d ../CA -i req -o Alice.cert -f ../tests.pw 
cert.sh: #5638: Sign Alice's Request - PASSED
cert.sh: Import Alice's Cert --------------------------
certutil -A -n Alice -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5639: Import Alice's Cert - PASSED
cert.sh SUCCESS: Alice's Cert Created
cert.sh: Generate DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5640: Generate DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 30 -v 60 -d ../CA -i req -o Alice-dsa.cert -f ../tests.pw 
cert.sh: #5641: Sign Alice's DSA Request - PASSED
cert.sh: Import Alice's DSA Cert --------------------------
certutil -A -n Alice-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5642: Import Alice's DSA Cert - PASSED
cert.sh SUCCESS: Alice's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5643: Generate mixed DSA Cert Request for Alice - PASSED
cert.sh: Sign Alice's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20030 -v 60 -d ../CA -i req -o Alice-dsamixed.cert -f ../tests.pw 
cert.sh: #5644: Sign Alice's DSA Request with RSA - PASSED
cert.sh: Import Alice's mixed DSA Cert --------------------------
certutil -A -n Alice-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5645: Import Alice's mixed DSA Cert - PASSED
cert.sh SUCCESS: Alice's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5646: Generate EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request --------------------------
certutil -C -c TestCA-ec -m 30 -v 60 -d ../CA -i req -o Alice-ec.cert -f ../tests.pw 
cert.sh: #5647: Sign Alice's EC Request - PASSED
cert.sh: Import Alice's EC Cert --------------------------
certutil -A -n Alice-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5648: Import Alice's EC Cert - PASSED
cert.sh SUCCESS: Alice's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Alice --------------------------
certutil -s "CN=Alice, E=Alice-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5649: Generate mixed EC Cert Request for Alice - PASSED
cert.sh: Sign Alice's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10030 -v 60 -d ../CA -i req -o Alice-ecmixed.cert -f ../tests.pw 
cert.sh: #5650: Sign Alice's EC Request with RSA - PASSED
cert.sh: Import Alice's mixed EC Cert --------------------------
certutil -A -n Alice-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/alicedir -f ../tests.pw -i Alice-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5651: Import Alice's mixed EC Cert - PASSED
cert.sh SUCCESS: Alice's mixed EC Cert Created
cert.sh: Initializing Bob's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw
cert.sh: #5652: Initializing Bob's Cert DB - PASSED
cert.sh: Loading root cert module to Bob's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5653: Loading root cert module to Bob's Cert DB - PASSED
cert.sh: Import Root CA for Bob --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA.ca.cert
cert.sh: #5654: Import Root CA for Bob - PASSED
cert.sh: Import DSA Root CA for Bob --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5655: Import DSA Root CA for Bob - PASSED
cert.sh: Import EC Root CA for Bob --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -i ../CA/TestCA-ec.ca.cert
cert.sh: #5656: Import EC Root CA for Bob - PASSED
cert.sh: Generate Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5657: Generate Cert Request for Bob - PASSED
cert.sh: Sign Bob's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o Bob.cert -f ../tests.pw 
cert.sh: #5658: Sign Bob's Request - PASSED
cert.sh: Import Bob's Cert --------------------------
certutil -A -n Bob -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5659: Import Bob's Cert - PASSED
cert.sh SUCCESS: Bob's Cert Created
cert.sh: Generate DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5660: Generate DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o Bob-dsa.cert -f ../tests.pw 
cert.sh: #5661: Sign Bob's DSA Request - PASSED
cert.sh: Import Bob's DSA Cert --------------------------
certutil -A -n Bob-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5662: Import Bob's DSA Cert - PASSED
cert.sh SUCCESS: Bob's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5663: Generate mixed DSA Cert Request for Bob - PASSED
cert.sh: Sign Bob's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o Bob-dsamixed.cert -f ../tests.pw 
cert.sh: #5664: Sign Bob's DSA Request with RSA - PASSED
cert.sh: Import Bob's mixed DSA Cert --------------------------
certutil -A -n Bob-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5665: Import Bob's mixed DSA Cert - PASSED
cert.sh SUCCESS: Bob's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5666: Generate EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o Bob-ec.cert -f ../tests.pw 
cert.sh: #5667: Sign Bob's EC Request - PASSED
cert.sh: Import Bob's EC Cert --------------------------
certutil -A -n Bob-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5668: Import Bob's EC Cert - PASSED
cert.sh SUCCESS: Bob's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Bob --------------------------
certutil -s "CN=Bob, E=Bob-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5669: Generate mixed EC Cert Request for Bob - PASSED
cert.sh: Sign Bob's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o Bob-ecmixed.cert -f ../tests.pw 
cert.sh: #5670: Sign Bob's EC Request with RSA - PASSED
cert.sh: Import Bob's mixed EC Cert --------------------------
certutil -A -n Bob-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/bobdir -f ../tests.pw -i Bob-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5671: Import Bob's mixed EC Cert - PASSED
cert.sh SUCCESS: Bob's mixed EC Cert Created
cert.sh: Creating Dave's Certificate -------------------------
cert.sh: Initializing Dave's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw
cert.sh: #5672: Initializing Dave's Cert DB - PASSED
cert.sh: Loading root cert module to Dave's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5673: Loading root cert module to Dave's Cert DB - PASSED
cert.sh: Import Root CA for Dave --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA.ca.cert
cert.sh: #5674: Import Root CA for Dave - PASSED
cert.sh: Import DSA Root CA for Dave --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5675: Import DSA Root CA for Dave - PASSED
cert.sh: Import EC Root CA for Dave --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -i ../CA/TestCA-ec.ca.cert
cert.sh: #5676: Import EC Root CA for Dave - PASSED
cert.sh: Generate Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5677: Generate Cert Request for Dave - PASSED
cert.sh: Sign Dave's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o Dave.cert -f ../tests.pw 
cert.sh: #5678: Sign Dave's Request - PASSED
cert.sh: Import Dave's Cert --------------------------
certutil -A -n Dave -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5679: Import Dave's Cert - PASSED
cert.sh SUCCESS: Dave's Cert Created
cert.sh: Generate DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5680: Generate DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o Dave-dsa.cert -f ../tests.pw 
cert.sh: #5681: Sign Dave's DSA Request - PASSED
cert.sh: Import Dave's DSA Cert --------------------------
certutil -A -n Dave-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5682: Import Dave's DSA Cert - PASSED
cert.sh SUCCESS: Dave's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5683: Generate mixed DSA Cert Request for Dave - PASSED
cert.sh: Sign Dave's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o Dave-dsamixed.cert -f ../tests.pw 
cert.sh: #5684: Sign Dave's DSA Request with RSA - PASSED
cert.sh: Import Dave's mixed DSA Cert --------------------------
certutil -A -n Dave-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5685: Import Dave's mixed DSA Cert - PASSED
cert.sh SUCCESS: Dave's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5686: Generate EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o Dave-ec.cert -f ../tests.pw 
cert.sh: #5687: Sign Dave's EC Request - PASSED
cert.sh: Import Dave's EC Cert --------------------------
certutil -A -n Dave-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5688: Import Dave's EC Cert - PASSED
cert.sh SUCCESS: Dave's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Dave --------------------------
certutil -s "CN=Dave, E=Dave-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5689: Generate mixed EC Cert Request for Dave - PASSED
cert.sh: Sign Dave's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o Dave-ecmixed.cert -f ../tests.pw 
cert.sh: #5690: Sign Dave's EC Request with RSA - PASSED
cert.sh: Import Dave's mixed EC Cert --------------------------
certutil -A -n Dave-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dave -f ../tests.pw -i Dave-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5691: Import Dave's mixed EC Cert - PASSED
cert.sh SUCCESS: Dave's mixed EC Cert Created
cert.sh: Creating multiEmail's Certificate --------------------
cert.sh: Initializing Eve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw
cert.sh: #5692: Initializing Eve's Cert DB - PASSED
cert.sh: Loading root cert module to Eve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5693: Loading root cert module to Eve's Cert DB - PASSED
cert.sh: Import Root CA for Eve --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA.ca.cert
cert.sh: #5694: Import Root CA for Eve - PASSED
cert.sh: Import DSA Root CA for Eve --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5695: Import DSA Root CA for Eve - PASSED
cert.sh: Import EC Root CA for Eve --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -i ../CA/TestCA-ec.ca.cert
cert.sh: #5696: Import EC Root CA for Eve - PASSED
cert.sh: Generate Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5697: Generate Cert Request for Eve - PASSED
cert.sh: Sign Eve's Request --------------------------
certutil -C -c TestCA -m 60 -v 60 -d ../CA -i req -o Eve.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #5698: Sign Eve's Request - PASSED
cert.sh: Import Eve's Cert --------------------------
certutil -A -n Eve -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5699: Import Eve's Cert - PASSED
cert.sh SUCCESS: Eve's Cert Created
cert.sh: Generate DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5700: Generate DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 60 -v 60 -d ../CA -i req -o Eve-dsa.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #5701: Sign Eve's DSA Request - PASSED
cert.sh: Import Eve's DSA Cert --------------------------
certutil -A -n Eve-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5702: Import Eve's DSA Cert - PASSED
cert.sh SUCCESS: Eve's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5703: Generate mixed DSA Cert Request for Eve - PASSED
cert.sh: Sign Eve's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20060 -v 60 -d ../CA -i req -o Eve-dsamixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #5704: Sign Eve's DSA Request with RSA - PASSED
cert.sh: Import Eve's mixed DSA Cert --------------------------
certutil -A -n Eve-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5705: Import Eve's mixed DSA Cert - PASSED
cert.sh SUCCESS: Eve's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5706: Generate EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request --------------------------
certutil -C -c TestCA-ec -m 60 -v 60 -d ../CA -i req -o Eve-ec.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #5707: Sign Eve's EC Request - PASSED
cert.sh: Import Eve's EC Cert --------------------------
certutil -A -n Eve-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5708: Import Eve's EC Cert - PASSED
cert.sh SUCCESS: Eve's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Eve --------------------------
certutil -s "CN=Eve, E=Eve-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5709: Generate mixed EC Cert Request for Eve - PASSED
cert.sh: Sign Eve's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10060 -v 60 -d ../CA -i req -o Eve-ecmixed.cert -f ../tests.pw -7 eve@bogus.net,eve@bogus.cc,beve@bogus.com
cert.sh: #5710: Sign Eve's EC Request with RSA - PASSED
cert.sh: Import Eve's mixed EC Cert --------------------------
certutil -A -n Eve-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eve -f ../tests.pw -i Eve-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5711: Import Eve's mixed EC Cert - PASSED
cert.sh SUCCESS: Eve's mixed EC Cert Created
cert.sh: Importing Certificates ==============================
cert.sh: Import Bob's cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob.cert
cert.sh: #5712: Import Bob's cert into Alice's db - PASSED
cert.sh: Import Dave's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #5713: Import Dave's cert into Alice's DB - PASSED
cert.sh: Import Dave's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave.cert
cert.sh: #5714: Import Dave's cert into Bob's DB - PASSED
cert.sh: Import Eve's cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #5715: Import Eve's cert into Alice's DB - PASSED
cert.sh: Import Eve's cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../eve/Eve.cert
cert.sh: #5716: Import Eve's cert into Bob's DB - PASSED
cert.sh: Importing EC Certificates ==============================
cert.sh: Import Bob's EC cert into Alice's db --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../bobdir/Bob-ec.cert
cert.sh: #5717: Import Bob's EC cert into Alice's db - PASSED
cert.sh: Import Dave's EC cert into Alice's DB --------------------------
certutil -E -t ,, -d ../alicedir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #5718: Import Dave's EC cert into Alice's DB - PASSED
cert.sh: Import Dave's EC cert into Bob's DB --------------------------
certutil -E -t ,, -d ../bobdir -f ../tests.pw -i ../dave/Dave-ec.cert
cert.sh: #5719: Import Dave's EC cert into Bob's DB - PASSED
cert.sh SUCCESS: SMIME passed
cert.sh: Creating FIPS 140 DSA Certificates ==============
cert.sh: Initializing FIPS PUB 140 Test Certificate's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw
cert.sh: #5720: Initializing FIPS PUB 140 Test Certificate's Cert DB - PASSED
cert.sh: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5721: Loading root cert module to FIPS PUB 140 Test Certificate's Cert DB (ext.) - PASSED
cert.sh: Enable FIPS mode on database -----------------------
modutil -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips -fips true 
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
FIPS mode enabled.
cert.sh: #5722: Enable FIPS mode on database for FIPS PUB 140 Test Certificate - PASSED
cert.sh: Generate Certificate for FIPS PUB 140 Test Certificate --------------------------
certutil -s "CN=FIPS PUB 140 Test Certificate, E=fips@bogus.com, O=BOGUS NSS, OU=FIPS PUB 140, L=Mountain View, ST=California, C=US" -S -n FIPS_PUB_140_Test_Certificate -x -t Cu,Cu,Cu -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips -f ../tests.fipspw -k dsa -v 600 -m 500 -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5723: Generate Certificate for FIPS PUB 140 Test Certificate - PASSED
cert.sh SUCCESS: FIPS passed
cert.sh: Creating Server CA Issued Certificate for 
             EC Curves Test Certificates ------------------------------------
cert.sh: Initializing EC Curve's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw
cert.sh: #5724: Initializing EC Curve's Cert DB - PASSED
cert.sh: Loading root cert module to EC Curve's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5725: Loading root cert module to EC Curve's Cert DB - PASSED
cert.sh: Import EC Root CA for EC Curves Test Certificates --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -i ../CA/TestCA-ec.ca.cert
cert.sh: #5726: Import EC Root CA for EC Curves Test Certificates - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp256 --------------------------
certutil -s "CN=Curve-nistp256, E=Curve-nistp256-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp256 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5727: Generate EC Cert Request for Curve-nistp256 - PASSED
cert.sh: Sign Curve-nistp256's EC Request --------------------------
certutil -C -c TestCA-ec -m 2001 -v 60 -d ../CA -i req -o Curve-nistp256-ec.cert -f ../tests.pw 
cert.sh: #5728: Sign Curve-nistp256's EC Request - PASSED
cert.sh: Import Curve-nistp256's EC Cert --------------------------
certutil -A -n Curve-nistp256-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp256-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5729: Import Curve-nistp256's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp384 --------------------------
certutil -s "CN=Curve-nistp384, E=Curve-nistp384-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp384 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5730: Generate EC Cert Request for Curve-nistp384 - PASSED
cert.sh: Sign Curve-nistp384's EC Request --------------------------
certutil -C -c TestCA-ec -m 2002 -v 60 -d ../CA -i req -o Curve-nistp384-ec.cert -f ../tests.pw 
cert.sh: #5731: Sign Curve-nistp384's EC Request - PASSED
cert.sh: Import Curve-nistp384's EC Cert --------------------------
certutil -A -n Curve-nistp384-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp384-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5732: Import Curve-nistp384's EC Cert - PASSED
cert.sh: Generate EC Cert Request for Curve-nistp521 --------------------------
certutil -s "CN=Curve-nistp521, E=Curve-nistp521-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q nistp521 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5733: Generate EC Cert Request for Curve-nistp521 - PASSED
cert.sh: Sign Curve-nistp521's EC Request --------------------------
certutil -C -c TestCA-ec -m 2003 -v 60 -d ../CA -i req -o Curve-nistp521-ec.cert -f ../tests.pw 
cert.sh: #5734: Sign Curve-nistp521's EC Request - PASSED
cert.sh: Import Curve-nistp521's EC Cert --------------------------
certutil -A -n Curve-nistp521-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/eccurves -f ../tests.pw -i Curve-nistp521-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5735: Import Curve-nistp521's EC Cert - PASSED
cert.sh: Initializing TestExt's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw
cert.sh: #5736: Initializing TestExt's Cert DB - PASSED
cert.sh: Loading root cert module to TestExt's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5737: Loading root cert module to TestExt's Cert DB - PASSED
cert.sh: Import Root CA for TestExt --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA.ca.cert
cert.sh: #5738: Import Root CA for TestExt - PASSED
cert.sh: Import DSA Root CA for TestExt --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5739: Import DSA Root CA for TestExt - PASSED
cert.sh: Import EC Root CA for TestExt --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -i ../CA/TestCA-ec.ca.cert
cert.sh: #5740: Import EC Root CA for TestExt - PASSED
cert.sh: Generate Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5741: Generate Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's Request --------------------------
certutil -C -c TestCA -m 90 -v 60 -d ../CA -i req -o TestExt.cert -f ../tests.pw 
cert.sh: #5742: Sign TestExt's Request - PASSED
cert.sh: Import TestExt's Cert --------------------------
certutil -A -n TestExt -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5743: Import TestExt's Cert - PASSED
cert.sh SUCCESS: TestExt's Cert Created
cert.sh: Generate DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5744: Generate DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 90 -v 60 -d ../CA -i req -o TestExt-dsa.cert -f ../tests.pw 
cert.sh: #5745: Sign TestExt's DSA Request - PASSED
cert.sh: Import TestExt's DSA Cert --------------------------
certutil -A -n TestExt-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5746: Import TestExt's DSA Cert - PASSED
cert.sh SUCCESS: TestExt's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5747: Generate mixed DSA Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20090 -v 60 -d ../CA -i req -o TestExt-dsamixed.cert -f ../tests.pw 
cert.sh: #5748: Sign TestExt's DSA Request with RSA - PASSED
cert.sh: Import TestExt's mixed DSA Cert --------------------------
certutil -A -n TestExt-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5749: Import TestExt's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestExt's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5750: Generate EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request --------------------------
certutil -C -c TestCA-ec -m 90 -v 60 -d ../CA -i req -o TestExt-ec.cert -f ../tests.pw 
cert.sh: #5751: Sign TestExt's EC Request - PASSED
cert.sh: Import TestExt's EC Cert --------------------------
certutil -A -n TestExt-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5752: Import TestExt's EC Cert - PASSED
cert.sh SUCCESS: TestExt's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestExt --------------------------
certutil -s "CN=TestExt, E=TestExt-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5753: Generate mixed EC Cert Request for TestExt - PASSED
cert.sh: Sign TestExt's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10090 -v 60 -d ../CA -i req -o TestExt-ecmixed.cert -f ../tests.pw 
cert.sh: #5754: Sign TestExt's EC Request with RSA - PASSED
cert.sh: Import TestExt's mixed EC Cert --------------------------
certutil -A -n TestExt-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -i TestExt-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5755: Import TestExt's mixed EC Cert - PASSED
cert.sh SUCCESS: TestExt's mixed EC Cert Created
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt1 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt1, E=TestExt1@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt1
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:54:e0
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:17:54 2016
            Not After : Wed Sep 28 18:17:54 2016
        Subject: "CN=TestExt1,E=TestExt1@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cc:c6:9f:4b:86:31:12:cd:ef:e0:ad:88:e2:41:34:1b:
                    44:0a:e5:cb:07:65:e7:63:de:96:c6:9e:b7:ef:1f:ed:
                    26:5b:6c:e5:88:5c:de:29:03:fb:38:6c:6c:8f:ea:a8:
                    a7:0f:cd:fe:c0:6f:8b:e9:8e:55:5f:70:eb:c5:c5:d1:
                    4f:24:a4:09:e5:89:30:ff:23:cf:dd:f6:6e:a8:8a:d7:
                    50:e6:3f:79:bb:5e:a5:ec:d0:50:12:1d:f0:21:f9:c1:
                    61:2d:9a:04:85:11:c5:e1:66:f2:87:29:51:91:69:4b:
                    c5:cd:6d:5b:55:7b:39:34:11:1c:6c:f6:07:5b:bc:c7:
                    41:14:9a:75:ac:79:8f:0e:c5:51:63:51:ff:d4:11:ff:
                    61:ff:39:01:2f:e8:10:cf:c6:04:c1:0c:f0:26:8b:69:
                    56:4f:bf:70:f1:5e:ef:17:9d:48:07:f0:a6:8c:f9:ef:
                    02:f0:26:cf:41:f0:5d:11:b9:7c:91:5a:5f:d3:25:b7:
                    27:f7:0e:7b:35:d7:2c:0c:23:f9:3a:3c:aa:22:a5:ad:
                    97:4a:8a:22:c8:58:c4:4c:53:5b:da:98:66:9c:16:85:
                    16:e8:4f:a2:ea:5c:6f:b3:22:23:62:d1:18:4b:13:c0:
                    4b:fb:44:3a:4c:02:95:93:89:55:fc:d1:27:bd:b3:f3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        98:1a:d5:ed:f2:c0:54:40:d8:8c:d1:e7:87:58:56:ea:
        77:3b:9a:c0:8e:ac:f9:7c:29:cb:00:8f:f1:45:ef:0a:
        c3:d9:55:44:dc:68:a5:4c:64:92:f9:cd:26:f7:24:bf:
        9c:2e:d9:ff:b5:45:22:90:57:d8:6f:f2:e4:fb:c8:ee:
        94:7c:8f:3a:8c:3a:38:99:29:ab:df:51:d1:fa:c6:ed:
        13:b8:6b:87:c3:19:bb:f8:4a:7e:f6:c6:7f:20:04:ed:
        c3:eb:ed:36:88:30:87:df:6d:f4:30:7f:87:e4:03:ef:
        7e:c5:50:9a:2d:ad:9a:3c:98:53:e6:5b:6d:ee:b3:48:
        65:17:af:c7:8c:58:91:7c:94:76:29:55:04:e9:8e:10:
        18:39:a7:e5:42:f3:c2:67:22:67:c2:78:48:ac:a6:29:
        55:8d:eb:1e:06:33:cf:ca:fe:83:de:bd:19:80:0a:c3:
        5d:f5:cb:90:4f:c6:c7:3f:49:38:42:69:be:c7:d4:f7:
        79:56:35:2e:ee:14:b7:66:88:35:1c:5f:ea:1a:53:ae:
        85:f6:ce:bc:e5:4d:f9:c2:57:c3:34:53:09:e5:36:64:
        4a:21:c1:6a:6e:da:3a:13:98:cc:03:6d:db:61:b7:28:
        5e:3b:91:e5:d8:4c:36:10:1a:3a:60:cf:5d:d6:27:23
    Fingerprint (SHA-256):
        13:55:BA:8F:48:2D:B7:18:9E:CC:35:53:0D:49:9B:76:15:C8:4C:A2:CB:3D:75:C7:B3:45:95:9E:1D:2D:13:90
    Fingerprint (SHA1):
        24:73:BA:C2:FE:5C:6E:E1:2E:1A:82:E5:0B:E2:79:FC:A9:83:45:6B
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5756: Certificate Key Usage Extension (1) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt2 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt2, E=TestExt2@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt2
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:54:fb
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:17:57 2016
            Not After : Wed Sep 28 18:17:57 2016
        Subject: "CN=TestExt2,E=TestExt2@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ae:1a:d1:fb:2b:4e:ed:79:7a:e6:c5:8b:5c:84:83:38:
                    e3:61:99:33:9e:27:a4:cf:c7:5b:51:99:0e:cb:87:2a:
                    ac:61:19:fc:11:f1:35:8c:75:66:4d:41:45:df:49:0a:
                    a0:62:fe:85:93:7c:23:ce:2b:70:fe:5c:8e:c9:70:64:
                    cd:27:7c:a2:13:1a:93:35:fc:d3:ad:b4:d7:f5:33:49:
                    fa:60:65:f7:3e:1d:97:27:b1:0b:37:40:95:a8:a4:fe:
                    ba:ed:f8:56:94:be:fd:6b:e9:e4:58:c7:44:b7:4c:fe:
                    e3:02:7b:5b:41:f4:50:57:c7:97:53:0e:69:51:e8:67:
                    da:21:03:6e:a4:bd:88:74:09:1c:df:88:01:6c:38:97:
                    80:48:8d:88:c0:48:e8:2c:79:81:2d:df:cf:72:3d:0c:
                    6c:e3:45:cb:f0:95:3f:b3:b4:89:57:9d:ec:2d:96:15:
                    7a:98:d3:b0:3f:62:9f:c6:2c:28:b5:c3:c0:f3:a2:68:
                    48:62:50:05:c4:c9:f0:1b:11:6b:56:d5:c2:4c:d1:d9:
                    73:41:91:eb:b1:b6:08:eb:ea:58:7c:15:c4:4e:ba:6e:
                    58:cb:9f:7e:4b:89:de:ba:50:9f:c2:65:c8:63:e9:fc:
                    80:23:39:19:30:90:58:61:79:c9:1e:d4:28:ca:f3:55
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        92:e5:a0:79:2b:1f:4c:78:16:cb:07:d6:34:ec:72:a3:
        8e:b4:3b:9c:0e:a7:8a:6b:28:99:e6:e4:0e:dc:41:cf:
        bd:92:5f:06:2e:35:d6:ff:c1:f2:e2:8a:5f:90:4c:f6:
        48:24:12:13:ab:1d:74:84:e0:28:82:ad:d9:ad:70:af:
        a8:69:2a:d9:e5:32:e8:91:8d:aa:62:18:f6:94:7b:62:
        20:0c:17:fc:3e:83:25:95:10:dc:0e:7f:23:07:51:93:
        4c:ac:59:ad:9c:fa:be:ff:52:d8:9d:6b:9b:91:5b:70:
        f8:d6:14:39:a6:9d:e3:ad:7e:dc:c2:34:6a:29:4c:cb:
        87:80:2a:36:94:be:4f:78:ed:8f:ce:2f:9d:16:47:aa:
        22:38:1d:ca:bc:f0:0d:d7:ce:c9:c2:ac:b5:32:f6:a5:
        6a:a7:dd:21:53:1f:f0:9e:b1:5f:06:ef:bd:64:64:78:
        dc:bc:53:c8:64:22:0b:72:d7:44:76:e7:b9:d9:17:4e:
        e1:78:4d:af:07:85:ea:3b:74:f9:aa:ed:be:e1:7a:74:
        16:5e:d0:03:a6:d2:df:62:28:84:8f:19:73:67:a4:d3:
        4b:9a:fd:82:f9:26:5c:8b:3a:46:3f:01:5e:f6:2b:6d:
        3c:1a:70:9d:40:bc:83:75:cd:ca:28:f1:93:c8:56:a4
    Fingerprint (SHA-256):
        C7:32:56:BA:60:A3:06:56:39:EB:21:91:8E:1E:F3:80:4C:63:84:AD:BF:B8:4F:EE:11:1D:89:3D:FF:3C:0A:76
    Fingerprint (SHA1):
        DE:86:42:C2:D4:C9:2A:C9:00:20:07:13:16:2D:0C:69:1B:E4:C2:03
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5757: Certificate Key Usage Extension (2) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt3 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt3, E=TestExt3@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
y
-1
n
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt3
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:02
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:01 2016
            Not After : Wed Sep 28 18:18:01 2016
        Subject: "CN=TestExt3,E=TestExt3@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9a:82:2f:5f:a9:98:b2:b1:38:c3:6f:d9:1d:3d:23:9f:
                    0c:6e:01:1e:09:08:aa:f4:2a:4c:68:be:e5:e8:75:7d:
                    c3:18:7a:e9:79:7a:95:d7:28:ba:b5:69:48:84:73:e4:
                    60:eb:4d:36:07:96:76:a9:70:53:cc:4b:6b:74:54:a0:
                    b5:6d:f6:ac:15:bc:e0:bd:54:40:a4:0b:df:05:a6:90:
                    9b:60:60:d5:35:47:78:69:1c:bd:ad:10:f6:e3:9d:a6:
                    59:8f:e9:e5:b4:f0:0f:10:fe:30:45:58:cb:76:b0:8e:
                    8f:fb:e8:2a:ad:93:c7:18:c1:14:fe:9b:bd:ae:78:c2:
                    db:b5:60:ad:09:d3:5f:c8:aa:c1:2e:07:89:ed:3c:55:
                    b0:f1:1a:7f:cb:e5:e9:c7:25:98:88:f3:19:1f:ba:f4:
                    c7:23:c4:dd:ce:2b:1e:e3:02:5d:e3:71:94:11:4b:57:
                    70:d6:ce:91:fa:8b:ec:a7:65:78:92:65:95:e6:c4:1a:
                    b7:c0:84:d2:05:1d:c0:73:d4:4e:47:f4:3d:fc:a8:05:
                    1f:fe:4b:96:3c:51:c1:fc:e6:e0:94:f2:d0:53:84:9a:
                    49:32:e5:cf:fd:63:14:21:5c:38:ba:7b:2e:09:e9:0e:
                    1f:e1:90:d9:d5:49:7b:ba:3a:5d:eb:5f:f2:16:25:95
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0d:7d:a8:ce:4c:fb:43:b7:e9:25:eb:37:86:2c:2a:68:
        2d:10:19:68:27:e3:d7:9e:b6:03:b4:49:9c:22:2d:e6:
        39:db:9d:dd:de:5a:e8:cc:40:4e:72:3c:24:6a:80:56:
        3f:bd:02:e9:0d:b3:76:bc:05:f9:f1:b8:df:c9:ab:d8:
        0d:07:e3:e5:be:49:41:de:94:c8:13:8a:4d:64:b2:9d:
        5b:2e:f8:33:ea:50:fd:04:33:97:72:d2:f2:57:e1:33:
        bc:b6:f5:bc:00:f1:1f:5d:b9:0d:74:c9:08:b4:e7:e7:
        84:11:9e:f5:0d:9f:f4:b9:d1:f2:97:93:01:23:1f:39:
        81:f1:00:9b:80:16:63:1a:dd:cd:54:f0:24:13:2e:70:
        df:66:fc:09:ef:80:f7:1a:0d:8a:73:c2:7d:bc:19:3b:
        1b:7b:9c:a9:db:88:4f:48:ce:14:96:60:94:c8:d0:99:
        61:8d:9a:1b:8f:32:b4:42:1e:24:f2:1a:4b:d8:d6:02:
        89:55:94:56:27:0a:80:83:dd:30:41:72:0c:df:50:10:
        52:c5:59:b5:60:25:c0:e6:22:f7:0f:cb:55:7d:1f:8f:
        35:b2:cf:90:7b:f9:58:e8:d2:c4:cd:ad:99:ed:09:78:
        3f:f0:5a:7d:e3:8b:17:fc:a6:d0:8e:0b:9b:85:10:b3
    Fingerprint (SHA-256):
        50:46:D6:BA:D7:84:9D:18:57:86:F3:FC:11:D3:4A:EE:B3:4E:7B:E7:D5:68:B5:F5:C0:7A:5D:84:82:4F:C5:64
    Fingerprint (SHA1):
        A3:D0:88:E6:47:E9:B7:AE:B0:A8:B1:E2:30:E3:31:B4:DC:B9:79:C9
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5758: Certificate Basic Constraints Extension (3) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt4 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt4, E=TestExt4@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -2 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
n
-1
y
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt4
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:08
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:09 2016
            Not After : Wed Sep 28 18:18:09 2016
        Subject: "CN=TestExt4,E=TestExt4@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:bf:4e:66:59:94:85:37:01:c8:cc:2a:02:56:46:b1:
                    85:32:c9:e8:90:51:96:86:f1:c5:84:2b:f6:57:d9:1f:
                    81:c3:7a:5b:8c:31:ae:61:c9:30:ca:98:21:1e:e4:ce:
                    21:ad:b3:28:da:fe:ce:40:ca:d4:04:7e:ff:eb:5a:38:
                    d5:14:90:c2:7e:f6:a7:fa:b6:0d:79:cd:f7:3e:01:1a:
                    ab:54:06:2c:7c:a6:80:ef:be:48:8c:ff:3a:15:c5:f6:
                    23:1e:21:c4:12:e3:9f:df:3f:39:4c:a7:c6:24:ff:28:
                    70:d9:db:5d:18:3d:c4:7d:26:11:e6:b7:c7:09:ee:1a:
                    03:df:be:21:2e:60:22:ed:36:ad:55:40:4d:86:58:67:
                    a3:1b:1c:ec:09:52:68:31:95:54:62:4b:1f:75:ee:4f:
                    d6:4c:57:75:9e:ac:41:fe:a2:db:08:5b:dc:1b:ec:0a:
                    0b:37:e2:03:b1:d2:06:ad:b8:74:89:28:71:45:e9:43:
                    0f:75:44:62:37:c3:0f:d4:a3:7b:d5:8e:44:f7:cb:af:
                    f3:07:fd:b5:90:c6:55:58:f5:d4:1b:76:4f:b0:a6:1a:
                    25:40:e8:c7:b9:5a:b0:84:65:d5:e2:8f:fc:10:c9:ce:
                    a7:f5:c8:eb:0a:20:29:a9:ac:ec:e2:8e:8d:b3:fa:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is not a CA.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d9:2a:27:83:1f:18:ef:74:05:9f:bb:96:20:8b:a4:7a:
        ff:ef:75:77:ec:47:e5:bb:4a:a8:ab:53:76:88:c7:fd:
        db:62:be:3d:06:ef:2b:00:d5:6d:0e:84:ae:0c:5b:b0:
        4b:81:43:44:9f:61:fd:fe:76:ca:9f:5d:d1:bf:e0:28:
        95:0c:41:58:51:8b:5d:42:31:75:61:4f:8f:f3:c6:d7:
        b8:30:07:fc:b8:f8:5c:57:cc:b0:d6:84:4c:8e:d6:ae:
        aa:a4:06:1c:c5:f1:f9:1d:fb:74:94:87:1f:bc:ab:b6:
        da:5e:94:6b:0f:12:c8:c6:64:b4:cd:0d:78:f4:da:db:
        38:d3:82:be:b2:42:f0:5e:07:36:48:a8:37:f6:72:9d:
        fb:c5:5a:bf:1c:ba:4f:be:98:78:ca:08:d3:d6:e5:cc:
        43:88:0d:8d:d8:9e:dd:a9:6d:c1:c1:2d:4d:9d:07:52:
        9c:9a:5d:85:5a:72:28:26:10:e1:66:c3:82:f6:b4:8a:
        84:9c:ff:11:17:21:fa:ff:d4:61:69:5d:05:99:5e:43:
        8b:58:96:6d:d6:90:b1:9a:2f:80:53:e7:dc:aa:d6:ef:
        e5:1c:77:37:a5:e4:83:2c:ee:45:d8:67:0c:90:f4:a0:
        f5:3d:63:a9:f8:99:c7:22:8e:3b:a5:ec:68:0c:c8:db
    Fingerprint (SHA-256):
        76:B7:7B:76:2A:0B:70:89:8E:7A:8D:FC:93:9C:F9:1B:A2:C8:18:6C:CA:5F:FE:5B:E4:C0:54:F3:65:8C:A2:16
    Fingerprint (SHA1):
        17:68:48:39:F2:3E:A0:94:28:3C:07:96:1A:98:A0:38:10:EF:EE:51
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5759: Certificate Basic Constraints Extension (4) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt5 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt5, E=TestExt5@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
y
12341235123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt5
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:19
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:21 2016
            Not After : Wed Sep 28 18:18:21 2016
        Subject: "CN=TestExt5,E=TestExt5@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bd:49:cb:86:9b:6d:ca:f2:96:fd:6c:0e:07:34:0b:b9:
                    90:98:b0:2a:3b:86:ac:66:40:36:24:1a:10:78:b1:76:
                    6d:3d:2f:aa:76:56:d0:52:2e:2a:5f:fe:74:85:d6:cf:
                    7b:b4:91:70:56:da:c6:69:1c:96:fb:43:ac:49:20:80:
                    0a:e0:9c:7a:79:95:19:61:c5:a0:f5:26:40:18:cc:c8:
                    b1:c7:b4:db:89:ac:67:c6:f6:24:16:7d:d0:32:9c:42:
                    62:0d:60:92:be:16:d4:e5:e4:fb:16:82:e7:f6:93:7d:
                    b3:bb:79:da:6a:68:14:06:eb:fe:b7:70:32:06:a7:c1:
                    e7:82:e9:40:ef:2c:d8:81:8f:de:23:b1:7a:c8:ad:3c:
                    a4:68:d4:00:66:fb:8a:78:b1:96:3c:10:ae:a0:58:c0:
                    f5:db:da:aa:2c:51:8d:2c:17:61:a9:c7:11:06:50:a6:
                    72:0b:a0:a2:d8:65:69:c7:ac:a6:bb:8f:7f:65:23:7c:
                    5e:3a:17:97:6b:cf:12:82:4f:a0:df:56:4e:f0:fa:6f:
                    52:18:3d:48:41:e6:01:9b:02:23:4e:a1:0c:07:e1:6d:
                    f6:67:d5:c6:d1:ea:65:d6:f1:19:e4:d3:99:1c:cc:57:
                    f1:b8:d2:3a:84:7f:ee:8e:4b:4f:9d:76:d3:a2:d6:25
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Key ID:
                12341235123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9d:30:f2:14:41:e4:1e:1e:80:a9:a7:93:7f:b2:fb:2f:
        8c:4e:d3:bd:45:85:b2:c7:f3:20:5a:14:33:33:cd:13:
        fd:12:f0:94:a8:7d:19:73:97:10:3e:a6:98:14:90:69:
        fb:bf:d3:99:dd:df:ed:ac:6a:f0:fd:de:de:e5:ed:d4:
        7b:5a:2f:5d:42:52:17:b3:38:61:8b:5c:14:68:cf:6f:
        45:31:1b:80:43:ae:e7:59:bc:e5:e6:ae:91:7e:08:50:
        32:df:1a:a3:b9:e8:10:06:10:83:71:c0:bc:bc:7a:fc:
        8a:4f:ed:9b:2a:d1:02:50:0e:b5:31:08:33:7c:26:c6:
        88:47:96:3a:00:34:3e:37:6b:3b:ad:c3:66:b2:7a:ac:
        51:d7:4b:5a:62:87:d5:51:9a:df:2b:13:4a:a1:b2:93:
        7c:5a:b7:34:68:4a:51:c1:12:3f:e4:7e:8b:15:a2:cf:
        92:67:f4:79:4f:80:70:c4:e5:ea:3d:97:af:1b:5f:90:
        42:1d:3b:a4:9b:26:32:ab:eb:66:8a:2f:9c:37:a5:85:
        ce:16:70:db:c3:3f:db:1f:ed:bf:9b:19:c0:ef:8e:1b:
        79:ba:3b:d5:70:23:8e:98:4b:78:cb:6c:7f:6f:5e:20:
        bb:e9:e0:39:c1:a8:e3:79:68:08:95:80:b0:d2:4f:a2
    Fingerprint (SHA-256):
        D1:D0:CF:3F:A3:63:CF:68:AC:7A:F0:B4:25:ED:30:B9:B6:3C:9C:A7:A4:BB:C8:76:8C:09:54:CE:B3:15:2B:19
    Fingerprint (SHA1):
        2E:8F:2E:CE:D0:B9:9C:33:C1:48:DF:E2:D3:7E:A9:49:0D:2A:41:FB
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5760: Certificate Authority Key Identifier Extension (5) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt6 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt6, E=TestExt6@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -3 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
y
3
test.com
214123
y
Generating key.  This may take a few moments...
Enter value for the authKeyID extension [y/N]?
Enter value for the key identifier fields,enter to omit:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter value for the authCertSerial field, enter to omit:
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt6
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:2f
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:28 2016
            Not After : Wed Sep 28 18:18:28 2016
        Subject: "CN=TestExt6,E=TestExt6@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:30:56:44:f1:a8:ad:d3:95:8e:1c:8b:3b:12:b8:42:
                    e6:0a:89:11:aa:b4:ea:3f:14:cf:ab:80:4e:d8:ad:68:
                    e9:34:a0:49:b0:85:56:c3:39:fc:57:2e:21:61:54:b2:
                    e8:7b:51:ee:c1:74:fa:f1:b8:c0:80:e1:9b:7c:7b:2a:
                    2f:2d:34:b9:b4:29:e2:a4:de:e7:55:7f:95:97:ea:1e:
                    51:3e:22:46:2c:bc:e7:68:3f:1f:aa:c4:6c:cf:ef:ab:
                    45:68:b0:08:98:a9:ce:23:cf:48:2e:5a:6d:21:a0:85:
                    36:73:7d:62:97:42:28:30:4a:6d:4c:94:05:7a:f6:4b:
                    e9:55:3a:e9:ff:e6:04:37:fa:79:fb:a4:57:1b:74:f1:
                    38:f2:c3:e6:46:9a:87:ff:ff:7b:31:fd:bb:e2:da:fa:
                    93:85:71:10:e0:49:56:c5:d1:5e:1b:15:6e:12:4a:d0:
                    a2:95:78:37:85:db:f9:68:db:49:bf:da:73:13:15:f0:
                    51:37:b8:29:99:51:50:c7:cb:a3:ac:6d:0f:39:ab:66:
                    cb:f8:c0:91:b7:2e:eb:72:95:0b:e5:89:b9:ab:e3:f7:
                    b4:30:2b:30:50:75:80:9f:6d:ac:41:65:18:bd:09:66:
                    54:14:25:c0:b7:17:a5:51:b1:0b:06:39:03:e2:cb:eb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Critical: True
            Issuer: 
                DNS name: "test.com"
            Serial Number:
                214123
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        91:6a:3f:7d:e1:e6:81:73:13:80:5c:74:86:ab:d9:ca:
        40:5c:63:1e:90:7b:25:d7:cc:11:aa:c0:86:b4:a9:29:
        34:32:8a:d2:88:88:db:36:a6:8a:d9:09:28:aa:77:e6:
        6f:a4:d3:a5:1a:86:82:b5:ba:20:83:8f:46:f1:83:87:
        90:24:0d:d6:bf:05:52:e4:cd:b3:e2:a6:cf:07:fb:32:
        19:17:b1:b3:70:25:74:59:f7:06:be:76:f5:f6:52:ca:
        31:c1:df:c4:4d:a4:fd:d8:47:16:1c:d8:dc:3f:bb:0f:
        f3:be:25:b2:96:9f:a7:19:41:a1:79:c8:52:6d:3b:ce:
        2f:63:ff:2d:39:b1:d9:8b:58:2a:3d:49:bd:c7:09:49:
        d8:f7:6a:13:5d:da:e4:e6:2c:58:9f:75:4d:f5:94:af:
        69:f8:3e:c8:9a:18:6f:53:76:18:01:56:1f:55:15:00:
        53:c1:e3:bb:c9:b6:ad:b4:b9:84:1e:37:a4:03:84:3b:
        cd:1b:8c:96:01:3b:0a:9a:ab:3f:16:1f:07:51:8d:d2:
        e2:30:73:c7:05:38:8e:0f:8a:c5:d0:72:6c:44:fa:80:
        34:61:fd:ab:e9:06:98:66:8c:a4:22:ef:35:a4:66:8a:
        bd:10:f4:5a:ec:1a:a8:49:65:c4:ba:8e:95:75:9a:e6
    Fingerprint (SHA-256):
        8B:9B:2E:46:F0:1D:56:A2:55:86:F4:B5:D6:FD:DA:B5:9D:59:8A:26:CB:F7:17:48:1B:93:AA:CB:45:9D:86:B4
    Fingerprint (SHA1):
        84:89:0F:0C:DA:8C:6D:3E:81:6A:54:A1:C6:86:5E:F3:45:51:B5:9C
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5761: Certificate Authority Key Identifier Extension (6) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt7 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt7, E=TestExt7@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
1
2
rfc822@name.tld
3
test.com
8
1.2.3.4
9
OID.0.2.213
10
0
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt7
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:3d
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:31 2016
            Not After : Wed Sep 28 18:18:31 2016
        Subject: "CN=TestExt7,E=TestExt7@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e7:4f:1e:72:44:e4:79:db:4d:b9:7f:00:80:85:10:a8:
                    73:3b:f6:07:20:b8:2c:a7:f4:f5:70:91:2f:55:e4:2d:
                    42:f5:f5:a9:fe:3f:b7:25:f3:d3:17:2e:e2:a7:2e:69:
                    ec:ef:b2:c4:dc:d7:94:7d:45:78:80:ec:5d:03:ba:ca:
                    f1:c1:78:ac:a2:51:e9:35:f1:c4:48:7f:4e:a5:18:f6:
                    3f:3b:dd:2e:56:79:44:cf:5b:4d:7e:f3:df:f6:2b:f6:
                    82:3f:31:58:cc:49:9b:39:f3:d7:0d:16:f3:78:66:e6:
                    d4:95:bb:52:28:d0:c8:2d:67:33:af:d9:71:77:f9:7f:
                    3e:9f:d4:e4:a2:f0:0c:ce:b5:68:29:ed:9b:fc:97:52:
                    62:d3:aa:24:4a:67:50:25:8b:9d:ad:4a:3e:df:fd:c4:
                    e2:76:3e:0f:34:2e:74:1d:ef:3e:09:2a:9f:5f:35:28:
                    e3:50:49:74:ef:40:34:1f:ed:07:c1:f7:1e:53:b3:a5:
                    1f:88:0f:ba:c6:03:37:22:bf:2f:17:17:af:b7:7f:3f:
                    93:d3:6a:1b:cf:81:e8:e7:72:ff:3f:56:2c:ec:78:59:
                    87:19:61:c7:31:00:1f:b6:cc:41:ad:6a:8d:db:30:71:
                    2e:f8:a6:9d:88:a1:9a:7a:67:9b:b6:f1:55:89:b6:37
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RFC822 Name: "rfc822@name.tld"
                DNS name: "test.com"
                IP Address:
                    87:07:31:2e:32:2e:33:2e:34
                Registered ID: OID.2.955.79.73.68.46.48.46.50.46.50.49.51
                Reasons:
                    80
                    (7 least significant bits unused)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9d:ea:5a:15:db:87:e0:71:24:ad:1e:cf:33:f8:2e:91:
        05:a7:21:23:87:ba:6b:c5:49:2f:ac:86:ae:ee:76:9b:
        5d:39:ac:2f:55:8f:1b:81:70:c7:f0:fb:86:90:c0:09:
        93:7d:23:b8:67:68:1a:89:fa:78:06:27:e2:20:ca:88:
        b5:e5:37:3d:f5:84:9d:d8:26:54:22:f9:c6:58:5b:9d:
        a2:cd:1f:2b:16:23:5f:76:dd:53:42:36:0a:3a:15:50:
        23:15:39:82:c4:86:b8:2a:ec:cb:6f:e8:64:86:a1:2d:
        94:a7:1d:b8:c5:f5:65:8a:79:3e:49:6e:27:fc:5d:24:
        a5:48:0d:b3:2d:73:8e:29:5c:fd:18:83:e5:44:36:a6:
        a5:f6:67:8c:ae:34:25:9f:c1:a0:96:fe:63:9b:eb:9f:
        50:a0:d1:e6:a3:7c:db:cd:ac:76:2a:c7:95:83:2d:1d:
        01:2c:81:b4:e7:72:0b:f1:7f:81:a0:02:55:93:8c:1d:
        bd:bb:25:60:ce:88:40:63:79:71:a9:9b:f4:d5:e4:c9:
        d6:82:d3:ac:06:8d:dd:e0:2f:6e:9a:24:96:65:ba:49:
        f7:19:7e:03:6c:3f:8c:28:ab:74:dc:b5:a3:d2:34:cf:
        c6:08:ee:e9:e0:8d:f9:70:5a:75:c5:ca:98:aa:f5:fc
    Fingerprint (SHA-256):
        D2:18:88:E2:2F:FD:40:C3:3D:E1:80:E7:03:F3:1D:54:63:67:16:FC:1C:93:09:98:27:48:F7:C4:91:FF:04:7A
    Fingerprint (SHA1):
        34:09:92:23:73:23:58:AA:F2:39:54:8D:90:B1:5E:B5:14:F8:9A:99
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5762: CRL Distribution Points Extension (7) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt8 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt8, E=TestExt8@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
2
SN=asdfsdf
4
3
test.com
10
n
n
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > Enter the relative name: 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Notice: Trust flag u is set automatically if the private key is present.
Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt8
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:42
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:40 2016
            Not After : Wed Sep 28 18:18:40 2016
        Subject: "CN=TestExt8,E=TestExt8@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:2c:e6:92:80:9a:90:27:5f:c3:39:29:34:d3:4c:2a:
                    70:e0:52:a1:59:7f:aa:a3:a6:00:74:06:91:ab:da:5c:
                    30:94:16:e6:6f:bc:1c:7d:a2:24:f0:c7:43:65:2d:06:
                    6d:13:bd:7d:32:6d:cb:6a:d8:a9:e1:c0:63:4a:81:fb:
                    fd:a8:bc:9c:c6:67:4f:23:eb:74:04:7e:39:68:7a:c6:
                    c6:ab:01:1a:2e:7c:40:73:29:b8:5a:43:e2:da:e5:43:
                    b1:22:4b:31:06:0f:7a:7c:87:0d:55:b1:14:a0:ed:de:
                    59:0d:c9:16:89:5b:ff:2c:4c:8d:9d:75:c1:5f:86:a2:
                    d4:c3:a5:a1:84:89:af:67:36:82:3a:5b:2c:26:c0:b6:
                    8b:87:80:e5:d0:56:12:a9:31:ce:91:41:47:ff:bd:12:
                    51:90:7c:9a:70:3e:19:a6:e1:67:3f:e4:a5:5b:57:8e:
                    7f:cc:8d:f3:75:c9:44:7d:87:ab:3b:e6:f8:4e:ea:cb:
                    64:a6:16:30:39:35:85:29:c0:30:c2:dc:29:70:db:87:
                    77:94:b3:c5:06:52:7b:8c:df:06:be:19:b6:b3:ef:16:
                    1c:11:23:50:90:35:6d:e5:63:dd:1f:84:52:48:5c:ef:
                    2c:87:7e:43:bb:94:25:66:7f:cf:fb:e7:7b:94:c1:a7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: CRL Distribution Points
            Distribution point:
                RDN: "SN=asdfsdf"
                Reasons:
                    08
                    (7 least significant bits unused)
                CRL issuer: 
                    DNS name: "test.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b4:10:d9:b5:3d:22:60:a0:da:6a:65:f4:f1:6a:84:d9:
        15:26:92:62:75:29:9e:07:b8:46:69:23:a6:9b:e0:e4:
        2d:af:6c:5a:4e:ac:e8:a3:cd:7a:54:8d:01:53:1a:b6:
        d2:50:51:c9:ba:fa:ad:18:5e:86:75:90:5f:0b:9a:77:
        93:8f:54:5d:6a:f2:25:56:8d:d5:4f:49:84:73:2f:81:
        97:02:7f:67:35:d0:b7:e9:8e:8f:9c:26:d7:81:66:59:
        0b:12:f2:d2:79:fc:8c:3d:9d:37:75:4f:f9:40:82:58:
        59:df:68:25:7f:16:ca:74:54:40:b3:2a:96:92:ee:fa:
        e3:10:c5:c1:4b:b8:d5:df:48:86:95:df:e5:36:58:36:
        a1:0b:df:a4:a1:a7:03:2b:47:2e:c2:f2:92:8a:c7:d6:
        e4:52:d5:ef:ce:90:32:47:a9:d0:30:0c:0c:29:81:57:
        c4:d5:e4:3b:e7:8a:10:a9:03:49:a5:3c:f2:21:f5:51:
        cb:50:da:9a:90:18:5c:e6:00:f4:c4:1b:fb:15:c5:83:
        6f:ad:ff:cd:93:85:9e:0b:de:e2:35:2c:7a:68:4e:03:
        89:61:c9:10:4c:e7:d6:1c:d9:09:ca:59:db:76:0b:94:
        72:e4:d6:e6:ae:d6:ec:64:04:84:e8:14:a1:68:a8:2d
    Fingerprint (SHA-256):
        A9:FE:6F:46:2A:D0:C6:FB:4D:F4:31:65:7C:10:B3:66:52:81:17:A2:A2:6B:60:74:E9:E9:87:44:F8:54:93:AB
    Fingerprint (SHA1):
        A8:E8:1C:64:DE:88:A9:00:B1:C3:D6:92:5E:EB:0D:3E:69:AA:8C:9A
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5763: CRL Distribution Points Extension (8) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt9 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt9, E=TestExt9@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -5 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
0
1
2
10
n
Generating key.  This may take a few moments...
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt9
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:54
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain View
            ,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:46 2016
            Not After : Wed Sep 28 18:18:46 2016
        Subject: "CN=TestExt9,E=TestExt9@bogus.com,O=BOGUS NSS,L=Mountain Vie
            w,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b2:4c:1c:f1:6f:20:9b:cd:e3:a7:66:bd:ee:4d:85:c9:
                    a0:aa:60:2b:5d:d8:37:d2:b6:20:cc:86:fb:26:ba:40:
                    75:05:cc:68:48:0a:ba:13:22:6e:eb:12:7c:df:2c:e0:
                    43:d8:42:c9:a2:a6:78:cf:ba:c4:be:de:1c:c5:92:59:
                    84:e3:05:1a:91:db:75:b5:e4:97:26:26:ee:a9:60:61:
                    d9:4f:8a:bf:a6:e3:a7:a2:02:03:bb:bd:3d:26:40:f0:
                    37:92:2b:4c:0c:69:25:46:b9:ce:27:ae:9b:05:fc:ea:
                    28:a6:93:f2:5c:66:34:07:66:69:35:8d:74:e8:ba:8c:
                    6b:88:e4:5a:f2:32:8a:e9:c3:97:d0:cc:7e:f2:39:d2:
                    ce:ee:48:f0:9d:ce:5a:e4:40:df:97:ed:4c:c0:1d:d3:
                    44:13:e3:e2:60:51:03:58:42:da:42:16:e7:9d:5a:a8:
                    25:20:43:05:2b:5e:8a:39:fe:4b:2b:d8:c0:18:4d:8d:
                    38:1d:27:f8:9d:1a:1a:1f:80:71:28:b9:b1:ce:43:6c:
                    59:99:12:a2:0c:88:da:a4:6a:4e:8b:ee:67:82:92:e3:
                    e7:ae:53:d4:20:66:21:13:2e:ca:bf:16:0d:89:dc:26:
                    8e:34:1f:8d:8f:e0:b2:1e:96:3b:3d:19:a5:da:fd:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL Client,SSL Server,S/MIME>
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0a:e0:e0:60:61:99:b1:25:a4:03:94:18:5e:a6:c7:62:
        e4:d3:5b:a1:f5:6e:0d:b8:43:7d:6c:e5:d0:aa:be:6d:
        e3:85:0d:78:d6:37:82:dd:f5:46:08:ca:00:33:e8:d6:
        31:45:d1:94:3d:7d:36:e0:1b:80:cd:ac:72:1e:9b:ca:
        b0:1e:fe:98:c3:1e:68:c4:bb:12:26:08:f4:6c:d9:e2:
        45:a7:26:60:fc:b9:57:72:b3:ae:11:88:49:27:9c:d9:
        85:c3:03:97:e7:14:21:c2:97:31:c6:a7:58:90:49:b7:
        5c:4b:f3:40:cb:fb:cb:f7:17:7b:bb:35:ee:10:82:79:
        ed:2f:5e:db:fd:9d:7f:0a:bb:ba:92:0b:58:2c:4b:cb:
        e9:f6:ba:8d:dd:ca:88:77:3c:50:50:24:e9:08:0e:4d:
        71:43:7a:9f:da:74:bd:7d:62:43:ca:b4:14:94:6a:b6:
        e0:92:ca:5d:2d:80:f9:3b:59:7a:94:60:f3:f4:d7:2c:
        ab:cd:37:7b:7e:40:67:15:00:65:1e:39:ea:6d:b9:b6:
        0f:ba:ff:a0:2c:25:9f:37:18:48:71:5e:92:21:11:c1:
        07:30:1f:9e:39:b4:cb:78:51:ce:c0:fd:2a:f3:07:dd:
        da:c8:4e:66:95:e9:e6:71:2a:20:20:20:96:0e:5f:cb
    Fingerprint (SHA-256):
        BA:0F:E6:42:8E:37:71:46:65:5B:9C:7A:22:67:85:00:63:3B:8D:45:AA:05:FA:B3:CA:EB:1E:64:22:DF:50:86
    Fingerprint (SHA1):
        9D:0F:9F:3D:F3:BA:3B:DE:04:CA:F2:DB:73:F5:C0:A7:77:E6:E5:FF
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5764: Certificate Type Extension (9) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt10 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt10, E=TestExt10@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -6 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
0
1
2
3
4
5
6
10
y
Generating key.  This may take a few moments...
		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > 		0 - Server Auth
		1 - Client Auth
		2 - Code Signing
		3 - Email Protection
		4 - Timestamp
		5 - OCSP Responder
		6 - Step-up
		7 - Microsoft Trust List Signing
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt10
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:5e
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:50 2016
            Not After : Wed Sep 28 18:18:50 2016
        Subject: "CN=TestExt10,E=TestExt10@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:2e:10:db:95:b5:d1:d1:e3:11:25:b1:1b:5d:63:bd:
                    b2:90:81:e9:87:ed:88:21:6c:f0:69:04:e6:99:5e:53:
                    7b:f2:fb:b3:b7:fd:b0:b5:a8:96:b5:37:da:e7:89:fe:
                    8f:f3:a7:d5:8e:a1:f1:15:fe:6e:a1:1b:42:78:12:69:
                    99:89:dd:70:7e:9e:15:90:2f:a8:1b:e6:32:d0:35:b1:
                    60:55:23:30:4a:36:29:9f:fb:0c:9d:e0:9f:95:be:32:
                    5a:2f:f5:b3:ca:8c:6b:12:27:f3:4b:07:4f:c0:13:4e:
                    a3:04:ad:80:6d:9b:47:2f:b3:ba:ff:f6:47:e8:ac:4c:
                    f6:dc:67:f8:b3:b1:97:30:56:b4:90:f9:92:7b:b6:56:
                    ea:23:d1:c8:86:c4:8a:cf:1b:45:eb:e0:a7:6c:a2:4f:
                    e2:06:f6:ee:a8:4b:41:9a:45:a9:6e:55:3a:f0:3c:c3:
                    b1:f8:fc:a7:9a:97:40:03:9e:78:59:59:aa:84:0f:75:
                    b4:76:24:8d:45:14:99:84:c8:4b:37:c9:11:f4:f9:0d:
                    8d:4f:2e:51:af:87:0b:be:d6:ce:15:ac:8a:11:4f:80:
                    e2:05:b3:99:60:fc:6f:8f:b7:98:c5:bc:ea:ad:8b:ed:
                    7e:8c:c0:97:03:3c:9f:fd:cd:ac:ac:a5:01:67:cd:e9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Extended Key Usage
            Critical: True
                TLS Web Server Authentication Certificate
                TLS Web Client Authentication Certificate
                Code Signing Certificate
                E-Mail Protection Certificate
                Time Stamping Certifcate
                OCSP Responder Certificate
                Strong Crypto Export Approved
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6e:a7:21:26:3e:6d:f9:f7:c9:a4:a9:29:87:58:0b:9b:
        88:01:c1:6a:6e:1f:cc:ed:60:0f:16:e9:9b:44:fa:88:
        5b:9a:33:29:46:5f:ad:06:95:a2:7b:85:56:d5:ff:63:
        5f:4e:1c:94:ae:28:b7:4b:7d:f0:b2:b2:90:52:b8:b8:
        bd:81:db:00:20:1c:8f:f8:95:ce:43:41:b3:77:b2:2b:
        5d:95:be:73:05:47:3f:34:b8:53:79:23:4d:a5:9c:b2:
        46:13:ce:c6:29:91:36:6b:13:ff:a5:f6:ff:f6:8e:f6:
        a4:fa:28:b9:8c:87:82:88:29:bf:6e:a3:c4:2b:60:de:
        c1:3f:4e:31:5e:5b:9e:e1:b8:62:0d:e9:fa:2d:f4:83:
        37:21:32:c7:60:41:b4:a0:32:31:b1:3b:51:55:b7:3d:
        d1:70:eb:8b:15:06:e2:6d:24:30:f6:69:ef:60:82:c9:
        c6:b9:e9:69:42:ed:9b:cb:40:0a:1e:ce:49:55:06:9f:
        d3:04:10:2f:2b:bb:99:68:87:78:8b:53:dd:27:34:74:
        38:cc:cb:f4:76:b0:ef:b7:fd:6f:71:c1:ad:d8:73:bc:
        24:d5:64:2d:d4:9f:07:6e:3a:c0:be:85:4a:ae:23:0b:
        1d:95:0f:53:48:42:51:12:d5:00:64:a4:70:30:20:99
    Fingerprint (SHA-256):
        9C:2E:36:27:EB:D1:2C:E9:85:4B:E3:82:90:1C:65:4F:38:EC:B4:CE:24:BF:1A:11:49:66:F7:D7:B5:FB:04:7B
    Fingerprint (SHA1):
        A2:0C:18:84:31:80:67:C9:30:46:BB:2C:18:53:3C:0B:72:8F:CA:D8
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5765: Extended Key Usage Extension (10) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -S -n TestExt11 -t u,u,u -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/tempcert -s CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US -x -f ../tests.pw -z ../tests_noise -1 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/test.args
certutil options:
1
2
3
4
5
6
10
n
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -L -n TestExt11
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:66
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain Vi
            ew,ST=California,C=US"
        Validity:
            Not Before: Tue Jun 28 18:18:55 2016
            Not After : Wed Sep 28 18:18:55 2016
        Subject: "CN=TestExt11,E=TestExt11@bogus.com,O=BOGUS NSS,L=Mountain V
            iew,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:33:b5:a7:3e:5c:f2:34:66:7d:98:92:28:85:c9:b6:
                    20:63:2f:9a:cf:c5:e3:a5:9b:f6:dc:e5:a2:57:54:a7:
                    92:2e:88:1a:ef:f5:89:3b:76:ef:62:12:77:35:35:12:
                    46:06:ae:45:f4:a8:a2:9f:b8:52:d1:7b:f4:80:fa:9d:
                    d1:0e:e4:53:00:32:01:86:3d:5e:40:84:81:e1:6d:a2:
                    48:91:f9:b3:4e:2b:b1:66:08:cf:5a:22:05:9d:23:ce:
                    9c:53:3e:e2:3c:e1:df:47:05:5f:52:36:74:04:87:6b:
                    b3:63:ba:bc:6a:8e:20:1a:e2:f6:3b:85:99:c6:a3:81:
                    99:41:eb:6d:95:70:9a:c6:82:48:b9:9a:5f:2b:ae:a3:
                    fb:70:71:fb:a2:ee:e1:fa:be:06:64:a6:f6:32:3c:b7:
                    9e:68:48:41:45:8b:a9:d4:90:f7:e8:6c:31:d8:b7:db:
                    c7:08:fb:e3:8b:2f:9b:71:d8:b1:c4:89:2d:42:8c:26:
                    0b:4f:70:f1:a2:05:60:44:b0:c2:7a:d2:1c:bc:64:e9:
                    60:22:76:86:72:d8:e3:99:51:f9:7e:17:96:31:dd:dd:
                    aa:f9:93:98:c5:3e:13:2d:9f:e5:2b:e9:f4:e0:30:44:
                    cf:25:eb:bf:da:6d:cc:c6:5f:2a:41:32:db:1e:42:e7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Usages: Non-Repudiation
                    Key Encipherment
                    Data Encipherment
                    Key Agreement
                    Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        01:dd:0d:72:c9:fc:2d:cd:de:10:b2:e4:cb:e3:1f:a7:
        f5:ff:e3:19:29:ba:0c:e3:f9:5a:6a:cd:fe:a0:ab:7e:
        44:0d:56:33:ee:2c:7e:66:8f:14:a9:db:b7:a9:49:b4:
        2d:e6:ff:93:f1:50:94:b9:96:b5:93:54:63:25:1f:eb:
        6c:84:78:67:c3:43:ee:3d:53:f9:ac:1d:bf:1c:87:4e:
        d8:d5:f8:a1:f3:ec:22:16:eb:1f:7c:83:16:9d:35:db:
        c8:63:57:f7:46:fc:6a:93:1f:bc:fd:49:63:57:85:0c:
        7c:d4:15:e6:12:24:8f:d0:42:6b:ae:2d:c6:f0:fd:ee:
        77:5e:ab:0b:30:69:87:0a:73:2e:b2:76:1d:63:02:58:
        90:6f:6f:fc:31:47:17:e4:66:ba:36:70:86:91:4c:bd:
        23:0e:ff:ec:b4:12:e9:0f:00:9b:88:cd:fb:ae:1f:71:
        8a:5f:55:a2:a7:96:e3:b0:e9:2e:8f:55:59:df:ad:91:
        60:2a:97:0e:b3:ab:84:b2:c3:bc:d2:15:d8:8c:06:74:
        04:2a:06:10:7b:cd:49:f9:e3:00:ab:92:3f:66:9c:1f:
        41:3d:e0:69:48:75:3a:d9:85:29:ea:0b:9e:70:aa:b2:
        ca:95:dc:9f:2f:39:25:cc:9c:c9:b8:50:7f:7e:bb:fb
    Fingerprint (SHA-256):
        85:D5:E1:3D:4A:6C:A1:EB:A6:10:0B:41:CA:65:56:22:7A:25:64:88:6D:CB:22:EE:2B:33:5F:CF:AE:84:41:F4
    Fingerprint (SHA1):
        A6:8F:92:C2:BA:6D:D0:39:60:97:B4:17:94:FF:CB:B5:00:DF:90:42
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5766: Certificate Key Usage Extension (11) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #5767: create cert with invalid SAN parameter (12) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN example.com,dns:www.example.com
Generating key.  This may take a few moments...
certutil: Problem creating SubjectAltName extension: error 0: Success
certutil: unable to create cert (Success)
cert.sh: #5768: create cert with invalid SAN parameter (13) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extSAN dns:example.com,dns:www.example.com
Generating key.  This may take a few moments...
cert.sh: #5769: create cert with valid SAN parameter (14) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:8a
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 18:19:12 2016
            Not After : Wed Sep 28 18:19:12 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d5:af:6e:73:cf:9d:94:85:b6:96:15:7b:9e:88:9d:09:
                    f4:58:94:3f:19:3f:dd:fe:bc:ed:9a:3b:29:04:7f:f1:
                    d1:9e:e8:55:78:cf:fa:c6:07:df:e0:8c:b1:38:ee:80:
                    e6:6f:6b:f3:bd:40:7f:e6:e8:8e:17:17:23:ac:d9:db:
                    2b:2d:4e:61:aa:f4:98:61:ee:dd:c1:84:88:c5:97:b4:
                    6e:7d:d0:f9:7f:0a:ab:8a:78:1d:cb:fe:aa:1e:8a:28:
                    c7:df:a4:38:c8:26:d9:62:a3:0a:a5:bf:62:88:ba:77:
                    df:78:99:cb:99:d3:b6:bd:f8:45:e9:83:fb:95:e7:e2:
                    cd:ba:87:25:c0:3a:4f:d1:24:19:a3:4f:d5:31:0d:35:
                    81:cc:7f:41:97:0b:99:00:92:6e:11:e3:f6:d3:1c:3d:
                    f2:9e:6a:07:ce:d1:ef:23:4d:5e:da:14:8b:28:bd:3f:
                    94:0f:23:88:92:34:9b:f5:b0:4e:0a:01:13:8c:0c:0c:
                    a1:ea:90:d7:8f:75:72:ac:12:bb:e0:82:19:58:34:9a:
                    b0:33:3c:40:38:f8:54:cb:ec:86:f9:52:c8:5b:f8:19:
                    9b:44:9a:0d:43:6b:59:bc:d9:2e:84:ac:bb:d5:f2:27:
                    c4:19:56:79:f7:6f:02:9d:44:25:72:9a:2a:a9:82:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b4:8c:3c:b8:aa:ae:59:d7:4a:3d:92:13:16:b2:a8:5b:
        3b:5a:82:ac:df:0e:f4:0f:67:13:ad:59:29:15:32:d7:
        fb:49:de:ad:0d:18:d4:54:79:b6:3b:68:c0:b5:24:03:
        40:23:d7:a1:45:e5:9f:b6:95:59:ad:14:bd:ad:12:ff:
        e3:18:51:e8:53:35:cc:07:f0:fd:ed:b2:cc:d9:98:52:
        6e:b5:7f:d4:32:d1:f6:81:04:fb:6d:eb:f9:19:df:86:
        5b:21:72:94:bb:77:a4:04:d0:c1:1e:5f:08:7b:b6:fa:
        f4:bb:93:1d:8f:47:3e:7c:25:db:fd:de:fd:89:e4:2d:
        d6:33:2c:92:6c:36:71:d1:5a:09:da:de:26:1e:37:b2:
        86:74:9a:05:87:5a:d0:14:29:fd:10:23:4a:3f:5a:51:
        7a:2b:13:57:c0:ac:c0:ae:e0:6b:bd:68:19:e4:4d:e0:
        c8:a7:58:3d:d8:38:18:77:c6:3e:19:85:ac:a9:ba:b7:
        b1:5d:6e:50:63:64:34:c5:8f:99:e8:8c:45:21:b9:4b:
        74:47:b8:e1:53:f4:43:f7:26:a3:a7:21:7a:ee:8c:1a:
        60:02:5a:2e:b2:00:67:9e:bd:bd:01:c8:48:ac:50:54:
        ec:21:28:d5:f5:6d:f6:62:3d:65:8c:d4:5f:70:40:15
    Fingerprint (SHA-256):
        DE:30:B4:1D:A3:7B:1D:6D:FB:42:97:DE:04:80:A7:7E:A7:5A:6A:49:73:AD:09:FE:3D:DF:21:4C:8D:66:D8:74
    Fingerprint (SHA1):
        F7:8A:1B:F2:70:DC:03:2B:1F:42:6D:5A:4C:FD:DA:A1:80:2C:D5:C8
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5770: create cert with valid SAN parameter (15) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN --dump-ext-val 2.5.29.17
writing output to /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der
cert.sh: #5771: dump extension 2.5.29.17 to file /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der (16) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #5772: create cert with valid SAN parameter (17) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #5773: expect failure to list cert, because we deleted it (18) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success
cert.sh: #5774: create cert with invalid generic ext parameter (19) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success
cert.sh: #5775: create cert with invalid generic ext parameter (20) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der
Generating key.  This may take a few moments...
certutil: error parsing generic extension parameter not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der,2.5.29.17:critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der: error 0: Success
cert.sh: #5776: create cert with invalid generic ext parameter (21) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -s CN=example.com -S -t ,, -x -z ../tests_noise -n WithSAN --extGeneric 2.5.29.17:not-critical:/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions/sanext.der
Generating key.  This may take a few moments...
cert.sh: #5777: create cert with valid generic ext parameter (22) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            00:a6:cb:55:ba
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=example.com"
        Validity:
            Not Before: Tue Jun 28 18:19:36 2016
            Not After : Wed Sep 28 18:19:36 2016
        Subject: "CN=example.com"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a9:4d:5d:04:6e:e7:03:fe:46:b2:24:1c:f5:50:76:a7:
                    48:32:b1:10:39:62:87:d7:3e:ba:0d:eb:ce:97:18:20:
                    3a:57:83:e2:29:ce:41:9f:c4:01:47:e5:d4:8e:94:d5:
                    8d:05:2d:85:81:18:b2:29:cc:39:47:38:87:f2:c1:00:
                    9e:f1:bb:a6:04:56:0c:e0:18:17:25:20:d0:3f:c9:2f:
                    f2:5a:83:51:93:00:d1:b5:d9:b0:8c:4f:f6:1f:0c:58:
                    f8:3e:69:fe:63:e5:38:8a:b6:67:79:d1:e6:df:79:7e:
                    cd:7f:7a:ce:e4:c8:e6:28:3f:fa:7d:31:ab:e7:e6:8d:
                    ba:4d:78:c7:c7:5d:8b:f7:72:10:82:52:86:ed:1b:8b:
                    4e:5f:ab:16:19:4b:bf:8f:0d:24:4e:a1:d7:68:42:c4:
                    2a:26:29:44:69:59:64:37:b5:5b:d2:e1:ad:24:91:3c:
                    c4:85:49:b1:37:77:75:76:c4:ef:c1:82:2d:57:b9:e2:
                    eb:94:31:3d:ae:19:3c:0e:30:6c:84:be:3c:8f:4f:5a:
                    56:7a:11:5a:42:cb:f0:e3:43:01:ef:cf:e8:43:84:66:
                    6a:d4:38:62:9d:ac:dd:a7:e0:4b:61:04:f6:24:ab:c2:
                    b1:54:52:b8:bf:53:63:c8:ea:fa:88:01:64:d4:4e:63
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Subject Alt Name
            DNS name: "example.com"
            DNS name: "www.example.com"
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        30:be:6c:9d:1b:d1:8b:0a:ab:be:93:49:a6:88:fb:d0:
        56:a5:87:b3:a1:1b:90:91:df:02:a5:80:c2:2f:97:03:
        04:25:2d:aa:41:dd:1b:f0:c9:dd:af:07:7f:3f:53:88:
        88:3f:83:ae:8f:42:c0:b0:a0:23:e6:55:05:c2:d0:5e:
        48:83:f1:8f:fe:87:e1:d5:91:d1:97:44:82:8b:79:14:
        2b:50:04:6f:7e:1e:8b:c7:90:78:01:ea:18:0a:46:4c:
        85:89:10:c1:a2:71:a2:7e:de:5a:3a:1c:de:6a:5e:8e:
        a6:f1:87:6c:0c:f3:be:95:be:bf:ce:10:e0:97:9e:69:
        9b:7a:ca:53:ee:71:7b:39:62:72:b5:f3:a6:ae:6d:a5:
        fb:e5:e8:42:2d:c2:47:bb:1c:32:79:48:76:d9:7e:51:
        d7:fe:1d:ad:a5:12:59:46:0e:2e:ab:a8:e7:6c:62:f5:
        c9:fb:2f:4a:e6:53:57:6c:e3:26:5c:d8:e3:f8:38:08:
        91:60:5b:16:34:db:fb:b4:94:84:93:f7:10:3f:84:de:
        6f:be:16:ac:70:c6:2e:e1:b4:56:a0:56:b1:09:5c:bb:
        78:73:d2:0b:cd:64:b8:72:17:4f:f3:f7:58:19:a9:dd:
        4a:52:54:da:f8:3c:34:e8:b3:e4:44:b7:6a:65:d3:ca
    Fingerprint (SHA-256):
        5F:BA:5C:48:6B:F3:FF:27:D1:D9:15:DC:8A:77:CD:6F:9E:1A:CB:25:03:1D:41:4B:3C:E0:A7:00:5F:16:92:B1
    Fingerprint (SHA1):
        9A:87:2A:2D:1E:48:1E:09:92:59:9A:E2:C9:8D:D6:27:F5:54:FF:AE
    Certificate Trust Flags:
        SSL Flags:
            User
        Email Flags:
            User
        Object Signing Flags:
            User
cert.sh: #5778: create cert with valid generic ext parameter (23) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -D -n WithSAN
cert.sh: #5779: create cert with valid generic ext parameter (24) - PASSED
certutil -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cert_extensions -f ../tests.pw -L -n WithSAN
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
certutil: Could not find cert: WithSAN
: PR_FILE_NOT_FOUND_ERROR: File not found
cert.sh: #5780: expect failure to list cert, because we deleted it (25) - PASSED
cert.sh: Create A Password Test Cert  ==============
cert.sh: Create A Password Test Ca  --------
cert.sh: Creating a CA Certificate PasswordCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass
cert.sh: Creating CA Cert DB --------------------------
certutil -s "CN=TestExt11, E=TestExt11@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw
cert.sh: #5781: Creating CA Cert DB - PASSED
cert.sh: Loading root cert module to CA Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5782: Loading root cert module to CA Cert DB - PASSED
cert.sh: Certificate initialized ----------
cert.sh: Creating CA Cert PasswordCA  --------------------------
certutil -s "CN=NSS Password Test CA, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCA -t CTu,CTu,CTu -v 600 -x -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 1
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
cert.sh: #5783: Creating CA Cert PasswordCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n PasswordCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -o root.cert
cert.sh: #5784: Exporting Root Cert - PASSED
cert.sh: Changing password on Password Test Cert's Cert DB --------------------------
certutil -W -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.pw -@ ../tests.fipspw
Password changed successfully.
cert.sh: #5785: Changing password on Password Test Cert's Cert DB - PASSED
cert.sh: Generate Certificate for Password Test Cert with new password --------------------------
certutil -s "CN=Password Test Cert, E=password@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n PasswordCert -c PasswordCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw -z ../tests_noise
Generating key.  This may take a few moments...
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5786: Generate Certificate for Password Test Cert with new password - PASSED
cert.sh SUCCESS: PASSWORD passed
cert.sh: Verify Certificate for Password Test Cert with new password --------------------------
certutil -V -n PasswordCert -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/dbpass -f ../tests.fipspw
certutil: certificate is valid
cert.sh: #5787: Verify Certificate for Password Test Cert with new password - PASSED
cert.sh: Creating Distrusted Certificate
cert.sh: Initializing Distrusted's Cert DB --------------------------
certutil -N -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
cert.sh: #5788: Initializing Distrusted's Cert DB - PASSED
cert.sh: Loading root cert module to Distrusted's Cert DB --------------------------
modutil -add RootCerts -libfile /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so -dbdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit browser before continuing this operation. Type 
'q <enter>' to abort, or <enter> to continue: 
Module "RootCerts" added to database.
cert.sh: #5789: Loading root cert module to Distrusted's Cert DB - PASSED
cert.sh: Import Root CA for Distrusted --------------------------
certutil -A -n TestCA -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA.ca.cert
cert.sh: #5790: Import Root CA for Distrusted - PASSED
cert.sh: Import DSA Root CA for Distrusted --------------------------
certutil -A -n TestCA-dsa -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA-dsa.ca.cert
cert.sh: #5791: Import DSA Root CA for Distrusted - PASSED
cert.sh: Import EC Root CA for Distrusted --------------------------
certutil -A -n TestCA-ec -t TC,TC,TC -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -i ../CA/TestCA-ec.ca.cert
cert.sh: #5792: Import EC Root CA for Distrusted - PASSED
cert.sh: Generate Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5793: Generate Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's Request --------------------------
certutil -C -c TestCA -m 2000 -v 60 -d ../CA -i req -o Distrusted.cert -f ../tests.pw 
cert.sh: #5794: Sign Distrusted's Request - PASSED
cert.sh: Import Distrusted's Cert --------------------------
certutil -A -n Distrusted -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5795: Import Distrusted's Cert - PASSED
cert.sh SUCCESS: Distrusted's Cert Created
cert.sh: Generate DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5796: Generate DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 2000 -v 60 -d ../CA -i req -o Distrusted-dsa.cert -f ../tests.pw 
cert.sh: #5797: Sign Distrusted's DSA Request - PASSED
cert.sh: Import Distrusted's DSA Cert --------------------------
certutil -A -n Distrusted-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5798: Import Distrusted's DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5799: Generate mixed DSA Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 22000 -v 60 -d ../CA -i req -o Distrusted-dsamixed.cert -f ../tests.pw 
cert.sh: #5800: Sign Distrusted's DSA Request with RSA - PASSED
cert.sh: Import Distrusted's mixed DSA Cert --------------------------
certutil -A -n Distrusted-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5801: Import Distrusted's mixed DSA Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5802: Generate EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request --------------------------
certutil -C -c TestCA-ec -m 2000 -v 60 -d ../CA -i req -o Distrusted-ec.cert -f ../tests.pw 
cert.sh: #5803: Sign Distrusted's EC Request - PASSED
cert.sh: Import Distrusted's EC Cert --------------------------
certutil -A -n Distrusted-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5804: Import Distrusted's EC Cert - PASSED
cert.sh SUCCESS: Distrusted's EC Cert Created
cert.sh: Generate mixed EC Cert Request for Distrusted --------------------------
certutil -s "CN=Distrusted, E=Distrusted-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5805: Generate mixed EC Cert Request for Distrusted - PASSED
cert.sh: Sign Distrusted's EC Request with RSA --------------------------
certutil -C -c TestCA -m 12000 -v 60 -d ../CA -i req -o Distrusted-ecmixed.cert -f ../tests.pw 
cert.sh: #5806: Sign Distrusted's EC Request with RSA - PASSED
cert.sh: Import Distrusted's mixed EC Cert --------------------------
certutil -A -n Distrusted-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i Distrusted-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5807: Import Distrusted's mixed EC Cert - PASSED
cert.sh SUCCESS: Distrusted's mixed EC Cert Created
cert.sh: Mark CERT as unstrusted --------------------------
certutil -M -n Distrusted -t p,p,p -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
cert.sh: #5808: Mark CERT as unstrusted - PASSED
cert.sh: Creating Distrusted Intermediate
cert.sh: Creating a CA Certificate DistrustedCA ==========================
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA
cert.sh: Creating CA Cert DistrustedCA  --------------------------
certutil -s "CN=DistrustedCA, E=DistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -S -n DistrustedCA -t ,, -v 600 -c TestCA -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -1 -2 -5 -f ../tests.pw -z ../tests_noise -m 2010
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Is this a critical extension [y/N]?
cert.sh: #5809: Creating CA Cert DistrustedCA  - PASSED
cert.sh: Exporting Root Cert --------------------------
certutil -L -n DistrustedCA -r -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -o root.cert
cert.sh: #5810: Exporting Root Cert - PASSED
cert.sh: Import Distrusted Intermediate --------------------------
certutil -A -n DistrustedCA -t p,p,p -f ../tests.pw -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -i ../CA/DistrustedCA.ca.cert
cert.sh: #5811: Import Distrusted Intermediate - PASSED
cert.sh: Generate Cert Request for Leaf Chained to Distrusted CA --------------------------
certutil -s "CN=LeafChainedToDistrustedCA, E=LeafChainedToDistrustedCA@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5812: Generate Cert Request for Leaf Chained to Distrusted CA - PASSED
cp: './req' and '/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA/req' are the same file
cert.sh: Sign LeafChainedToDistrustedCA's Request --------------------------
certutil -C -c DistrustedCA -m 100 -v 60 -d ../CA -i req -o LeafChainedToDistrustedCA.cert -f ../tests.pw
cert.sh: #5813: Sign LeafChainedToDistrustedCA's Request - PASSED
cert.sh: Import LeafChainedToDistrustedCA's Cert  -t u,u,u --------------------------
certutil -A -n LeafChainedToDistrustedCA -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw -i LeafChainedToDistrustedCA.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5814: Import LeafChainedToDistrustedCA's Cert  -t u,u,u - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Server --------------------------
certutil -V -n LeafChainedToDistrustedCA -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #5815: Verify LeafChainedToDistrustedCA Cert for SSL Server - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for SSL Client --------------------------
certutil -V -n LeafChainedToDistrustedCA -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #5816: Verify LeafChainedToDistrustedCA Cert for SSL Client - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #5817: Verify LeafChainedToDistrustedCA Cert for Email signer - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Email recipient --------------------------
certutil -V -n LeafChainedToDistrustedCA -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate issuer has been marked as not trusted by the user.
cert.sh: #5818: Verify LeafChainedToDistrustedCA Cert for Email recipient - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for OCSP responder --------------------------
certutil -V -n LeafChainedToDistrustedCA -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #5819: Verify LeafChainedToDistrustedCA Cert for OCSP responder - PASSED
cert.sh: Verify LeafChainedToDistrustedCA Cert for Object Signer --------------------------
certutil -V -n LeafChainedToDistrustedCA -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #5820: Verify LeafChainedToDistrustedCA Cert for Object Signer - PASSED
cert.sh: Verify Distrusted Cert for SSL Server --------------------------
certutil -V -n Distrusted -u V -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #5821: Verify Distrusted Cert for SSL Server - PASSED
cert.sh: Verify Distrusted Cert for SSL Client --------------------------
certutil -V -n Distrusted -u C -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #5822: Verify Distrusted Cert for SSL Client - PASSED
cert.sh: Verify Distrusted Cert for Email signer --------------------------
certutil -V -n Distrusted -u S -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #5823: Verify Distrusted Cert for Email signer - PASSED
cert.sh: Verify Distrusted Cert for Email recipient --------------------------
certutil -V -n Distrusted -u R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #5824: Verify Distrusted Cert for Email recipient - PASSED
cert.sh: Verify Distrusted Cert for OCSP responder --------------------------
certutil -V -n Distrusted -u O -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Certificate type not approved for application.
cert.sh: #5825: Verify Distrusted Cert for OCSP responder - PASSED
cert.sh: Verify Distrusted Cert for Object Signer --------------------------
certutil -V -n Distrusted -u J -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/distrust -f ../tests.pw
certutil: certificate is invalid: Peer's certificate has been marked as not trusted by the user.
cert.sh: #5826: Verify Distrusted Cert for Object Signer - PASSED
cert.sh: OCSP response creation selftest
cert.sh: perform selftest --------------------------
ocspresp /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/serverCA serverCA chain-1-serverCA -f ../tests.pw
cert.sh: #5827: perform selftest - PASSED
cert.sh: Creating Client CA Issued Certificates Range 40 - 52 ===
cert.sh: Generate Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5828: Generate Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's Request --------------------------
certutil -C -c TestCA -m 40 -v 60 -d ../CA -i req -o TestUser40.cert -f ../tests.pw 
cert.sh: #5829: Sign TestUser40's Request - PASSED
cert.sh: Import TestUser40's Cert --------------------------
certutil -A -n TestUser40 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5830: Import TestUser40's Cert - PASSED
cert.sh SUCCESS: TestUser40's Cert Created
cert.sh: Generate DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5831: Generate DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 40 -v 60 -d ../CA -i req -o TestUser40-dsa.cert -f ../tests.pw 
cert.sh: #5832: Sign TestUser40's DSA Request - PASSED
cert.sh: Import TestUser40's DSA Cert --------------------------
certutil -A -n TestUser40-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5833: Import TestUser40's DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5834: Generate mixed DSA Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20040 -v 60 -d ../CA -i req -o TestUser40-dsamixed.cert -f ../tests.pw 
cert.sh: #5835: Sign TestUser40's DSA Request with RSA - PASSED
cert.sh: Import TestUser40's mixed DSA Cert --------------------------
certutil -A -n TestUser40-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5836: Import TestUser40's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5837: Generate EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request --------------------------
certutil -C -c TestCA-ec -m 40 -v 60 -d ../CA -i req -o TestUser40-ec.cert -f ../tests.pw 
cert.sh: #5838: Sign TestUser40's EC Request - PASSED
cert.sh: Import TestUser40's EC Cert --------------------------
certutil -A -n TestUser40-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5839: Import TestUser40's EC Cert - PASSED
cert.sh SUCCESS: TestUser40's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser40 --------------------------
certutil -s "CN=TestUser40, E=TestUser40-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5840: Generate mixed EC Cert Request for TestUser40 - PASSED
cert.sh: Sign TestUser40's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10040 -v 60 -d ../CA -i req -o TestUser40-ecmixed.cert -f ../tests.pw 
cert.sh: #5841: Sign TestUser40's EC Request with RSA - PASSED
cert.sh: Import TestUser40's mixed EC Cert --------------------------
certutil -A -n TestUser40-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser40-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5842: Import TestUser40's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser40's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5843: Generate Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's Request --------------------------
certutil -C -c TestCA -m 41 -v 60 -d ../CA -i req -o TestUser41.cert -f ../tests.pw 
cert.sh: #5844: Sign TestUser41's Request - PASSED
cert.sh: Import TestUser41's Cert --------------------------
certutil -A -n TestUser41 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5845: Import TestUser41's Cert - PASSED
cert.sh SUCCESS: TestUser41's Cert Created
cert.sh: Generate DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5846: Generate DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 41 -v 60 -d ../CA -i req -o TestUser41-dsa.cert -f ../tests.pw 
cert.sh: #5847: Sign TestUser41's DSA Request - PASSED
cert.sh: Import TestUser41's DSA Cert --------------------------
certutil -A -n TestUser41-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5848: Import TestUser41's DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5849: Generate mixed DSA Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20041 -v 60 -d ../CA -i req -o TestUser41-dsamixed.cert -f ../tests.pw 
cert.sh: #5850: Sign TestUser41's DSA Request with RSA - PASSED
cert.sh: Import TestUser41's mixed DSA Cert --------------------------
certutil -A -n TestUser41-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5851: Import TestUser41's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5852: Generate EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request --------------------------
certutil -C -c TestCA-ec -m 41 -v 60 -d ../CA -i req -o TestUser41-ec.cert -f ../tests.pw 
cert.sh: #5853: Sign TestUser41's EC Request - PASSED
cert.sh: Import TestUser41's EC Cert --------------------------
certutil -A -n TestUser41-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5854: Import TestUser41's EC Cert - PASSED
cert.sh SUCCESS: TestUser41's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser41 --------------------------
certutil -s "CN=TestUser41, E=TestUser41-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5855: Generate mixed EC Cert Request for TestUser41 - PASSED
cert.sh: Sign TestUser41's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10041 -v 60 -d ../CA -i req -o TestUser41-ecmixed.cert -f ../tests.pw 
cert.sh: #5856: Sign TestUser41's EC Request with RSA - PASSED
cert.sh: Import TestUser41's mixed EC Cert --------------------------
certutil -A -n TestUser41-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser41-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5857: Import TestUser41's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser41's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5858: Generate Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's Request --------------------------
certutil -C -c TestCA -m 42 -v 60 -d ../CA -i req -o TestUser42.cert -f ../tests.pw 
cert.sh: #5859: Sign TestUser42's Request - PASSED
cert.sh: Import TestUser42's Cert --------------------------
certutil -A -n TestUser42 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5860: Import TestUser42's Cert - PASSED
cert.sh SUCCESS: TestUser42's Cert Created
cert.sh: Generate DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5861: Generate DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 42 -v 60 -d ../CA -i req -o TestUser42-dsa.cert -f ../tests.pw 
cert.sh: #5862: Sign TestUser42's DSA Request - PASSED
cert.sh: Import TestUser42's DSA Cert --------------------------
certutil -A -n TestUser42-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5863: Import TestUser42's DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5864: Generate mixed DSA Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20042 -v 60 -d ../CA -i req -o TestUser42-dsamixed.cert -f ../tests.pw 
cert.sh: #5865: Sign TestUser42's DSA Request with RSA - PASSED
cert.sh: Import TestUser42's mixed DSA Cert --------------------------
certutil -A -n TestUser42-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5866: Import TestUser42's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5867: Generate EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request --------------------------
certutil -C -c TestCA-ec -m 42 -v 60 -d ../CA -i req -o TestUser42-ec.cert -f ../tests.pw 
cert.sh: #5868: Sign TestUser42's EC Request - PASSED
cert.sh: Import TestUser42's EC Cert --------------------------
certutil -A -n TestUser42-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5869: Import TestUser42's EC Cert - PASSED
cert.sh SUCCESS: TestUser42's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser42 --------------------------
certutil -s "CN=TestUser42, E=TestUser42-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5870: Generate mixed EC Cert Request for TestUser42 - PASSED
cert.sh: Sign TestUser42's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10042 -v 60 -d ../CA -i req -o TestUser42-ecmixed.cert -f ../tests.pw 
cert.sh: #5871: Sign TestUser42's EC Request with RSA - PASSED
cert.sh: Import TestUser42's mixed EC Cert --------------------------
certutil -A -n TestUser42-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser42-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5872: Import TestUser42's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser42's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5873: Generate Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's Request --------------------------
certutil -C -c TestCA -m 43 -v 60 -d ../CA -i req -o TestUser43.cert -f ../tests.pw 
cert.sh: #5874: Sign TestUser43's Request - PASSED
cert.sh: Import TestUser43's Cert --------------------------
certutil -A -n TestUser43 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5875: Import TestUser43's Cert - PASSED
cert.sh SUCCESS: TestUser43's Cert Created
cert.sh: Generate DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5876: Generate DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 43 -v 60 -d ../CA -i req -o TestUser43-dsa.cert -f ../tests.pw 
cert.sh: #5877: Sign TestUser43's DSA Request - PASSED
cert.sh: Import TestUser43's DSA Cert --------------------------
certutil -A -n TestUser43-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5878: Import TestUser43's DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5879: Generate mixed DSA Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20043 -v 60 -d ../CA -i req -o TestUser43-dsamixed.cert -f ../tests.pw 
cert.sh: #5880: Sign TestUser43's DSA Request with RSA - PASSED
cert.sh: Import TestUser43's mixed DSA Cert --------------------------
certutil -A -n TestUser43-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5881: Import TestUser43's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5882: Generate EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request --------------------------
certutil -C -c TestCA-ec -m 43 -v 60 -d ../CA -i req -o TestUser43-ec.cert -f ../tests.pw 
cert.sh: #5883: Sign TestUser43's EC Request - PASSED
cert.sh: Import TestUser43's EC Cert --------------------------
certutil -A -n TestUser43-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5884: Import TestUser43's EC Cert - PASSED
cert.sh SUCCESS: TestUser43's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser43 --------------------------
certutil -s "CN=TestUser43, E=TestUser43-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5885: Generate mixed EC Cert Request for TestUser43 - PASSED
cert.sh: Sign TestUser43's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10043 -v 60 -d ../CA -i req -o TestUser43-ecmixed.cert -f ../tests.pw 
cert.sh: #5886: Sign TestUser43's EC Request with RSA - PASSED
cert.sh: Import TestUser43's mixed EC Cert --------------------------
certutil -A -n TestUser43-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser43-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5887: Import TestUser43's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser43's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5888: Generate Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's Request --------------------------
certutil -C -c TestCA -m 44 -v 60 -d ../CA -i req -o TestUser44.cert -f ../tests.pw 
cert.sh: #5889: Sign TestUser44's Request - PASSED
cert.sh: Import TestUser44's Cert --------------------------
certutil -A -n TestUser44 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5890: Import TestUser44's Cert - PASSED
cert.sh SUCCESS: TestUser44's Cert Created
cert.sh: Generate DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5891: Generate DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 44 -v 60 -d ../CA -i req -o TestUser44-dsa.cert -f ../tests.pw 
cert.sh: #5892: Sign TestUser44's DSA Request - PASSED
cert.sh: Import TestUser44's DSA Cert --------------------------
certutil -A -n TestUser44-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5893: Import TestUser44's DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5894: Generate mixed DSA Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20044 -v 60 -d ../CA -i req -o TestUser44-dsamixed.cert -f ../tests.pw 
cert.sh: #5895: Sign TestUser44's DSA Request with RSA - PASSED
cert.sh: Import TestUser44's mixed DSA Cert --------------------------
certutil -A -n TestUser44-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5896: Import TestUser44's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5897: Generate EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request --------------------------
certutil -C -c TestCA-ec -m 44 -v 60 -d ../CA -i req -o TestUser44-ec.cert -f ../tests.pw 
cert.sh: #5898: Sign TestUser44's EC Request - PASSED
cert.sh: Import TestUser44's EC Cert --------------------------
certutil -A -n TestUser44-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5899: Import TestUser44's EC Cert - PASSED
cert.sh SUCCESS: TestUser44's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser44 --------------------------
certutil -s "CN=TestUser44, E=TestUser44-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5900: Generate mixed EC Cert Request for TestUser44 - PASSED
cert.sh: Sign TestUser44's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10044 -v 60 -d ../CA -i req -o TestUser44-ecmixed.cert -f ../tests.pw 
cert.sh: #5901: Sign TestUser44's EC Request with RSA - PASSED
cert.sh: Import TestUser44's mixed EC Cert --------------------------
certutil -A -n TestUser44-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser44-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5902: Import TestUser44's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser44's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5903: Generate Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's Request --------------------------
certutil -C -c TestCA -m 45 -v 60 -d ../CA -i req -o TestUser45.cert -f ../tests.pw 
cert.sh: #5904: Sign TestUser45's Request - PASSED
cert.sh: Import TestUser45's Cert --------------------------
certutil -A -n TestUser45 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5905: Import TestUser45's Cert - PASSED
cert.sh SUCCESS: TestUser45's Cert Created
cert.sh: Generate DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5906: Generate DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 45 -v 60 -d ../CA -i req -o TestUser45-dsa.cert -f ../tests.pw 
cert.sh: #5907: Sign TestUser45's DSA Request - PASSED
cert.sh: Import TestUser45's DSA Cert --------------------------
certutil -A -n TestUser45-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5908: Import TestUser45's DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5909: Generate mixed DSA Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20045 -v 60 -d ../CA -i req -o TestUser45-dsamixed.cert -f ../tests.pw 
cert.sh: #5910: Sign TestUser45's DSA Request with RSA - PASSED
cert.sh: Import TestUser45's mixed DSA Cert --------------------------
certutil -A -n TestUser45-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5911: Import TestUser45's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5912: Generate EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request --------------------------
certutil -C -c TestCA-ec -m 45 -v 60 -d ../CA -i req -o TestUser45-ec.cert -f ../tests.pw 
cert.sh: #5913: Sign TestUser45's EC Request - PASSED
cert.sh: Import TestUser45's EC Cert --------------------------
certutil -A -n TestUser45-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5914: Import TestUser45's EC Cert - PASSED
cert.sh SUCCESS: TestUser45's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser45 --------------------------
certutil -s "CN=TestUser45, E=TestUser45-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5915: Generate mixed EC Cert Request for TestUser45 - PASSED
cert.sh: Sign TestUser45's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10045 -v 60 -d ../CA -i req -o TestUser45-ecmixed.cert -f ../tests.pw 
cert.sh: #5916: Sign TestUser45's EC Request with RSA - PASSED
cert.sh: Import TestUser45's mixed EC Cert --------------------------
certutil -A -n TestUser45-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser45-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5917: Import TestUser45's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser45's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5918: Generate Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's Request --------------------------
certutil -C -c TestCA -m 46 -v 60 -d ../CA -i req -o TestUser46.cert -f ../tests.pw 
cert.sh: #5919: Sign TestUser46's Request - PASSED
cert.sh: Import TestUser46's Cert --------------------------
certutil -A -n TestUser46 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5920: Import TestUser46's Cert - PASSED
cert.sh SUCCESS: TestUser46's Cert Created
cert.sh: Generate DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5921: Generate DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 46 -v 60 -d ../CA -i req -o TestUser46-dsa.cert -f ../tests.pw 
cert.sh: #5922: Sign TestUser46's DSA Request - PASSED
cert.sh: Import TestUser46's DSA Cert --------------------------
certutil -A -n TestUser46-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5923: Import TestUser46's DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5924: Generate mixed DSA Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20046 -v 60 -d ../CA -i req -o TestUser46-dsamixed.cert -f ../tests.pw 
cert.sh: #5925: Sign TestUser46's DSA Request with RSA - PASSED
cert.sh: Import TestUser46's mixed DSA Cert --------------------------
certutil -A -n TestUser46-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5926: Import TestUser46's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5927: Generate EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request --------------------------
certutil -C -c TestCA-ec -m 46 -v 60 -d ../CA -i req -o TestUser46-ec.cert -f ../tests.pw 
cert.sh: #5928: Sign TestUser46's EC Request - PASSED
cert.sh: Import TestUser46's EC Cert --------------------------
certutil -A -n TestUser46-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5929: Import TestUser46's EC Cert - PASSED
cert.sh SUCCESS: TestUser46's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser46 --------------------------
certutil -s "CN=TestUser46, E=TestUser46-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5930: Generate mixed EC Cert Request for TestUser46 - PASSED
cert.sh: Sign TestUser46's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10046 -v 60 -d ../CA -i req -o TestUser46-ecmixed.cert -f ../tests.pw 
cert.sh: #5931: Sign TestUser46's EC Request with RSA - PASSED
cert.sh: Import TestUser46's mixed EC Cert --------------------------
certutil -A -n TestUser46-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser46-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5932: Import TestUser46's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser46's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5933: Generate Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's Request --------------------------
certutil -C -c TestCA -m 47 -v 60 -d ../CA -i req -o TestUser47.cert -f ../tests.pw 
cert.sh: #5934: Sign TestUser47's Request - PASSED
cert.sh: Import TestUser47's Cert --------------------------
certutil -A -n TestUser47 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5935: Import TestUser47's Cert - PASSED
cert.sh SUCCESS: TestUser47's Cert Created
cert.sh: Generate DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5936: Generate DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 47 -v 60 -d ../CA -i req -o TestUser47-dsa.cert -f ../tests.pw 
cert.sh: #5937: Sign TestUser47's DSA Request - PASSED
cert.sh: Import TestUser47's DSA Cert --------------------------
certutil -A -n TestUser47-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5938: Import TestUser47's DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5939: Generate mixed DSA Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20047 -v 60 -d ../CA -i req -o TestUser47-dsamixed.cert -f ../tests.pw 
cert.sh: #5940: Sign TestUser47's DSA Request with RSA - PASSED
cert.sh: Import TestUser47's mixed DSA Cert --------------------------
certutil -A -n TestUser47-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5941: Import TestUser47's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5942: Generate EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request --------------------------
certutil -C -c TestCA-ec -m 47 -v 60 -d ../CA -i req -o TestUser47-ec.cert -f ../tests.pw 
cert.sh: #5943: Sign TestUser47's EC Request - PASSED
cert.sh: Import TestUser47's EC Cert --------------------------
certutil -A -n TestUser47-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5944: Import TestUser47's EC Cert - PASSED
cert.sh SUCCESS: TestUser47's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser47 --------------------------
certutil -s "CN=TestUser47, E=TestUser47-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5945: Generate mixed EC Cert Request for TestUser47 - PASSED
cert.sh: Sign TestUser47's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10047 -v 60 -d ../CA -i req -o TestUser47-ecmixed.cert -f ../tests.pw 
cert.sh: #5946: Sign TestUser47's EC Request with RSA - PASSED
cert.sh: Import TestUser47's mixed EC Cert --------------------------
certutil -A -n TestUser47-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser47-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5947: Import TestUser47's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser47's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5948: Generate Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's Request --------------------------
certutil -C -c TestCA -m 48 -v 60 -d ../CA -i req -o TestUser48.cert -f ../tests.pw 
cert.sh: #5949: Sign TestUser48's Request - PASSED
cert.sh: Import TestUser48's Cert --------------------------
certutil -A -n TestUser48 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5950: Import TestUser48's Cert - PASSED
cert.sh SUCCESS: TestUser48's Cert Created
cert.sh: Generate DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5951: Generate DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 48 -v 60 -d ../CA -i req -o TestUser48-dsa.cert -f ../tests.pw 
cert.sh: #5952: Sign TestUser48's DSA Request - PASSED
cert.sh: Import TestUser48's DSA Cert --------------------------
certutil -A -n TestUser48-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5953: Import TestUser48's DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5954: Generate mixed DSA Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20048 -v 60 -d ../CA -i req -o TestUser48-dsamixed.cert -f ../tests.pw 
cert.sh: #5955: Sign TestUser48's DSA Request with RSA - PASSED
cert.sh: Import TestUser48's mixed DSA Cert --------------------------
certutil -A -n TestUser48-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5956: Import TestUser48's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5957: Generate EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request --------------------------
certutil -C -c TestCA-ec -m 48 -v 60 -d ../CA -i req -o TestUser48-ec.cert -f ../tests.pw 
cert.sh: #5958: Sign TestUser48's EC Request - PASSED
cert.sh: Import TestUser48's EC Cert --------------------------
certutil -A -n TestUser48-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5959: Import TestUser48's EC Cert - PASSED
cert.sh SUCCESS: TestUser48's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser48 --------------------------
certutil -s "CN=TestUser48, E=TestUser48-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5960: Generate mixed EC Cert Request for TestUser48 - PASSED
cert.sh: Sign TestUser48's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10048 -v 60 -d ../CA -i req -o TestUser48-ecmixed.cert -f ../tests.pw 
cert.sh: #5961: Sign TestUser48's EC Request with RSA - PASSED
cert.sh: Import TestUser48's mixed EC Cert --------------------------
certutil -A -n TestUser48-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser48-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5962: Import TestUser48's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser48's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5963: Generate Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's Request --------------------------
certutil -C -c TestCA -m 49 -v 60 -d ../CA -i req -o TestUser49.cert -f ../tests.pw 
cert.sh: #5964: Sign TestUser49's Request - PASSED
cert.sh: Import TestUser49's Cert --------------------------
certutil -A -n TestUser49 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5965: Import TestUser49's Cert - PASSED
cert.sh SUCCESS: TestUser49's Cert Created
cert.sh: Generate DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5966: Generate DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 49 -v 60 -d ../CA -i req -o TestUser49-dsa.cert -f ../tests.pw 
cert.sh: #5967: Sign TestUser49's DSA Request - PASSED
cert.sh: Import TestUser49's DSA Cert --------------------------
certutil -A -n TestUser49-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5968: Import TestUser49's DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5969: Generate mixed DSA Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20049 -v 60 -d ../CA -i req -o TestUser49-dsamixed.cert -f ../tests.pw 
cert.sh: #5970: Sign TestUser49's DSA Request with RSA - PASSED
cert.sh: Import TestUser49's mixed DSA Cert --------------------------
certutil -A -n TestUser49-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5971: Import TestUser49's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5972: Generate EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request --------------------------
certutil -C -c TestCA-ec -m 49 -v 60 -d ../CA -i req -o TestUser49-ec.cert -f ../tests.pw 
cert.sh: #5973: Sign TestUser49's EC Request - PASSED
cert.sh: Import TestUser49's EC Cert --------------------------
certutil -A -n TestUser49-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5974: Import TestUser49's EC Cert - PASSED
cert.sh SUCCESS: TestUser49's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser49 --------------------------
certutil -s "CN=TestUser49, E=TestUser49-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5975: Generate mixed EC Cert Request for TestUser49 - PASSED
cert.sh: Sign TestUser49's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10049 -v 60 -d ../CA -i req -o TestUser49-ecmixed.cert -f ../tests.pw 
cert.sh: #5976: Sign TestUser49's EC Request with RSA - PASSED
cert.sh: Import TestUser49's mixed EC Cert --------------------------
certutil -A -n TestUser49-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser49-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5977: Import TestUser49's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser49's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5978: Generate Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's Request --------------------------
certutil -C -c TestCA -m 50 -v 60 -d ../CA -i req -o TestUser50.cert -f ../tests.pw 
cert.sh: #5979: Sign TestUser50's Request - PASSED
cert.sh: Import TestUser50's Cert --------------------------
certutil -A -n TestUser50 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5980: Import TestUser50's Cert - PASSED
cert.sh SUCCESS: TestUser50's Cert Created
cert.sh: Generate DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5981: Generate DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 50 -v 60 -d ../CA -i req -o TestUser50-dsa.cert -f ../tests.pw 
cert.sh: #5982: Sign TestUser50's DSA Request - PASSED
cert.sh: Import TestUser50's DSA Cert --------------------------
certutil -A -n TestUser50-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5983: Import TestUser50's DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5984: Generate mixed DSA Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20050 -v 60 -d ../CA -i req -o TestUser50-dsamixed.cert -f ../tests.pw 
cert.sh: #5985: Sign TestUser50's DSA Request with RSA - PASSED
cert.sh: Import TestUser50's mixed DSA Cert --------------------------
certutil -A -n TestUser50-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5986: Import TestUser50's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5987: Generate EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request --------------------------
certutil -C -c TestCA-ec -m 50 -v 60 -d ../CA -i req -o TestUser50-ec.cert -f ../tests.pw 
cert.sh: #5988: Sign TestUser50's EC Request - PASSED
cert.sh: Import TestUser50's EC Cert --------------------------
certutil -A -n TestUser50-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5989: Import TestUser50's EC Cert - PASSED
cert.sh SUCCESS: TestUser50's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser50 --------------------------
certutil -s "CN=TestUser50, E=TestUser50-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5990: Generate mixed EC Cert Request for TestUser50 - PASSED
cert.sh: Sign TestUser50's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10050 -v 60 -d ../CA -i req -o TestUser50-ecmixed.cert -f ../tests.pw 
cert.sh: #5991: Sign TestUser50's EC Request with RSA - PASSED
cert.sh: Import TestUser50's mixed EC Cert --------------------------
certutil -A -n TestUser50-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser50-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5992: Import TestUser50's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser50's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5993: Generate Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's Request --------------------------
certutil -C -c TestCA -m 51 -v 60 -d ../CA -i req -o TestUser51.cert -f ../tests.pw 
cert.sh: #5994: Sign TestUser51's Request - PASSED
cert.sh: Import TestUser51's Cert --------------------------
certutil -A -n TestUser51 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5995: Import TestUser51's Cert - PASSED
cert.sh SUCCESS: TestUser51's Cert Created
cert.sh: Generate DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5996: Generate DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 51 -v 60 -d ../CA -i req -o TestUser51-dsa.cert -f ../tests.pw 
cert.sh: #5997: Sign TestUser51's DSA Request - PASSED
cert.sh: Import TestUser51's DSA Cert --------------------------
certutil -A -n TestUser51-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #5998: Import TestUser51's DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #5999: Generate mixed DSA Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20051 -v 60 -d ../CA -i req -o TestUser51-dsamixed.cert -f ../tests.pw 
cert.sh: #6000: Sign TestUser51's DSA Request with RSA - PASSED
cert.sh: Import TestUser51's mixed DSA Cert --------------------------
certutil -A -n TestUser51-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6001: Import TestUser51's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6002: Generate EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request --------------------------
certutil -C -c TestCA-ec -m 51 -v 60 -d ../CA -i req -o TestUser51-ec.cert -f ../tests.pw 
cert.sh: #6003: Sign TestUser51's EC Request - PASSED
cert.sh: Import TestUser51's EC Cert --------------------------
certutil -A -n TestUser51-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6004: Import TestUser51's EC Cert - PASSED
cert.sh SUCCESS: TestUser51's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser51 --------------------------
certutil -s "CN=TestUser51, E=TestUser51-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6005: Generate mixed EC Cert Request for TestUser51 - PASSED
cert.sh: Sign TestUser51's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10051 -v 60 -d ../CA -i req -o TestUser51-ecmixed.cert -f ../tests.pw 
cert.sh: #6006: Sign TestUser51's EC Request with RSA - PASSED
cert.sh: Import TestUser51's mixed EC Cert --------------------------
certutil -A -n TestUser51-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser51-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6007: Import TestUser51's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser51's mixed EC Cert Created
cert.sh: Generate Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6008: Generate Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's Request --------------------------
certutil -C -c TestCA -m 52 -v 60 -d ../CA -i req -o TestUser52.cert -f ../tests.pw 
cert.sh: #6009: Sign TestUser52's Request - PASSED
cert.sh: Import TestUser52's Cert --------------------------
certutil -A -n TestUser52 -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6010: Import TestUser52's Cert - PASSED
cert.sh SUCCESS: TestUser52's Cert Created
cert.sh: Generate DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsa@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6011: Generate DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request --------------------------
certutil -C -c TestCA-dsa -m 52 -v 60 -d ../CA -i req -o TestUser52-dsa.cert -f ../tests.pw 
cert.sh: #6012: Sign TestUser52's DSA Request - PASSED
cert.sh: Import TestUser52's DSA Cert --------------------------
certutil -A -n TestUser52-dsa -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-dsa.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6013: Import TestUser52's DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's DSA Cert Created
cert.sh: Generate mixed DSA Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-dsamixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k dsa -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6014: Generate mixed DSA Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's DSA Request with RSA --------------------------
certutil -C -c TestCA -m 20052 -v 60 -d ../CA -i req -o TestUser52-dsamixed.cert -f ../tests.pw 
cert.sh: #6015: Sign TestUser52's DSA Request with RSA - PASSED
cert.sh: Import TestUser52's mixed DSA Cert --------------------------
certutil -A -n TestUser52-dsamixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-dsamixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6016: Import TestUser52's mixed DSA Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed DSA Cert Created
cert.sh: Generate EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ec@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6017: Generate EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request --------------------------
certutil -C -c TestCA-ec -m 52 -v 60 -d ../CA -i req -o TestUser52-ec.cert -f ../tests.pw 
cert.sh: #6018: Sign TestUser52's EC Request - PASSED
cert.sh: Import TestUser52's EC Cert --------------------------
certutil -A -n TestUser52-ec -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ec.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6019: Import TestUser52's EC Cert - PASSED
cert.sh SUCCESS: TestUser52's EC Cert Created
cert.sh: Generate mixed EC Cert Request for TestUser52 --------------------------
certutil -s "CN=TestUser52, E=TestUser52-ecmixed@bogus.com, O=BOGUS NSS, L=Mountain View, ST=California, C=US" -R -k ec -q secp384r1 -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -z ../tests_noise -o req
Generating key.  This may take a few moments...
cert.sh: #6020: Generate mixed EC Cert Request for TestUser52 - PASSED
cert.sh: Sign TestUser52's EC Request with RSA --------------------------
certutil -C -c TestCA -m 10052 -v 60 -d ../CA -i req -o TestUser52-ecmixed.cert -f ../tests.pw 
cert.sh: #6021: Sign TestUser52's EC Request with RSA - PASSED
cert.sh: Import TestUser52's mixed EC Cert --------------------------
certutil -A -n TestUser52-ecmixed -t u,u,u -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/client -f ../tests.pw -i TestUser52-ecmixed.cert
Notice: Trust flag u is set automatically if the private key is present.
cert.sh: #6022: Import TestUser52's mixed EC Cert - PASSED
cert.sh SUCCESS: TestUser52's mixed EC Cert Created
cert.sh: Creating CA CRL =====================================
cert.sh: Generating CRL for range 40-42 TestCA authority --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -G -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or
cert.sh: #6023: Generating CRL for range 40-42 TestCA authority - PASSED
cert.sh: Generating CRL (DSA) for range 40-42 TestCA-dsa authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -G -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or-dsa
cert.sh: #6024: Generating CRL (DSA) for range 40-42 TestCA-dsa authority - PASSED
cert.sh: Generating CRL (ECC) for range 40-42 TestCA-ec authority --------------------------
crlutil -q -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -G -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or-ec
cert.sh: #6025: Generating CRL (ECC) for range 40-42 TestCA-ec authority - PASSED
cert.sh: Modifying CA CRL by adding one more cert ============
cert.sh: Modify CRL by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42_or1 -i ../server/root.crl_40-42_or
cert.sh: #6026: Modify CRL by adding one more cert - PASSED
cert.sh: Modify CRL (DSA) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42_or1-dsa -i ../server/root.crl_40-42_or-dsa
cert.sh: #6027: Modify CRL (DSA) by adding one more cert - PASSED
cert.sh: Modify CRL (ECC) by adding one more cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42_or1-ec -i ../server/root.crl_40-42_or-ec
cert.sh: #6028: Modify CRL (ECC) by adding one more cert - PASSED
cert.sh: Modifying CA CRL by removing one cert ===============
cert.sh: Modify CRL by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #6029: Modify CRL by removing one cert - PASSED
cert.sh: Modify CRL (DSA) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-dsa -f ../tests.pw -o ../server/root.crl_40-42 -i ../server/root.crl_40-42_or1
cert.sh: #6030: Modify CRL (DSA) by removing one cert - PASSED
cert.sh: Modify CRL (ECC) by removing one cert --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_40-42-ec -i ../server/root.crl_40-42_or1-ec
cert.sh: #6031: Modify CRL (ECC) by removing one cert - PASSED
cert.sh: Creating CA CRL for groups 1 and 2  ===============
cert.sh: Creating CRL for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_43-48 -i ../server/root.crl_40-42
cert.sh: #6032: Creating CRL for groups 1 and 2 - PASSED
cert.sh: Creating CRL (ECC) for groups 1 and 2 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_43-48-ec -i ../server/root.crl_40-42-ec
cert.sh: #6033: Creating CRL (ECC) for groups 1 and 2 - PASSED
cert.sh: Creating CA CRL for groups 1, 2 and 3  ===============
cert.sh: Creating CRL for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA -f ../tests.pw -o ../server/root.crl_49-52 -i ../server/root.crl_43-48
cert.sh: #6034: Creating CRL for groups 1, 2 and 3 - PASSED
cert.sh: Creating CRL (ECC) for groups 1, 2 and 3 --------------------------
crlutil -q -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/CA -M -n TestCA-ec -f ../tests.pw -o ../server/root.crl_49-52-ec -i ../server/root.crl_43-48-ec
cert.sh: #6035: Creating CRL (ECC) for groups 1, 2 and 3 - PASSED
cert.sh: Importing Server CA Issued CRL for certs  trough 52
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -D -n TestCA -f ../tests.pw -d ../server
crlutil: could not find TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #6036: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42 -n TestCA -f ../tests.pw -d ../server
cert.sh: #6037: Importing CRL for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -D -n TestCA-ec -f ../tests.pw -d ../server
crlutil: could not find TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
crlutil: could not find the issuer TestCA-ec's CRL: SEC_ERROR_CRL_NOT_FOUND: No matching CRL was found.
cert.sh: #6038: Importing CRL (ECC) for groups 1 - PASSED
cert.sh: Importing CRL (ECC) for groups 1 --------------------------
crlutil -q -I -i ../server/root.crl_40-42-ec -n TestCA-ec -f ../tests.pw -d ../server
cert.sh: #6039: Importing CRL (ECC) for groups 1 - PASSED
cert.sh SUCCESS: SSL CRL prep passed
cert.sh cert.sh: finished cert.sh
TIMESTAMP cert END: Tue Jun 28 18:24:11 UTC 2016
Running tests for dbtests
TIMESTAMP dbtests BEGIN: Tue Jun 28 18:24:11 UTC 2016
dbtests.sh: CERT and Key DB Tests ===============================
---------------------------------------------------------------
| test opening the database read/write in a nonexisting directory
---------------------------------------------------------------
certutil: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #6040: Certutil didn't work in a nonexisting dir 255 - PASSED
dbdir selected is ./non_existent_dir
ERROR: Directory "./non_existent_dir" does not exist.
dbtest: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #6041: Dbtest readonly didn't work in a nonexisting dir 46 - PASSED
---------------------------------------------------------------
| test force opening the database in a nonexisting directory
---------------------------------------------------------------
dbdir selected is ./non_existent_dir
ERROR: Directory "./non_existent_dir" does not exist.
dbtests.sh: #6042: Dbtest force succeeded in a nonexisting dir 0 - PASSED
---------------------------------------------------------------
| test opening the database readonly in an empty directory
---------------------------------------------------------------
tstclnt: unable to open cert database: SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #6043: Tstclnt didn't work in an empty dir 1 - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/key3.db" does not exist.
dbtest: function failed: SEC_ERROR_BAD_DATABASE: security library: bad database.
dbtests.sh: #6044: Dbtest readonly didn't work in an empty dir 46 - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir
dbtests.sh: #6045: Dbtest logout after empty DB Init has key - PASSED
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir
dbtests.sh: #6046: Dbtest password DB Init maintains needlogin state - PASSED
certutil: could not find certificate named "xxxx": SEC_ERROR_UNRECOGNIZED_OID: Unrecognized Object Identifier.
dbtests.sh: #6047: Certutil didn't work in an empty dir 255 - PASSED
---------------------------------------------------------------
| test force opening the database  readonly in a empty directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/emptydir/key3.db" does not exist.
dbtests.sh: #6048: Dbtest force readonly succeeded in an empty dir 0 - PASSED
---------------------------------------------------------------
| test opening the database r/w in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir
ERROR: Directory "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db" does not exist.
dbtest: function failed: SEC_ERROR_READ_ONLY: security library: read-only database.
dbtests.sh: #6049: Dbtest r/w didn't work in an readonly dir 46 - PASSED
certutil: could not find certificate named "TestUser": SEC_ERROR_UNRECOGNIZED_OID: Unrecognized Object Identifier.
dbtests.sh: #6050: Certutil didn't work in an readonly dir 255 - PASSED
---------------------------------------------------------------
| test opening the database ronly in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db" does not exist.
dbtests.sh: #6051: Dbtest readonly succeeded in a readonly dir 0 - PASSED
---------------------------------------------------------------
| test force opening the database  r/w in a readonly directory
---------------------------------------------------------------
dbdir selected is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir
ERROR: Directory "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir" is not writeable.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/secmod.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert8.db" does not exist.
database checked is /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db
ERROR: File "/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key3.db" does not exist.
dbtests.sh: #6052: Dbtest force succeeded in a readonly dir 0 - PASSED
---------------------------------------------------------------
| ls -l /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir
---------------------------------------------------------------
dr-xr-xr-x. 2 mockbuild mockbuild   4096 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir
-r--r-----. 1 mockbuild mockbuild   1221 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/TestUser-dsa.cert
-r--r-----. 1 mockbuild mockbuild   1424 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/TestUser-dsamixed.cert
-r--r-----. 1 mockbuild mockbuild    579 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/TestUser-ec.cert
-r--r-----. 1 mockbuild mockbuild    705 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/TestUser-ecmixed.cert
-r--r-----. 1 mockbuild mockbuild    870 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/TestUser.cert
-r--------. 1 mockbuild mockbuild 233472 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/cert9.db
-r--------. 1 mockbuild mockbuild 131072 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/key4.db
-r--------. 1 mockbuild mockbuild    622 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/pkcs11.txt
-r--r-----. 1 mockbuild mockbuild    393 Jun 28 18:24 /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/ronlydir/req
---------------------------------------------------------------
| test creating a new cert with a conflicting nickname
---------------------------------------------------------------
/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/conflictdir
certutil: could not add certificate to token or database: SEC_ERROR_ADDING_CERT: Error adding certificate to database.
dbtests.sh: #6053: Nicknane conflict test, could not import conflict nickname 255 - PASSED
---------------------------------------------------------------
| test importing an old cert to a conflicting nickname
---------------------------------------------------------------
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 40 (0x28)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:37 2016
            Not After : Mon Jun 28 18:16:37 2021
        Subject: "CN=Bob,E=Bob@bogus.com,O=BOGUS NSS,L=Mountain View,ST=Calif
            ornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ce:03:c7:f8:9c:7b:13:39:87:e0:25:5a:91:3e:41:33:
                    43:86:9f:f0:24:67:22:9e:2e:1a:7a:52:f4:5f:e0:69:
                    62:53:68:39:8b:02:8f:b3:54:b8:00:51:68:2b:52:1c:
                    ac:8f:ab:82:33:8a:9b:96:bf:4c:64:2c:03:68:48:dc:
                    9f:2d:4a:c2:a7:96:19:d5:e5:95:0c:6e:3b:4a:02:75:
                    39:1a:e3:59:d2:29:1b:6a:13:2d:a9:92:e3:cd:3d:14:
                    ae:22:31:b7:e1:53:3a:7c:1d:59:10:82:9e:d1:f8:7f:
                    24:81:97:d4:a7:70:25:fe:56:4e:fe:d7:3a:4f:d6:47:
                    7d:29:e6:f9:06:68:26:88:3e:77:26:72:27:3c:d8:db:
                    da:f3:08:99:f7:dc:fd:83:8f:0d:26:cf:40:22:7b:bc:
                    d8:92:ca:9b:80:b9:91:82:d4:94:de:d0:1b:00:d4:95:
                    4b:d7:6e:19:1a:b4:33:e0:e5:b9:84:29:5e:e8:8a:99:
                    c8:17:2b:83:b2:55:ee:54:f8:84:2d:27:61:96:de:36:
                    bc:ad:6a:e2:a7:ab:70:a0:17:4e:b1:43:69:43:d1:d7:
                    3f:60:97:99:00:d9:d7:92:a4:6e:35:45:d1:84:de:a9:
                    cc:d7:70:bb:8e:63:02:ef:72:ed:8d:0f:33:a1:81:83
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        87:d4:42:ab:1f:7a:d0:5b:db:1a:8b:f2:88:26:53:23:
        11:5b:47:07:ef:c3:6e:83:39:b1:82:5b:2d:a7:98:7d:
        c5:7f:86:5d:c1:f2:83:56:f6:22:98:5f:fb:1a:ce:56:
        d0:e7:81:17:12:ed:82:89:aa:3b:69:a7:4e:29:de:9c:
        11:0d:b7:8f:ca:04:f4:e9:9e:2b:a4:0a:bf:7a:72:6c:
        30:ad:c6:ee:7f:c1:bc:75:c2:94:df:13:4a:aa:a2:b9:
        72:7b:9e:2a:60:70:92:ed:7e:1b:f4:74:4e:76:76:65:
        2e:49:8c:4f:7d:74:5b:7b:32:b3:6f:4c:ce:a7:48:a2:
        0d:9a:96:b5:22:53:d3:a0:ac:8b:21:bc:7f:ef:32:5f:
        d7:d7:7d:17:88:68:96:8c:f9:f6:c9:c4:75:74:8f:99:
        bf:86:3d:d5:fd:64:c1:e3:11:71:d8:6f:d8:a9:c5:1f:
        14:a6:df:43:1f:e0:17:aa:12:95:6d:ed:42:f4:02:5b:
        46:1c:77:79:77:82:97:d3:8a:c4:b0:0b:20:4a:bb:e2:
        0d:fe:31:75:2e:fd:9c:8c:6c:31:13:5d:03:62:5c:c5:
        dd:9c:bd:a5:a0:02:45:b5:0d:8f:9c:8f:88:99:9c:b7:
        14:5a:4d:b4:35:96:63:1b:d7:4f:9c:a8:4f:b6:74:3b
    Fingerprint (SHA-256):
        33:FF:DA:83:2B:9B:42:DE:09:C0:70:F2:09:3F:B9:E6:38:15:C6:83:A5:1F:08:39:4B:2B:F1:EA:CB:14:D9:81
    Fingerprint (SHA1):
        63:CD:4B:61:39:BB:4A:98:32:81:F5:2A:BB:82:3C:26:55:50:29:EF
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
dbtests.sh: #6054: Nicknane conflict test-setting nickname conflict was correctly rejected - PASSED
TIMESTAMP dbtests END: Tue Jun 28 18:24:15 UTC 2016
Running tests for tools
TIMESTAMP tools BEGIN: Tue Jun 28 18:24:15 UTC 2016
tools.sh: Tools Tests with ECC ===============================
tools.sh: Exporting Alice's email cert & key - default ciphers
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6055: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                d2:5a:94:0c:e5:f9:53:12:29:ca:65:95:48:9f:fc:61
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6056: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6057: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's email EC cert & key---------------
pk12util -o Alice-ec.p12 -n "Alice-ec" -d ../alicedir -k ../tests.pw \
         -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6058: Exporting Alice's email EC cert & key (pk12util -o)  - PASSED
tools.sh: Importing Alice's email EC cert & key --------------
pk12util -i Alice-ec.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6059: Importing Alice's email EC cert & key (pk12util -i)  - PASSED
tools.sh: Listing Alice's pk12 EC file -----------------
pk12util -l Alice-ec.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice-ec
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f7:c0:e2:60:b6:50:a7:53:2f:82:98:57:77:5e:23:83
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 18:14:45 2016
            Not After : Mon Jun 28 18:14:45 2066
        Subject: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Califor
            nia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:23
            EC Public Key:
                PublicValue:
                    04:00:f0:cd:53:f5:7f:7d:08:c3:2f:88:08:a5:5b:7d:
                    5e:4b:fc:9e:39:ff:bb:e4:df:4e:5c:6e:29:30:36:fb:
                    40:2b:08:fd:f4:65:24:23:ed:b3:8a:cd:f5:52:23:e8:
                    63:74:d5:01:34:6c:98:97:a5:1c:21:60:ee:24:3f:92:
                    be:44:79:01:f4:9c:c7:81:67:a1:c2:f0:92:65:80:54:
                    f1:4a:46:20:08:ad:dc:63:32:e0:e0:68:b3:ff:a4:51:
                    7e:9b:71:53:cc:14:4b:24:98:da:cd:ad:bd:b9:d2:0f:
                    27:c0:68:f7:7c:29:d5:3c:5a:66:8c:b6:96:00:85:ef:
                    20:67:9e:ed:8c
                Curve: SECG elliptic curve secp521r1 (aka NIST P-521)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:00:e1:d9:fa:35:a9:a9:06:d9:ca:79:
        08:4c:a4:4b:83:d0:fc:4d:1b:bd:9b:c0:7d:95:6c:3b:
        a0:d6:34:ce:51:d7:91:47:03:7c:71:1d:47:76:bf:63:
        57:19:b1:e3:fd:b2:81:be:2c:12:69:2f:55:85:34:17:
        8c:2f:cd:47:48:2c:9f:02:42:00:c4:08:ec:7d:55:3d:
        61:25:28:03:51:b6:63:95:16:06:e5:8a:58:ed:5d:59:
        f5:54:6a:1d:fb:af:a7:c7:ab:78:d5:d2:86:28:53:34:
        db:f7:a8:d9:56:8d:4f:eb:e4:5c:88:a5:e3:d2:1c:ea:
        b8:99:59:2e:64:0c:cd:be:b1:31:be
    Fingerprint (SHA-256):
        64:53:70:FF:FE:CA:E4:BB:19:12:97:44:4D:92:31:36:70:E5:D9:48:E3:EA:9F:46:2E:A9:F8:DA:27:E2:24:CD
    Fingerprint (SHA1):
        38:09:E8:B2:48:BA:18:FC:13:CC:09:B6:1F:75:D9:A6:98:A5:03:A4
    Friendly Name: TestCA-ec
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: X9.62 ECDSA signature with SHA-1
        Issuer: "CN=NSS Test CA (ECC),O=BOGUS NSS,L=Mountain View,ST=Californ
            ia,C=US"
        Validity:
            Not Before: Tue Jun 28 18:16:26 2016
            Not After : Mon Jun 28 18:16:26 2021
        Subject: "CN=Alice,E=Alice-ec@bogus.com,O=BOGUS NSS,L=Mountain View,S
            T=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: X9.62 elliptic curve public key
                Args:
                    06:05:2b:81:04:00:22
            EC Public Key:
                PublicValue:
                    04:4b:b9:77:de:72:c5:9c:d1:c5:4c:2d:29:a3:e8:e8:
                    aa:cc:61:d9:3d:75:ba:59:44:e4:1b:49:c2:5b:bf:12:
                    13:77:35:a9:6f:f1:51:62:e8:8b:3e:27:66:a8:e6:0e:
                    f4:c4:f6:cc:4b:59:97:36:ad:95:4d:79:bb:93:b6:36:
                    eb:33:df:47:0e:a3:34:0c:93:d6:3a:b0:78:17:e9:3e:
                    1d:7e:79:ab:c7:0c:ed:7e:4c:37:53:87:f4:a1:85:4a:
                    03
                Curve: SECG elliptic curve secp384r1 (aka NIST P-384)
    Signature Algorithm: X9.62 ECDSA signature with SHA-1
    Signature:
        30:81:88:02:42:01:44:e7:98:82:f6:24:f9:19:56:2d:
        df:32:f6:80:52:3d:54:01:c7:df:98:40:43:bd:2e:71:
        4e:a1:c2:83:2d:c4:da:44:aa:71:89:f7:e8:f0:46:19:
        19:3e:52:b6:8a:47:c4:2a:99:f1:c1:70:83:b3:3e:7a:
        f8:96:45:1d:51:7c:20:02:42:01:76:12:35:7d:ef:b6:
        64:2c:9c:86:c5:01:58:82:cf:5d:f4:30:08:c6:8e:75:
        23:ee:1e:d5:f2:eb:0c:38:78:53:7b:d0:2b:b5:7c:b7:
        a8:df:e9:6c:51:d4:82:d5:4b:f9:4d:84:93:0b:3f:60:
        9d:11:60:99:cf:1f:5d:5d:00:a9:1c
    Fingerprint (SHA-256):
        33:57:ED:46:E6:84:4E:93:1E:1B:9B:FB:75:C9:C0:A1:AB:67:53:F4:FA:60:54:6F:35:64:75:84:DA:48:78:B5
    Fingerprint (SHA1):
        C2:88:D5:29:2E:EB:E6:90:D5:3E:60:A0:9F:77:D3:5E:C1:66:BB:38
    Friendly Name: Alice-ec
tools.sh: #6060: Listing Alice's pk12 EC file (pk12util -l)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6061: Exporting with [RC2-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                38:40:e1:2b:49:65:f9:ec:8a:e9:9d:71:a1:bc:a3:ec
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6062: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6063: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6064: Exporting with [RC2-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                aa:a4:f4:99:3d:7c:e3:75:ff:05:82:2e:88:24:14:38
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6065: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6066: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c RC2-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6067: Exporting with [RC2-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 128 Bit RC2 CBC
        Parameters:
            Salt:
                19:f2:82:6d:1a:93:e4:fe:4c:8c:6f:d3:0b:c9:33:23
            Iteration Count: 2000 (0x7d0)
tools.sh: #6068: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6069: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6070: Exporting with [DES-EDE3-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                a8:de:6f:a4:b6:48:a5:40:78:13:f0:cd:b3:d3:f1:49
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6071: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6072: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6073: Exporting with [DES-EDE3-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                49:9d:c4:eb:74:5d:3c:1f:53:20:ce:ee:ec:95:89:85
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6074: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6075: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c DES-EDE3-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6076: Exporting with [DES-EDE3-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                3e:0f:2e:13:f2:c3:d5:af:11:0d:80:e3:22:9a:f3:27
            Iteration Count: 2000 (0x7d0)
tools.sh: #6077: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6078: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6079: Exporting with [AES-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        42:21:86:08:d3:48:7c:db:39:dc:ed:0a:b3:10:0d:09
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:79:32:3c:ee:d2:bd:00:a6:0f:68:df:64:cd:a2:
                    68:11
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6080: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6081: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6082: Exporting with [AES-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        3f:05:4d:27:2a:dc:2e:54:e1:3c:39:f9:33:8d:c5:d2
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:36:b1:b6:4d:70:a6:ff:71:8f:1c:03:68:ab:59:
                    9b:cc
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6083: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6084: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6085: Exporting with [AES-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        4c:da:a8:83:ec:dc:78:0b:28:a0:bd:40:3a:ca:92:09
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-128-CBC
                Args:
                    04:10:20:de:2f:37:69:05:ba:cb:fb:bb:4d:09:41:fa:
                    4d:ea
tools.sh: #6086: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6087: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6088: Exporting with [AES-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        fa:ec:fb:19:51:43:55:cd:3c:f7:ec:57:fb:58:aa:d6
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:dc:f5:aa:ff:02:56:c5:9d:75:a5:7d:b2:e5:5f:
                    e1:b7
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6089: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6090: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6091: Exporting with [AES-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        5f:58:3c:e3:5b:94:a7:b7:68:7d:c6:c4:7d:ad:cf:ba
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:7b:b0:43:43:a9:33:ca:99:18:8c:c1:a5:22:8c:
                    16:00
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6092: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6093: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6094: Exporting with [AES-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        3c:68:6f:b6:9c:00:a2:a0:a8:94:74:1a:78:89:1a:a8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-192-CBC
                Args:
                    04:10:c6:ee:fa:ef:be:96:3e:96:39:a0:5f:ba:de:ac:
                    a5:75
tools.sh: #6095: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6096: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6097: Exporting with [AES-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        89:e8:5e:9c:9a:7b:b2:f1:8b:57:e3:12:2c:70:ba:31
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:9f:15:54:7b:a5:81:f5:9c:22:04:aa:b7:ff:c5:
                    7f:1c
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6098: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6099: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6100: Exporting with [AES-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        69:2c:95:8b:88:c1:cf:ab:47:2f:1a:75:6d:26:72:bc
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:3b:36:09:20:5d:af:05:eb:3d:64:74:ba:42:ba:
                    94:4b
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6101: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6102: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c AES-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6103: Exporting with [AES-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        51:3f:69:13:aa:69:96:f5:c1:e1:d5:2b:86:fe:3d:f8
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: AES-256-CBC
                Args:
                    04:10:49:65:63:c6:da:be:8c:d6:30:54:fb:dc:a6:4b:
                    99:5e
tools.sh: #6104: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6105: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6106: Exporting with [CAMELLIA-128-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        25:35:d7:01:2e:6c:8c:6c:cb:30:48:b6:96:c4:6c:7c
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:36:6c:ab:3c:76:07:f9:aa:f8:7a:8d:17:e8:d3:
                    fc:6f
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6107: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6108: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6109: Exporting with [CAMELLIA-128-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        12:28:b3:1a:36:5c:25:b0:18:1a:49:93:84:22:e1:0c
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:0f:31:d2:99:4f:2a:f8:37:fa:2a:bc:0f:34:18:
                    c2:70
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6110: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6111: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-128-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6112: Exporting with [CAMELLIA-128-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        4a:5f:b6:ff:75:17:f9:7a:73:cf:1a:cb:10:f3:c0:ee
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-128-CBC
                Args:
                    04:10:97:bf:f4:ea:01:56:a2:2c:4c:3e:1c:8c:5d:f7:
                    8f:30
tools.sh: #6113: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6114: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6115: Exporting with [CAMELLIA-192-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        26:db:95:90:3b:8f:04:8d:b2:65:ac:0a:da:2e:3f:d9
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:f3:c3:d4:51:7d:02:ea:d7:69:07:17:5d:5d:c8:
                    78:84
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6116: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6117: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6118: Exporting with [CAMELLIA-192-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        15:92:cb:3e:ce:fe:0d:8c:3d:fa:4d:7e:24:f4:6f:71
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:81:99:56:7f:39:42:17:a1:65:08:c6:ce:07:fe:
                    ab:ce
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6119: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6120: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-192-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6121: Exporting with [CAMELLIA-192-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        88:e7:42:da:e6:8e:7e:4b:1f:f0:3e:41:88:23:5f:cc
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-192-CBC
                Args:
                    04:10:37:0b:3e:55:35:2c:73:33:14:33:60:06:e4:46:
                    9a:9b
tools.sh: #6122: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6123: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C RC2-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6124: Exporting with [CAMELLIA-256-CBC:RC2-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        cb:11:6a:39:1e:bc:b9:f0:f2:4d:a9:b7:c9:f3:13:49
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:7f:8d:bb:89:94:ba:d4:38:07:f9:ff:ef:f5:55:
                    06:90
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6125: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6126: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C DES-EDE3-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6127: Exporting with [CAMELLIA-256-CBC:DES-EDE3-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        7b:3b:f9:65:f9:73:9a:e1:0d:49:64:69:0f:a0:7a:b3
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:19:02:e3:53:11:ed:96:a7:5e:b7:7a:bb:89:17:
                    f7:da
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6128: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6129: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c CAMELLIA-256-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6130: Exporting with [CAMELLIA-256-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption v2 
        Encryption:
            KDF: PKCS #5 Password Based Key Dervive Function v2 
                Parameters:
                    Salt:
                        d7:a4:f8:59:bd:c0:13:35:2b:d9:9b:15:c6:02:19:b6
                    Iteration Count: 2000 (0x7d0)
                    Key Length: 32 (0x20)
                    KDF algorithm: HMAC SHA-1
            Cipher: CAMELLIA-256-CBC
                Args:
                    04:10:93:41:57:db:7c:6a:98:5f:b4:97:1d:a1:46:00:
                    cb:24
tools.sh: #6131: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6132: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6133: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                f1:bd:76:cc:ac:2e:12:a8:9f:32:51:49:73:b8:ff:ab
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6134: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6135: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6136: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                14:b1:4a:28:42:b2:71:35:81:38:4c:4d:be:dd:f1:d4
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6137: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6138: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6139: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                d8:ed:63:d3:4d:56:f4:07:f1:c0:6d:c0:20:57:56:64
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6140: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6141: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6142: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                ed:5b:74:2d:b2:dd:79:88:9e:0a:22:73:c3:f7:68:1d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6143: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6144: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD2 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6145: Exporting with [PKCS #5 Password Based Encryption with MD2 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD2 and DES-CBC
        Parameters:
            Salt:
                2e:cd:5b:38:83:c8:eb:86:a0:74:7e:31:23:35:e7:c3
            Iteration Count: 2000 (0x7d0)
tools.sh: #6146: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6147: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6148: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                33:88:5c:a8:66:c9:1c:0b:71:2b:4d:bf:d5:ed:43:fb
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6149: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6150: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6151: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                6a:f0:70:7f:5e:11:86:db:6e:26:96:65:af:9f:4c:3f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6152: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6153: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6154: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                ad:b3:3c:d1:29:09:f8:df:2e:8a:85:6b:6c:a0:20:1d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6155: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6156: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6157: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                c4:8f:f7:93:7b:68:3a:6c:d9:b1:6d:74:fe:5c:0f:62
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6158: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6159: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with MD5 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6160: Exporting with [PKCS #5 Password Based Encryption with MD5 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with MD5 and DES-CBC
        Parameters:
            Salt:
                0c:61:05:fb:ab:ae:ed:56:ed:50:69:3b:20:ac:d1:83
            Iteration Count: 2000 (0x7d0)
tools.sh: #6161: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6162: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6163: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                12:d0:38:9a:d9:06:70:8c:1b:c9:4a:e7:11:48:23:26
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6164: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6165: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6166: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                3b:e9:23:47:8c:c3:4c:e7:89:64:39:e4:0a:a8:54:dc
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6167: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6168: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6169: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                cf:dd:55:14:1a:0e:70:66:bf:88:68:e5:1d:c1:58:82
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6170: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6171: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6172: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                5e:7e:65:3c:57:51:4c:05:bc:c7:2d:04:93:26:00:5f
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6173: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6174: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c PKCS #5 Password Based Encryption with SHA-1 and DES-CBC -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6175: Exporting with [PKCS #5 Password Based Encryption with SHA-1 and DES-CBC:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
        Parameters:
            Salt:
                d6:87:76:92:59:83:d7:80:1a:b2:a8:b0:74:e0:1a:74
            Iteration Count: 2000 (0x7d0)
tools.sh: #6176: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6177: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD2 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6178: Exporting with [default:PKCS #5 Password Based Encryption with MD2 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                ca:c8:56:65:ba:75:5a:4d:b1:12:65:ce:5e:8c:87:0c
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6179: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6180: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with MD5 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6181: Exporting with [default:PKCS #5 Password Based Encryption with MD5 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                b2:d2:16:00:d5:b4:30:cc:46:a4:77:af:82:c2:92:d5
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6182: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6183: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C PKCS #5 Password Based Encryption with SHA-1 and DES-CBC
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6184: Exporting with [default:PKCS #5 Password Based Encryption with SHA-1 and DES-CBC] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                2a:92:c7:c3:dd:bc:15:ad:99:7b:e2:1c:ea:76:94:55
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6185: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6186: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6187: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                7c:b7:3b:62:c0:16:6c:34:4e:fa:b9:32:ac:65:78:e9
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6188: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6189: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting with [default:null]
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6190: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                a5:c7:e1:29:a0:06:38:44:1f:16:97:84:5d:0b:5a:ef
            Iteration Count: 2000 (0x7d0)
tools.sh: #6191: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6192: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6193: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                d2:4d:8e:5e:44:b9:ad:38:a3:23:a9:84:a8:5c:ea:b2
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6194: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6195: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6196: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                df:24:e6:7d:be:71:dd:d5:b9:db:0b:bf:0a:cd:4c:8a
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6197: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6198: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6199: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                45:db:27:c6:54:76:5a:6d:67:9a:b0:e1:85:98:64:7d
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6200: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6201: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6202: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                d1:59:49:fb:2f:19:db:be:10:78:cb:27:e8:1c:19:ba
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6203: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6204: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6205: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                4b:be:82:3d:83:b3:33:c5:e6:59:e7:e1:3b:02:b9:96
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6206: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6207: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6208: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                27:b6:8c:9a:46:30:34:04:fc:79:70:5a:68:6d:11:4b
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6209: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6210: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6211: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                93:3d:86:6f:62:24:26:5e:af:af:de:f5:b4:2d:7e:be
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6212: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6213: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6214: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                d8:76:03:58:f1:fe:0a:f3:fd:6e:57:ab:96:9c:82:65
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6215: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6216: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6217: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                5c:5c:19:94:e8:89:69:81:48:20:69:50:c3:7a:6d:e3
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6218: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6219: Importing Alice.p12 (pk12util -i)  - PASSED
tools.sh: Exporting Alice's key & cert with [default:default] (pk12util -o)
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6220: Exporting Alices's key & cert with [default:default] (pk12util -o)  - PASSED
tools.sh: Listing Alice's pk12 file
pk12util -l Alice.p12 -w ../tests.pw
Key(shrouded):
    Friendly Name: Alice
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                e5:b3:69:1e:32:42:1f:e1:a8:68:8e:b2:ef:0e:d0:75
            Iteration Count: 2000 (0x7d0)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:13:59 2016
            Not After : Mon Jun 28 18:13:59 2066
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b8:e2:5b:1e:29:ae:89:f9:21:e2:54:88:b3:cd:50:cd:
                    70:0f:72:90:c3:69:64:0f:7c:7f:92:f5:7e:de:80:f8:
                    e8:79:7a:38:f9:d9:2f:99:a9:6f:1c:24:c1:8f:9e:58:
                    1b:17:85:40:49:0d:05:da:10:61:d4:a8:c9:a9:e9:95:
                    c8:1b:09:b2:cd:7a:6c:bc:54:fe:2d:c0:5f:0c:cd:a2:
                    71:5c:49:f5:fd:71:dd:2a:fb:59:c7:4e:96:39:a4:f5:
                    08:f8:68:10:4c:6d:ad:c8:0f:e1:38:d8:44:29:0f:81:
                    d8:74:1e:2a:cd:eb:f9:bb:b5:1f:86:11:7b:52:e5:f3:
                    0f:67:f5:c2:96:a5:5e:b0:04:c2:0f:9b:8b:1b:25:c0:
                    76:9e:82:7c:7f:77:48:73:59:6c:16:09:61:aa:46:d8:
                    f9:18:9b:fd:91:8a:92:14:90:85:09:0a:c2:3d:ac:78:
                    9e:e2:da:d3:3a:a5:db:5c:d8:45:d1:19:2d:88:3f:cf:
                    32:c1:36:dd:e4:cb:ab:96:82:ff:a7:17:c6:b1:f6:b3:
                    45:e4:87:ac:75:d4:2f:f2:15:6e:3a:53:68:c6:79:05:
                    ab:85:0a:fb:ce:11:03:71:09:31:61:d7:57:01:16:02:
                    92:08:34:94:a2:f9:1d:58:86:d0:8a:45:ad:cf:67:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1f:aa:8c:01:a5:83:c3:61:3a:ec:31:3c:0c:d3:25:b4:
        d3:43:15:8a:0f:e3:72:d7:b5:1d:97:d7:6e:5c:e3:77:
        2d:98:42:28:fb:89:14:70:36:da:bf:dd:e5:aa:75:86:
        b6:c3:bd:36:5a:bc:84:e0:74:db:48:38:ce:b3:9a:8c:
        77:dd:ad:ce:35:97:c2:f5:25:fb:50:cd:9e:74:a7:01:
        f6:c8:e8:2c:52:e7:a4:dd:e0:2b:17:8b:b2:43:3e:2b:
        a5:55:d8:a4:88:e7:82:1f:b8:76:f0:22:c9:c0:ca:e0:
        2d:65:7e:7b:34:da:e3:7d:3a:26:fb:3b:74:f8:63:cc:
        5a:68:26:74:a0:53:a8:e8:47:f9:5b:8b:09:ea:85:b3:
        86:e3:12:93:c0:77:b3:95:ab:f7:ac:ad:09:52:b9:52:
        4e:7e:24:97:0a:01:ca:8a:36:9b:47:3a:62:2c:33:b3:
        f8:ae:0a:b3:9c:44:82:f1:ea:87:5e:f9:ac:b5:22:6b:
        6d:79:85:69:78:b0:7b:55:12:43:00:bd:a4:a0:48:11:
        fb:90:26:a8:39:cb:08:f5:0a:4f:ca:68:d6:77:a4:a0:
        17:51:52:2f:52:5e:77:f5:12:48:b4:1c:5e:a7:f2:5a:
        62:a1:2f:bd:31:a0:ba:12:d9:d4:bd:81:c1:e1:9c:28
    Fingerprint (SHA-256):
        61:EB:5E:1C:87:16:56:30:B9:17:87:DC:F7:52:CF:12:4C:D2:97:AF:05:22:89:B3:CB:FC:55:49:4E:D0:50:D9
    Fingerprint (SHA1):
        B8:35:4C:DF:3C:00:F1:4D:D5:49:B3:2D:AC:92:C5:4C:CD:C8:BE:A5
    Friendly Name: TestCA
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:16:22 2016
            Not After : Mon Jun 28 18:16:22 2021
        Subject: "CN=Alice,E=Alice@bogus.com,O=BOGUS NSS,L=Mountain View,ST=C
            alifornia,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ad:04:9b:16:61:32:a6:8f:a4:82:d5:51:10:65:6f:6f:
                    00:b9:44:2f:c7:33:40:f6:ba:04:92:e2:cb:ca:ce:51:
                    5b:04:24:ff:60:21:f0:d0:7b:d9:43:c0:d1:72:7c:67:
                    5a:7e:f4:99:f2:59:c4:10:ae:4e:1c:5f:fe:17:97:4b:
                    7a:47:54:67:e8:27:49:2c:ac:01:50:d5:cb:14:cd:9a:
                    65:9a:9f:fa:25:51:94:ed:ae:22:3b:64:b5:11:f1:eb:
                    83:d3:1d:45:12:12:7c:fa:60:71:da:e1:77:4e:16:26:
                    18:ef:ab:4e:01:b3:c1:8f:cd:5f:73:92:b2:20:b2:0b:
                    14:8b:8f:43:9d:9b:81:f6:98:ea:3b:ee:06:35:a6:95:
                    a0:28:db:b1:13:90:75:74:90:95:06:44:d9:b8:1c:3a:
                    f4:68:0f:43:5d:f9:2c:73:3a:82:41:90:43:28:11:18:
                    44:b1:b1:c8:a7:ad:27:33:7c:47:6c:44:af:50:ac:53:
                    b8:c4:e2:b9:0e:32:96:e0:91:78:1c:fb:3d:42:ae:e5:
                    c1:31:f3:0f:bf:f7:c4:21:93:dc:e6:5b:79:04:ee:64:
                    5f:7c:73:c7:a8:db:14:5a:be:df:3a:d8:d2:94:80:c2:
                    d4:f5:fa:e2:87:47:12:a0:21:d0:8b:5d:cd:ea:3f:1f
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:58:eb:65:1b:97:df:66:62:a4:44:b1:50:dd:77:44:
        68:39:e2:79:6d:b1:1d:e5:df:36:0d:e8:72:ab:7b:5f:
        ef:35:aa:db:d3:a7:b1:9b:17:9b:ab:65:64:aa:a1:75:
        88:84:27:6d:be:47:ef:a9:f0:4a:62:f5:3e:80:85:e9:
        58:ab:84:eb:e9:5c:77:0f:39:1b:cf:b9:9d:84:88:71:
        d9:61:51:bc:89:d0:35:3e:a4:51:5a:14:67:75:83:7e:
        84:62:37:2d:a0:96:33:90:eb:2f:2a:1e:e3:b3:47:e6:
        9a:82:f6:a1:5c:7a:fb:59:48:e1:81:2a:73:40:ba:e9:
        02:ad:41:d3:6d:dd:52:f2:30:ed:c2:aa:ea:1e:cd:45:
        5a:ed:98:46:f1:e0:06:7c:eb:73:cd:22:59:a4:7c:77:
        f8:00:b1:05:6a:5e:8e:73:8f:71:3a:13:f6:04:ec:5a:
        a6:ee:d9:9c:63:cc:00:fa:63:17:d9:71:7a:bb:ec:cf:
        8c:55:38:d5:d7:00:60:6a:ec:e1:c7:b5:d4:a4:9f:76:
        36:b1:9f:93:be:12:c0:bd:61:b5:3d:e5:71:13:58:89:
        50:e3:e2:ce:7f:0a:0a:86:43:36:96:32:3b:42:0e:35:
        c1:33:fb:67:fb:74:14:af:85:0e:0e:cd:43:66:07:dc
    Fingerprint (SHA-256):
        C4:44:5A:A4:E2:7C:51:CA:EA:6F:48:A1:EC:B2:A2:37:F3:27:5F:53:A0:AD:C1:5B:8C:39:C1:6B:86:AE:D2:62
    Fingerprint (SHA1):
        EA:53:52:A2:87:D5:EB:BE:F1:57:00:7D:A5:ED:55:7E:70:05:33:C4
    Friendly Name: Alice
tools.sh: #6221: Listing Alice.p12 (pk12util -l)  - PASSED
tools.sh: Importing Alice's pk12 Alice.p12 file
pk12util -i Alice.p12 -d ../tools/copydir -k ../tests.pw -w ../tests.pw
pk12util: PKCS12 IMPORT SUCCESSFUL
tools.sh: #6222: Importing Alice.p12 (pk12util -i)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -c null
pk12util: Algorithm: "null": SEC_ERROR_INVALID_ALGORITHM: security library: invalid algorithm.
tools.sh: #6223: Exporting with [null:default] (pk12util -o)  - PASSED
pk12util -o Alice.p12 -n "Alice" -d ../alicedir \
         -k ../tests.pw -w ../tests.pw -C null
pk12util: PKCS12 EXPORT SUCCESSFUL
tools.sh: #6224: Exporting with [default:null] (pk12util -o)  - PASSED
tools.sh: Create objsign cert -------------------------------
signtool -G "objectsigner" -d ../tools/signdir -p "nss"
WARNING: Performing this operation while the browser is running could cause
corruption of your security databases. If the browser is currently running,
you should exit the browser before continuing this operation. Enter 
"y" to continue, or anything else to abort: 
Enter certificate information.  All fields are optional. Acceptable
characters are numbers, letters, spaces, and apostrophes.
certificate common name: organization: organization unit: state or province: country (must be exactly 2 characters): username: email address: generated public/private key pair
certificate request generated
certificate has been signed
certificate "objsigner" added to database
Exported certificate to x509.raw and x509.cacert.
tools.sh: #6225: Create objsign cert (signtool -G)  - PASSED
tools.sh: Signing a jar of files ----------------------------
signtool -Z nojs.jar -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
adding ../tools/html/signjs.html to nojs.jar...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.jar...(deflated 26%)
Generating zigbert.sf file..
adding ../tools/html/META-INF/manifest.mf to nojs.jar...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.jar...(deflated 37%)
adding ../tools/html/META-INF/zigbert.rsa to nojs.jar...(deflated 32%)
tree "../tools/html" signed successfully
tools.sh: #6226: Signing a jar of files (signtool -Z)  - PASSED
tools.sh: Listing signed files in jar ----------------------
signtool -v nojs.jar -d ../tools/signdir -p nss -k objsigner
archive "nojs.jar" has passed crypto verification.
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
found a RSA signature file: META-INF/zigbert.rsa
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #6227: Listing signed files in jar (signtool -v)  - PASSED
tools.sh: Show who signed jar ------------------------------
signtool -w nojs.jar -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #6228: Show who signed jar (signtool -w)  - PASSED
tools.sh: Signing a xpi of files ----------------------------
signtool -Z nojs.xpi -X -d ../tools/signdir -p "nss" -k objsigner \
         ../tools/html
Generating ../tools/html/META-INF/manifest.mf file..
--> signjs.html
--> sign.html
Generating zigbert.sf file..
Creating XPI Compatible Archive 
adding ../tools/html/META-INF/zigbert.rsa to nojs.xpi...(deflated 32%)
--> signjs.html
adding ../tools/html/signjs.html to nojs.xpi...(deflated 28%)
--> sign.html
adding ../tools/html/sign.html to nojs.xpi...(deflated 26%)
adding ../tools/html/META-INF/manifest.mf to nojs.xpi...(deflated 29%)
adding ../tools/html/META-INF/zigbert.sf to nojs.xpi...(deflated 37%)
tree "../tools/html" signed successfully
tools.sh: #6229: Signing a xpi of files (signtool -Z -X)  - PASSED
tools.sh: Listing signed files in xpi ----------------------
signtool -v nojs.xpi -d ../tools/signdir -p nss -k objsigner
archive "nojs.xpi" has passed crypto verification.
found a RSA signature file: META-INF/zigbert.rsa
found a MF master manifest file: META-INF/manifest.mf
found a SF signature manifest file: META-INF/zigbert.sf
  md5 digest on global metainfo: match
  sha digest on global metainfo: match
          status   path
    ------------   -------------------
        verified   signjs.html
        verified   sign.html
tools.sh: #6230: Listing signed files in xpi (signtool -v)  - PASSED
tools.sh: Show who signed xpi ------------------------------
signtool -w nojs.xpi -d ../tools/signdir
Signer information:
nickname: objsigner
subject name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
issuer name: CN=TEST,O=MOZ,OU=NSS,ST=NY,C=US,UID=liz,E=liz@moz.org
tools.sh: #6231: Show who signed xpi (signtool -w)  - PASSED
TIMESTAMP tools END: Tue Jun 28 18:25:22 UTC 2016
Running tests for fips
TIMESTAMP fips BEGIN: Tue Jun 28 18:25:23 UTC 2016
fips.sh: FIPS 140 Compliance Tests ===============================
fips.sh: Verify this module is in FIPS mode  -----------------
modutil -dbdir ../fips -list
Listing of PKCS #11 Modules
-----------------------------------------------------------
  1. NSS Internal FIPS PKCS #11 Module
	 slots: 1 slot attached
	status: loaded
	 slot: NSS FIPS 140-2 User Private Key Services
	token: NSS FIPS 140-2 Certificate DB
  2. RootCerts
	library name: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so
	 slots: 1 slot attached
	status: loaded
	 slot: NSS Builtin Objects
	token: Builtin Object Token
-----------------------------------------------------------
FIPS mode enabled.
fips.sh: #6232: Verify this module is in FIPS mode (modutil -chkfips true) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #6233: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys -------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      baf472a6f61e66ab4b632c9a42f7f76fe4bf86d8   NSS FIPS 140-2 Certificate DB:FIPS_PUB_140_Test_Certificate
fips.sh: #6234: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Attempt to list FIPS module keys with incorrect password
certutil -d ../fips -K -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.fipsbadpw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS FIPS 140-2 Certificate DB.: SEC_ERROR_BAD_PASSWORD: The security password entered is incorrect.
fips.sh: #6235: Attempt to list FIPS module keys with incorrect password (certutil -K) . - PASSED
certutil -K returned 255
fips.sh: Validate the certificate --------------------------
certutil -d ../fips -V -n FIPS_PUB_140_Test_Certificate -u SR -e -f ../tests.fipspw
certutil: certificate is valid
fips.sh: #6236: Validate the certificate (certutil -V -e) . - PASSED
fips.sh: Export the certificate and key as a PKCS#12 file --
pk12util -d ../fips -o fips140.p12 -n FIPS_PUB_140_Test_Certificate -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 EXPORT SUCCESSFUL
fips.sh: #6237: Export the certificate and key as a PKCS#12 file (pk12util -o) . - PASSED
fips.sh: Export the certificate as a DER-encoded file ------
certutil -d ../fips -L -n FIPS_PUB_140_Test_Certificate -r -o fips140.crt
fips.sh: #6238: Export the certificate as a DER (certutil -L -r) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                Cu,Cu,Cu
fips.sh: #6239: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Delete the certificate and key from the FIPS module
certutil -d ../fips -F -n FIPS_PUB_140_Test_Certificate -f ../tests.fipspw
fips.sh: #6240: Delete the certificate and key from the FIPS module (certutil -F) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #6241: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys.
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
certutil: no keys found
fips.sh: #6242: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #6243: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #6244: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      baf472a6f61e66ab4b632c9a42f7f76fe4bf86d8   FIPS_PUB_140_Test_Certificate
fips.sh: #6245: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Delete the certificate from the FIPS module
certutil -d ../fips -D -n FIPS_PUB_140_Test_Certificate
fips.sh: #6246: Delete the certificate from the FIPS module (certutil -D) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
fips.sh: #6247: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: Import the certificate and key from the PKCS#12 file
pk12util -d ../fips -i fips140.p12 -w ../tests.fipsp12pw -k ../tests.fipspw
pk12util: PKCS12 IMPORT SUCCESSFUL
fips.sh: #6248: Import the certificate and key from the PKCS#12 file (pk12util -i) . - PASSED
fips.sh: List the FIPS module certificates -----------------
certutil -d ../fips -L
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
FIPS_PUB_140_Test_Certificate                                u,u,u
fips.sh: #6249: List the FIPS module certificates (certutil -L) . - PASSED
fips.sh: List the FIPS module keys --------------------------
certutil -d ../fips -K -f ../tests.fipspw
certutil: Checking token "NSS FIPS 140-2 Certificate DB" in slot "NSS FIPS 140-2 User Private Key Services"
< 0> dsa      baf472a6f61e66ab4b632c9a42f7f76fe4bf86d8   FIPS_PUB_140_Test_Certificate
fips.sh: #6250: List the FIPS module keys (certutil -K) . - PASSED
fips.sh: Run PK11MODE in FIPSMODE  -----------------
pk11mode -d ../fips -p fips- -f ../tests.fipspw
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
Loaded FC_GetFunctionList for FIPS MODE; slotID 0 
**** Total number of TESTS ran in FIPS MODE is 106. ****
**** ALL TESTS PASSED ****
fips.sh: #6251: Run PK11MODE in FIPS mode (pk11mode) . - PASSED
fips.sh: Run PK11MODE in Non FIPSMODE  -----------------
pk11mode -d ../fips -p nonfips- -f ../tests.fipspw -n
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
loaded C_GetFunctionList for NON FIPS MODE; slotID 1 
**** Total number of TESTS ran in NON FIPS MODE is 104. ****
**** ALL TESTS PASSED ****
fips.sh: #6252: Run PK11MODE in Non FIPS mode (pk11mode -n) . - PASSED
mkdir /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcertdb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcerthi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcrmf.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libcryptohi.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libdbm.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libgtest1.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libjar.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnss3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssb.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckbi.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssckfw.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnssdev.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsspki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libnsssysinit.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpk11wrap.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs12.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkcs7.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcertsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixchecker.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixcrlsel.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixmodule.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixparams.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixpki.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixresults.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixstore.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixsystem.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixtop.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libpkixutil.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsectool.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libsmime3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl.a /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
cp /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/lib/libssl3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
fips.sh: Detect mangled softoken--------------------------
mangling /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so
mangle -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle/libsoftokn3.so -o -8 -b 5
cp /usr/lib/libsoftokn3.so /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle
Changing byte 0x00033e94 (212628): from 01 (1) to 21 (33)
LD_LIBRARY_PATH=/builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/fips/mangle dbtest -r -d ../fips
fips.sh: #6253: Init NSS with a corrupted library (dbtest -r) . - PASSED
fips.sh done
TIMESTAMP fips END: Tue Jun 28 18:26:22 UTC 2016
Running tests for crmf
TIMESTAMP crmf BEGIN: Tue Jun 28 18:26:22 UTC 2016
crmf.sh: CRMF/CMMF Tests ===============================
crmf.sh: CRMF/CMMF Tests ------------------------------
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss crmf decode
crmftest v1.0
Generating CRMF request
Decoding CRMF request
crmftest: Processing cert request 0
crmftest: Processing cert request 1
Exiting successfully!!!
crmf.sh: #6254: CRMF test . - PASSED
crmftest -d ../bobdir -p Bob -e dave@bogus.com -s TestCA -P nss cmmf
crmftest v1.0
Doing CMMF Stuff
Exiting successfully!!!
crmf.sh: #6255: CMMF test . - PASSED
TIMESTAMP crmf END: Tue Jun 28 18:26:22 UTC 2016
Running tests for smime
TIMESTAMP smime BEGIN: Tue Jun 28 18:26:22 UTC 2016
smime.sh: S/MIME Tests with ECC ===============================
smime.sh: Signing Detached Message {SHA1} ------------------
cmsutil -S -T -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA1
smime.sh: #6256: Create Detached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6257: Verifying Alice's Detached Signature (SHA1) . - PASSED
smime.sh: Signing Attached Message (SHA1) ------------------
cmsutil -S -N Alice -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA1
smime.sh: #6258: Create Attached Signature Alice (SHA1) . - PASSED
cmsutil -D -i alice.sig.SHA1 -d ../bobdir -o alice.data.SHA1
smime.sh: #6259: Decode Alice's Attached Signature (SHA1) . - PASSED
diff alice.txt alice.data.SHA1
smime.sh: #6260: Compare Attached Signed Data and Original (SHA1) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA1} ------------------
cmsutil -S -T -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA1
smime.sh: #6261: Create Detached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA1 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6262: Verifying Alice's Detached Signature (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA1) ------------------
cmsutil -S -N Alice-ec -H SHA1 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA1
smime.sh: #6263: Create Attached Signature Alice (ECDSA w/ SHA1) . - PASSED
cmsutil -D -i alice-ec.sig.SHA1 -d ../bobdir -o alice-ec.data.SHA1
smime.sh: #6264: Decode Alice's Attached Signature (ECDSA w/ SHA1) . - PASSED
diff alice.txt alice-ec.data.SHA1
smime.sh: #6265: Compare Attached Signed Data and Original (ECDSA w/ SHA1) . - PASSED
smime.sh: Signing Detached Message {SHA256} ------------------
cmsutil -S -T -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA256
smime.sh: #6266: Create Detached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6267: Verifying Alice's Detached Signature (SHA256) . - PASSED
smime.sh: Signing Attached Message (SHA256) ------------------
cmsutil -S -N Alice -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA256
smime.sh: #6268: Create Attached Signature Alice (SHA256) . - PASSED
cmsutil -D -i alice.sig.SHA256 -d ../bobdir -o alice.data.SHA256
smime.sh: #6269: Decode Alice's Attached Signature (SHA256) . - PASSED
diff alice.txt alice.data.SHA256
smime.sh: #6270: Compare Attached Signed Data and Original (SHA256) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA256} ------------------
cmsutil -S -T -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA256
smime.sh: #6271: Create Detached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA256 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6272: Verifying Alice's Detached Signature (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA256) ------------------
cmsutil -S -N Alice-ec -H SHA256 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA256
smime.sh: #6273: Create Attached Signature Alice (ECDSA w/ SHA256) . - PASSED
cmsutil -D -i alice-ec.sig.SHA256 -d ../bobdir -o alice-ec.data.SHA256
smime.sh: #6274: Decode Alice's Attached Signature (ECDSA w/ SHA256) . - PASSED
diff alice.txt alice-ec.data.SHA256
smime.sh: #6275: Compare Attached Signed Data and Original (ECDSA w/ SHA256) . - PASSED
smime.sh: Signing Detached Message {SHA384} ------------------
cmsutil -S -T -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA384
smime.sh: #6276: Create Detached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6277: Verifying Alice's Detached Signature (SHA384) . - PASSED
smime.sh: Signing Attached Message (SHA384) ------------------
cmsutil -S -N Alice -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA384
smime.sh: #6278: Create Attached Signature Alice (SHA384) . - PASSED
cmsutil -D -i alice.sig.SHA384 -d ../bobdir -o alice.data.SHA384
smime.sh: #6279: Decode Alice's Attached Signature (SHA384) . - PASSED
diff alice.txt alice.data.SHA384
smime.sh: #6280: Compare Attached Signed Data and Original (SHA384) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA384} ------------------
cmsutil -S -T -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA384
smime.sh: #6281: Create Detached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA384 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6282: Verifying Alice's Detached Signature (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA384) ------------------
cmsutil -S -N Alice-ec -H SHA384 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA384
smime.sh: #6283: Create Attached Signature Alice (ECDSA w/ SHA384) . - PASSED
cmsutil -D -i alice-ec.sig.SHA384 -d ../bobdir -o alice-ec.data.SHA384
smime.sh: #6284: Decode Alice's Attached Signature (ECDSA w/ SHA384) . - PASSED
diff alice.txt alice-ec.data.SHA384
smime.sh: #6285: Compare Attached Signed Data and Original (ECDSA w/ SHA384) . - PASSED
smime.sh: Signing Detached Message {SHA512} ------------------
cmsutil -S -T -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.dsig.SHA512
smime.sh: #6286: Create Detached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6287: Verifying Alice's Detached Signature (SHA512) . - PASSED
smime.sh: Signing Attached Message (SHA512) ------------------
cmsutil -S -N Alice -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice.sig.SHA512
smime.sh: #6288: Create Attached Signature Alice (SHA512) . - PASSED
cmsutil -D -i alice.sig.SHA512 -d ../bobdir -o alice.data.SHA512
smime.sh: #6289: Decode Alice's Attached Signature (SHA512) . - PASSED
diff alice.txt alice.data.SHA512
smime.sh: #6290: Compare Attached Signed Data and Original (SHA512) . - PASSED
smime.sh: Signing Detached Message ECDSA w/ {SHA512} ------------------
cmsutil -S -T -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.dsig.SHA512
smime.sh: #6291: Create Detached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.dsig.SHA512 -c alice.txt -d ../bobdir 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
smime.sh: #6292: Verifying Alice's Detached Signature (ECDSA w/ SHA512) . - PASSED
smime.sh: Signing Attached Message (ECDSA w/ SHA512) ------------------
cmsutil -S -N Alice-ec -H SHA512 -i alice.txt -d ../alicedir -p nss -o alice-ec.sig.SHA512
smime.sh: #6293: Create Attached Signature Alice (ECDSA w/ SHA512) . - PASSED
cmsutil -D -i alice-ec.sig.SHA512 -d ../bobdir -o alice-ec.data.SHA512
smime.sh: #6294: Decode Alice's Attached Signature (ECDSA w/ SHA512) . - PASSED
diff alice.txt alice-ec.data.SHA512
smime.sh: #6295: Compare Attached Signed Data and Original (ECDSA w/ SHA512) . - PASSED
smime.sh: Enveloped Data Tests ------------------------------
cmsutil -E -r bob@bogus.com -i alice.txt -d ../alicedir -p nss \
        -o alice.env
smime.sh: #6296: Create Enveloped Data Alice . - PASSED
cmsutil -D -i alice.env -d ../bobdir -p nss -o alice.data1
smime.sh: #6297: Decode Enveloped Data Alice . - PASSED
diff alice.txt alice.data1
smime.sh: #6298: Compare Decoded Enveloped Data and Original . - PASSED
smime.sh: Testing multiple recipients ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o alicecc.env \
        -r bob@bogus.com,dave@bogus.com
smime.sh: #6299: Create Multiple Recipients Enveloped Data Alice . - PASSED
smime.sh: Testing multiple email addrs ------------------------------
cmsutil -E -i alice.txt -d ../alicedir -o aliceve.env \
        -r eve@bogus.net
smime.sh: #6300: Encrypt to a Multiple Email cert . - PASSED
cmsutil -D -i alicecc.env -d ../bobdir -p nss -o alice.data2
smime.sh: #6301: Decode Multiple Recipients Enveloped Data Alice by Bob . - PASSED
cmsutil -D -i alicecc.env -d ../dave -p nss -o alice.data3
smime.sh: #6302: Decode Multiple Recipients Enveloped Data Alice by Dave . - PASSED
cmsutil -D -i aliceve.env -d ../eve -p nss -o alice.data4
smime.sh: #6303: Decrypt with a Multiple Email cert . - PASSED
smime.sh: #6304: Compare Decoded Mult. Recipients Enveloped Data Alice/Bob . - PASSED
smime.sh: #6305: Compare Decoded Mult. Recipients Enveloped Data Alice/Dave . - PASSED
smime.sh: #6306: Compare Decoded with Multiple Email cert . - PASSED
smime.sh: Sending CERTS-ONLY Message ------------------------------
cmsutil -O -r "Alice,bob@bogus.com,dave@bogus.com" \
        -d ../alicedir > co.der
smime.sh: #6307: Create Certs-Only Alice . - PASSED
cmsutil -D -i co.der -d ../bobdir
smime.sh: #6308: Verify Certs-Only by CA . - PASSED
smime.sh: Encrypted-Data Message ---------------------------------
cmsutil -C -i alice.txt -e alicehello.env -d ../alicedir \
        -r "bob@bogus.com" > alice.enc
smime.sh: #6309: Create Encrypted-Data . - PASSED
cmsutil -D -i alice.enc -d ../bobdir -e alicehello.env -p nss \
        -o alice.data2
smime.sh: #6310: Decode Encrypted-Data . - PASSED
smime.sh: #6311: Compare Decoded and Original Data . - PASSED
smime.sh: p7 util Data Tests ------------------------------
p7env -d ../alicedir -r Alice -i alice.txt -o alice_p7.env
smime.sh: #6312: Creating envelope for user Alice . - PASSED
p7content -d ../alicedir -i alice.env -o alice_p7.data
smime.sh: #6313: Verifying file delivered to user Alice . - PASSED
diff alice.txt alice_p7.data.sed
smime.sh: #6314: Compare Decoded Enveloped Data and Original . - PASSED
p7sign -d ../alicedir -k Alice -i alice.txt -o alice.sig -p nss -e
smime.sh: #6315: Signing file for user Alice . - PASSED
p7verify -d ../alicedir -c alice.txt -s alice.sig
Signature is valid.
smime.sh: #6316: Verifying file delivered to user Alice . - PASSED
TIMESTAMP smime END: Tue Jun 28 18:26:34 UTC 2016
Running tests for ssl
TIMESTAMP ssl BEGIN: Tue Jun 28 18:26:34 UTC 2016
./ssl.sh: line 306: syntax error near unexpected token `('
./ssl.sh: line 306: `            echo "exp/ssl2/ssl3 test should fail: (NSS_NO_SSL2,EXP,SSL2,SSL3)=(${NSS_NO_SSL2},${EXP},${SSL2},${SSL3})"'
TIMESTAMP ssl END: Tue Jun 28 18:26:34 UTC 2016
Running tests for merge
TIMESTAMP merge BEGIN: Tue Jun 28 18:26:34 UTC 2016
sdr.sh: SDR Tests ===============================
sdr.sh: Creating an SDR key/SDR Encrypt - Value 1
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v1.14577 -t "Test1"
sdr.sh: #6317: Creating SDR Key/Encrypt - Value 1  - PASSED
sdr.sh: SDR Encrypt - Value 2
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v2.14577 -t "The quick brown fox jumped over the lazy dog"
sdr.sh: #6318: Encrypt - Value 2  - PASSED
sdr.sh: SDR Encrypt - Value 3
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v3.14577 -t "1234567"
sdr.sh: #6319: Encrypt - Value 3  - PASSED
sdr.sh: SDR Decrypt - Value 1
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v1.14577 -t "Test1"
sdr.sh: #6320: Decrypt - Value 1  - PASSED
sdr.sh: SDR Decrypt - Value 2
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v2.14577 -t "The quick brown fox jumped over the lazy dog"
sdr.sh: #6321: Decrypt - Value 2  - PASSED
sdr.sh: SDR Decrypt - Value 3
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v3.14577 -t "1234567"
sdr.sh: #6322: Decrypt - Value 3  - PASSED
merge.sh: Merge Tests ===============================
merge.sh: Creating an SDR key & Encrypt
sdrtest -d . -o /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #6323: Creating SDR Key  - PASSED
merge.sh: Merging in Key for Existing user
certutil --merge --source-dir ../dave -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6324: Merging Dave  - PASSED
merge.sh: Merging in new user 
certutil --merge --source-dir ../server -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6325: Merging server  - PASSED
merge.sh: Merging in new chain 
certutil --merge --source-dir ../ext_client -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6326: Merging ext_client  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --merge --source-dir conflict1 -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6327: Merging conflicting nicknames 1  - PASSED
merge.sh: Merging in conflicting nicknames 1
certutil --merge --source-dir conflict2 -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6328: Merging conflicting nicknames 2  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #4)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 45 (0x2d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:21:38 2016
            Not After : Mon Jun 28 18:21:38 2021
        Subject: "CN=TestUser45,E=TestUser45@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ae:ce:55:de:e9:39:64:7a:b1:7d:6f:ae:05:d3:ed:b3:
                    87:4b:b3:c9:66:95:7d:10:f7:17:8b:c2:c3:0a:c1:b0:
                    65:89:a1:62:b1:c4:71:f4:e3:1b:81:74:b2:8f:16:b2:
                    50:79:04:7e:84:bb:52:99:90:8a:d1:d2:64:c4:23:80:
                    f9:3c:db:21:09:fa:ab:1d:b0:6f:79:c8:8a:c2:61:43:
                    b6:63:29:69:26:c4:78:6f:ac:8a:dd:89:5a:77:1a:e9:
                    c0:d5:a7:22:7c:33:c4:b8:ea:a9:f3:77:9b:b4:6c:33:
                    63:ef:ed:57:88:e8:e0:54:c6:31:0c:d0:12:22:62:fd:
                    c3:cc:c4:6a:ed:de:cf:99:2f:5a:57:97:ac:59:0f:bf:
                    b1:6e:7c:28:d5:4f:2d:6f:75:72:8e:dc:5e:ac:5c:bb:
                    57:7b:8a:3e:18:63:30:01:12:67:ec:52:7d:80:12:50:
                    01:33:5c:fa:b1:23:ab:c6:3c:a0:0d:f3:b3:17:e6:0d:
                    8b:a8:4a:54:93:cb:7b:92:8c:cd:e2:63:4c:66:30:bf:
                    bd:48:ef:a5:fd:27:04:58:63:27:8b:3b:91:71:bb:2e:
                    72:f3:e3:91:16:5a:60:6e:2e:3f:aa:84:39:a6:ea:87:
                    75:9f:8b:39:9b:81:d9:3d:7d:1e:71:fa:73:06:35:f7
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        40:b1:03:0a:75:40:37:b1:04:e8:b6:81:e2:7e:9e:ea:
        08:69:ae:e5:1a:4e:87:ae:59:78:a7:3c:d1:a8:b1:c6:
        e2:af:45:74:30:9c:fa:3c:95:13:ac:cb:ac:8f:cf:0b:
        eb:74:53:e7:dd:34:ca:2c:46:26:83:0d:d2:1d:8d:55:
        c9:9b:dc:85:9e:b4:47:7e:37:07:dc:34:15:a6:42:83:
        4c:d7:92:02:af:63:e4:96:d4:f7:7f:8a:24:0f:77:71:
        9b:9a:10:58:24:0c:91:da:a1:48:2d:58:50:83:73:58:
        42:23:a3:d5:1a:9b:07:bc:2f:8a:0b:38:2f:eb:57:29:
        69:b9:e2:43:13:6d:8a:bf:ce:91:12:07:d8:dc:9d:3c:
        51:31:4b:f1:9f:cd:7e:31:ea:1f:69:99:bb:4d:93:fd:
        21:81:78:2e:f2:ea:7d:3b:ef:1c:1e:57:ca:86:b0:b5:
        5f:5e:bb:75:d6:a2:47:95:ff:2e:0e:4f:a8:a6:30:e5:
        90:38:11:db:8c:b3:9d:4e:5b:51:0e:a9:7d:ca:dd:b8:
        e8:f3:5d:d7:24:46:54:20:81:4b:70:55:48:82:06:65:
        24:8c:af:1c:0e:af:38:61:91:15:cb:d1:c1:39:92:c4:
        7d:8d:21:1b:3c:7e:f6:ee:aa:8c:ca:6e:9b:aa:a7:3b
    Fingerprint (SHA-256):
        5B:7D:26:9C:4D:7D:B1:3F:A4:43:9A:B4:D8:3D:C9:FF:AC:E8:2E:32:9F:00:69:09:9B:98:77:60:4E:FD:3E:7C
    Fingerprint (SHA1):
        C9:5E:3A:D5:C0:60:7E:60:CE:C2:8D:6A:9E:CC:72:7C:01:52:36:B9
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #6329: Verify nicknames were deconflicted (Alice #4)  - PASSED
merge.sh: Verify nicknames were deconflicted (Alice #100)
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 46 (0x2e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Tue Jun 28 18:22:14 2016
            Not After : Mon Jun 28 18:22:14 2021
        Subject: "CN=TestUser46,E=TestUser46@bogus.com,O=BOGUS NSS,L=Mountain
             View,ST=California,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:e4:d7:6a:bf:08:29:2d:bd:d8:f4:cb:87:8d:62:e1:
                    5e:e4:58:60:37:25:5f:da:56:44:41:15:a7:e1:04:41:
                    af:36:24:c8:50:0d:99:43:9f:92:7e:26:b2:71:51:73:
                    80:63:04:28:a0:f5:13:cf:e9:46:64:e4:d6:2c:88:cb:
                    d9:01:6a:08:ba:52:f9:3f:5b:20:86:8b:4f:3f:6f:3a:
                    9c:84:91:93:7d:52:c9:07:63:61:ab:10:bb:68:e2:ce:
                    6d:ea:28:15:93:19:99:f0:b7:f1:8c:5d:44:dd:2e:e7:
                    ed:4a:99:11:55:d3:8a:b0:0b:9e:fe:40:92:5d:fb:71:
                    bb:65:01:e8:d9:eb:cb:08:0f:10:5c:45:20:52:12:25:
                    a6:30:2f:11:64:5b:66:b5:92:cd:94:9d:6e:2e:09:59:
                    05:5d:0b:13:e6:ab:ed:bc:4e:13:a2:51:a6:ab:b1:78:
                    f9:6d:b7:45:84:6d:5c:7b:86:65:e7:e2:f6:e1:31:49:
                    c0:e6:b4:10:11:86:3d:b4:cf:1a:7f:67:1e:8e:2e:93:
                    33:26:5a:fb:fb:5d:b6:39:48:fd:69:d7:68:46:a9:a0:
                    4a:7f:c3:d3:3b:3b:ea:b7:b3:05:55:f6:f0:c0:b3:71:
                    a7:8a:5b:61:d6:93:8e:47:da:71:ef:89:e9:b6:67:83
                Exponent: 65537 (0x10001)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2d:63:74:37:93:cc:7d:45:96:96:e0:4a:4f:61:bb:0b:
        79:59:d3:f7:3d:de:4d:fa:da:3e:6f:a0:9d:92:86:db:
        c1:41:af:17:dc:71:df:ba:7e:d2:0e:aa:71:2e:e3:f9:
        43:7b:85:72:4b:7a:e8:64:2e:56:74:48:d4:36:6f:bb:
        34:36:17:d4:21:56:18:0f:46:48:20:5e:cd:46:9c:70:
        28:b9:1a:e8:ae:a9:4f:c2:d8:0f:10:0f:ca:42:2e:e5:
        a0:2f:a5:4b:cc:5f:54:08:d5:64:61:42:9a:c2:7e:12:
        03:26:41:3a:d8:e0:cb:b4:7f:ba:ce:c3:ca:92:e4:a7:
        79:9c:3d:f2:06:c5:70:90:d1:57:b2:79:ca:d9:8c:ec:
        02:b4:0f:c0:4e:70:93:da:ff:e4:8b:15:fa:82:93:d6:
        23:ba:2f:de:ab:de:a4:30:9f:55:c3:29:80:1f:3e:de:
        d3:f7:f4:0a:47:5f:85:36:4a:5f:2c:12:f6:c0:08:2d:
        ea:ef:27:f7:6d:bb:3b:2c:f3:2c:b1:4c:c3:f0:d4:49:
        29:3d:ea:42:1f:e7:bb:93:c8:30:b8:e1:7c:8d:eb:05:
        ec:3f:2a:dc:7b:2f:76:13:a5:97:5b:fd:9c:15:9b:00:
        b6:71:6e:42:b4:0d:f5:2a:5f:9c:02:fa:e5:c9:07:53
    Fingerprint (SHA-256):
        CA:56:F9:7B:F0:14:EF:1A:E8:6B:69:2B:D7:77:93:F9:B5:2E:03:B7:7B:2F:EC:DA:0C:55:FA:EB:E0:7B:5E:6A
    Fingerprint (SHA1):
        71:9A:3F:E3:0F:62:66:A1:74:CE:8E:E7:1D:78:0B:AC:6D:56:56:46
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
merge.sh: #6330: Verify nicknames were deconflicted (Alice #100)  - PASSED
merge.sh: Merging in SDR 
certutil --merge --source-dir ../SDR -d . -f ../tests.pw -@ ../tests.pw
merge.sh: #6331: Merging SDR  - PASSED
Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI
TestCA                                                       CT,C,C
TestCA-dsa                                                   CT,C,C
TestCA-ec                                                    CT,C,C
Alice                                                        u,u,u
Alice-dsa                                                    u,u,u
Alice-dsamixed                                               u,u,u
Alice-ec                                                     u,u,u
Alice-ecmixed                                                u,u,u
bob@bogus.com                                                ,,   
Dave                                                         u,u,u
eve@bogus.com                                                ,,   
bob-ec@bogus.com                                             ,,   
Dave-ec                                                      u,u,u
Dave-dsa                                                     u,u,u
Dave-dsamixed                                                u,u,u
Dave-ecmixed                                                 u,u,u
localhost.localdomain                                        u,u,u
localhost.localdomain-dsa                                    u,u,u
localhost.localdomain-dsamixed                               u,u,u
localhost.localdomain-ec                                     u,u,u
localhost.localdomain-ecmixed                                u,u,u
localhost-sni.localdomain                                    u,u,u
localhost-sni.localdomain-dsa                                u,u,u
localhost-sni.localdomain-dsamixed                           u,u,u
localhost-sni.localdomain-ec                                 u,u,u
localhost-sni.localdomain-ecmixed                            u,u,u
ExtendedSSLUser                                              u,u,u
serverCA                                                     C,C,C
ExtendedSSLUser-dsa                                          u,u,u
serverCA-dsa                                                 C,C,C
ExtendedSSLUser-dsamixed                                     u,u,u
ExtendedSSLUser-ec                                           u,u,u
serverCA-ec                                                  C,C,C
ExtendedSSLUser-ecmixed                                      u,u,u
chain-2-clientCA                                             ,,   
chain-1-clientCA-dsa                                         ,,   
chain-1-clientCA                                             ,,   
chain-2-clientCA-dsa                                         ,,   
clientCA-dsa                                                 T,C,C
chain-1-clientCA-ec                                          ,,   
clientCA                                                     T,C,C
chain-2-clientCA-ec                                          ,,   
clientCA-ec                                                  T,C,C
Alice #2                                                     ,,   
Alice #1                                                     ,,   
Alice #99                                                    ,,   
Alice #3                                                     ,,   
Alice #4                                                     ,,   
Alice #100                                                   ,,   
CRL names                                CRL Type
TestCA                                   CRL  
TestCA-ec                                CRL  
merge.sh: Decrypt - With Original SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v3.14577 -t Test2 -f ../tests.pw
merge.sh: #6332: Decrypt - Value 3  - PASSED
merge.sh: Decrypt - With Merged SDR Key
sdrtest -d . -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests.v1.14577 -t Test1 -f ../tests.pw
merge.sh: #6333: Decrypt - Value 1  - PASSED
merge.sh: Signing with merged key  ------------------
cmsutil -S -T -N Dave -H SHA1 -i alice.txt -d . -p nss -o dave.dsig
merge.sh: #6334: Create Detached Signature Dave . - PASSED
cmsutil -D -i dave.dsig -c alice.txt -d . 
Date: Wed, 20 Sep 2000 00:00:01 -0700 (PDT)
From: alice@bogus.com
Subject: message Alice --> Bob
To: bob@bogus.com
This is a test message from Alice to Bob.
merge.sh: #6335: Verifying Dave's Detached Signature  - PASSED
merge.sh: verifying  merged cert  ------------------
certutil -V -n ExtendedSSLUser -u C -d .
certutil: certificate is valid
merge.sh: #6336: Verifying ExtendedSSL User Cert  - PASSED
merge.sh: verifying  merged crl  ------------------
crlutil -L -n TestCA -d .
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US"
    This Update: Tue Jun 28 18:24:03 2016
    Entry 1 (0x1):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 18:13:53 2016
        Entry Extensions:
            Name: CRL reason code
    Entry 2 (0x2):
        Serial Number: 42 (0x2a)
        Revocation Date: Tue Jun 28 18:23:57 2016
    CRL Extensions:
        Name: Certificate Issuer Alt Name
        RFC822 Name: "caemail@ca.com"
        DNS name: "ca.com"
        Directory Name: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=Califo
            rnia,C=US"
        URI: "http://ca.com"
        IP Address:
            87:0b:31:39:32:2e:31:36:38:2e:30:2e:31
merge.sh: #6337: Verifying TestCA CRL  - PASSED
TIMESTAMP merge END: Tue Jun 28 18:27:10 UTC 2016
Running tests for chains
TIMESTAMP chains BEGIN: Tue Jun 28 18:27:10 UTC 2016
chains.sh: Certificate Chains Tests ===============================
chains.sh: Creating DB OCSPRootDB
certutil -N -d OCSPRootDB -f OCSPRootDB/dbpasswd
chains.sh: #6338: OCSPD: Creating DB OCSPRootDB  - PASSED
chains.sh: Creating Root CA OCSPRoot
certutil -s "CN=OCSPRoot ROOT CA, O=OCSPRoot, C=US" -S -n OCSPRoot  -t CTu,CTu,CTu -v 600 -x -d OCSPRootDB -1 -2 -5 -f OCSPRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182711 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6339: OCSPD: Creating Root CA OCSPRoot  - PASSED
chains.sh: Exporting Root CA OCSPRoot.der
certutil -L -d OCSPRootDB -r -n OCSPRoot -o OCSPRoot.der
chains.sh: #6340: OCSPD: Exporting Root CA OCSPRoot.der  - PASSED
chains.sh: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPRootDB -o OCSPRoot.p12 -n OCSPRoot -k OCSPRootDB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #6341: OCSPD: Exporting OCSPRoot as OCSPRoot.p12 from OCSPRootDB database  - PASSED
chains.sh: Creating DB OCSPCA1DB
certutil -N -d OCSPCA1DB -f OCSPCA1DB/dbpasswd
chains.sh: #6342: OCSPD: Creating DB OCSPCA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA1Req.der
certutil -s "CN=OCSPCA1 Intermediate, O=OCSPCA1, C=US"  -R -2 -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6343: OCSPD: Creating Intermediate certifiate request OCSPCA1Req.der  - PASSED
chains.sh: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA1Req.der -o OCSPCA1OCSPRoot.der -f OCSPRootDB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6344: OCSPD: Creating certficate OCSPCA1OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database
certutil -A -n OCSPCA1 -t u,u,u -d OCSPCA1DB -f OCSPCA1DB/dbpasswd -i OCSPCA1OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6345: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to OCSPCA1DB database  - PASSED
chains.sh: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA1DB -o OCSPCA1.p12 -n OCSPCA1 -k OCSPCA1DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #6346: OCSPD: Exporting OCSPCA1 as OCSPCA1.p12 from OCSPCA1DB database  - PASSED
chains.sh: Creating DB OCSPCA2DB
certutil -N -d OCSPCA2DB -f OCSPCA2DB/dbpasswd
chains.sh: #6347: OCSPD: Creating DB OCSPCA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA2Req.der
certutil -s "CN=OCSPCA2 Intermediate, O=OCSPCA2, C=US"  -R -2 -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6348: OCSPD: Creating Intermediate certifiate request OCSPCA2Req.der  - PASSED
chains.sh: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA2Req.der -o OCSPCA2OCSPRoot.der -f OCSPRootDB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6349: OCSPD: Creating certficate OCSPCA2OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database
certutil -A -n OCSPCA2 -t u,u,u -d OCSPCA2DB -f OCSPCA2DB/dbpasswd -i OCSPCA2OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6350: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to OCSPCA2DB database  - PASSED
chains.sh: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA2DB -o OCSPCA2.p12 -n OCSPCA2 -k OCSPCA2DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #6351: OCSPD: Exporting OCSPCA2 as OCSPCA2.p12 from OCSPCA2DB database  - PASSED
chains.sh: Creating DB OCSPCA3DB
certutil -N -d OCSPCA3DB -f OCSPCA3DB/dbpasswd
chains.sh: #6352: OCSPD: Creating DB OCSPCA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request OCSPCA3Req.der
certutil -s "CN=OCSPCA3 Intermediate, O=OCSPCA3, C=US"  -R -2 -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPCA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6353: OCSPD: Creating Intermediate certifiate request OCSPCA3Req.der  - PASSED
chains.sh: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot
certutil -C -c OCSPRoot -v 60 -d OCSPRootDB -i OCSPCA3Req.der -o OCSPCA3OCSPRoot.der -f OCSPRootDB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6354: OCSPD: Creating certficate OCSPCA3OCSPRoot.der signed by OCSPRoot  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database
certutil -A -n OCSPCA3 -t u,u,u -d OCSPCA3DB -f OCSPCA3DB/dbpasswd -i OCSPCA3OCSPRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6355: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to OCSPCA3DB database  - PASSED
chains.sh: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d OCSPCA3DB -o OCSPCA3.p12 -n OCSPCA3 -k OCSPCA3DB/dbpasswd -W nssnss
pk12util: PKCS12 EXPORT SUCCESSFUL
chains.sh: #6356: OCSPD: Exporting OCSPCA3 as OCSPCA3.p12 from OCSPCA3DB database  - PASSED
chains.sh: Creating DB OCSPEE11DB
certutil -N -d OCSPEE11DB -f OCSPEE11DB/dbpasswd
chains.sh: #6357: OCSPD: Creating DB OCSPEE11DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE11Req.der
certutil -s "CN=OCSPEE11 EE, O=OCSPEE11, C=US"  -R  -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6358: OCSPD: Creating EE certifiate request OCSPEE11Req.der  - PASSED
chains.sh: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE11Req.der -o OCSPEE11OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6359: OCSPD: Creating certficate OCSPEE11OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database
certutil -A -n OCSPEE11 -t u,u,u -d OCSPEE11DB -f OCSPEE11DB/dbpasswd -i OCSPEE11OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6360: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to OCSPEE11DB database  - PASSED
chains.sh: Creating DB OCSPEE12DB
certutil -N -d OCSPEE12DB -f OCSPEE12DB/dbpasswd
chains.sh: #6361: OCSPD: Creating DB OCSPEE12DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE12Req.der
certutil -s "CN=OCSPEE12 EE, O=OCSPEE12, C=US"  -R  -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6362: OCSPD: Creating EE certifiate request OCSPEE12Req.der  - PASSED
chains.sh: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE12Req.der -o OCSPEE12OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6363: OCSPD: Creating certficate OCSPEE12OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database
certutil -A -n OCSPEE12 -t u,u,u -d OCSPEE12DB -f OCSPEE12DB/dbpasswd -i OCSPEE12OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6364: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to OCSPEE12DB database  - PASSED
chains.sh: Creating DB OCSPEE13DB
certutil -N -d OCSPEE13DB -f OCSPEE13DB/dbpasswd
chains.sh: #6365: OCSPD: Creating DB OCSPEE13DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE13Req.der
certutil -s "CN=OCSPEE13 EE, O=OCSPEE13, C=US"  -R  -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6366: OCSPD: Creating EE certifiate request OCSPEE13Req.der  - PASSED
chains.sh: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE13Req.der -o OCSPEE13OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6367: OCSPD: Creating certficate OCSPEE13OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database
certutil -A -n OCSPEE13 -t u,u,u -d OCSPEE13DB -f OCSPEE13DB/dbpasswd -i OCSPEE13OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6368: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to OCSPEE13DB database  - PASSED
chains.sh: Creating DB OCSPEE14DB
certutil -N -d OCSPEE14DB -f OCSPEE14DB/dbpasswd
chains.sh: #6369: OCSPD: Creating DB OCSPEE14DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE14Req.der
certutil -s "CN=OCSPEE14 EE, O=OCSPEE14, C=US"  -R  -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE14Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6370: OCSPD: Creating EE certifiate request OCSPEE14Req.der  - PASSED
chains.sh: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE14Req.der -o OCSPEE14OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 4   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6371: OCSPD: Creating certficate OCSPEE14OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database
certutil -A -n OCSPEE14 -t u,u,u -d OCSPEE14DB -f OCSPEE14DB/dbpasswd -i OCSPEE14OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6372: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to OCSPEE14DB database  - PASSED
chains.sh: Creating DB OCSPEE15DB
certutil -N -d OCSPEE15DB -f OCSPEE15DB/dbpasswd
chains.sh: #6373: OCSPD: Creating DB OCSPEE15DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE15Req.der
certutil -s "CN=OCSPEE15 EE, O=OCSPEE15, C=US"  -R  -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE15Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6374: OCSPD: Creating EE certifiate request OCSPEE15Req.der  - PASSED
chains.sh: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1
certutil -C -c OCSPCA1 -v 60 -d OCSPCA1DB -i OCSPEE15Req.der -o OCSPEE15OCSPCA1.der -f OCSPCA1DB/dbpasswd -m 5   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6375: OCSPD: Creating certficate OCSPEE15OCSPCA1.der signed by OCSPCA1  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database
certutil -A -n OCSPEE15 -t u,u,u -d OCSPEE15DB -f OCSPEE15DB/dbpasswd -i OCSPEE15OCSPCA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6376: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to OCSPEE15DB database  - PASSED
chains.sh: Creating DB OCSPEE21DB
certutil -N -d OCSPEE21DB -f OCSPEE21DB/dbpasswd
chains.sh: #6377: OCSPD: Creating DB OCSPEE21DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE21Req.der
certutil -s "CN=OCSPEE21 EE, O=OCSPEE21, C=US"  -R  -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6378: OCSPD: Creating EE certifiate request OCSPEE21Req.der  - PASSED
chains.sh: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE21Req.der -o OCSPEE21OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6379: OCSPD: Creating certficate OCSPEE21OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database
certutil -A -n OCSPEE21 -t u,u,u -d OCSPEE21DB -f OCSPEE21DB/dbpasswd -i OCSPEE21OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6380: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to OCSPEE21DB database  - PASSED
chains.sh: Creating DB OCSPEE22DB
certutil -N -d OCSPEE22DB -f OCSPEE22DB/dbpasswd
chains.sh: #6381: OCSPD: Creating DB OCSPEE22DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE22Req.der
certutil -s "CN=OCSPEE22 EE, O=OCSPEE22, C=US"  -R  -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6382: OCSPD: Creating EE certifiate request OCSPEE22Req.der  - PASSED
chains.sh: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE22Req.der -o OCSPEE22OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6383: OCSPD: Creating certficate OCSPEE22OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database
certutil -A -n OCSPEE22 -t u,u,u -d OCSPEE22DB -f OCSPEE22DB/dbpasswd -i OCSPEE22OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6384: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to OCSPEE22DB database  - PASSED
chains.sh: Creating DB OCSPEE23DB
certutil -N -d OCSPEE23DB -f OCSPEE23DB/dbpasswd
chains.sh: #6385: OCSPD: Creating DB OCSPEE23DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE23Req.der
certutil -s "CN=OCSPEE23 EE, O=OCSPEE23, C=US"  -R  -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6386: OCSPD: Creating EE certifiate request OCSPEE23Req.der  - PASSED
chains.sh: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2
certutil -C -c OCSPCA2 -v 60 -d OCSPCA2DB -i OCSPEE23Req.der -o OCSPEE23OCSPCA2.der -f OCSPCA2DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6387: OCSPD: Creating certficate OCSPEE23OCSPCA2.der signed by OCSPCA2  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database
certutil -A -n OCSPEE23 -t u,u,u -d OCSPEE23DB -f OCSPEE23DB/dbpasswd -i OCSPEE23OCSPCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6388: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to OCSPEE23DB database  - PASSED
chains.sh: Creating DB OCSPEE31DB
certutil -N -d OCSPEE31DB -f OCSPEE31DB/dbpasswd
chains.sh: #6389: OCSPD: Creating DB OCSPEE31DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE31Req.der
certutil -s "CN=OCSPEE31 EE, O=OCSPEE31, C=US"  -R  -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE31Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6390: OCSPD: Creating EE certifiate request OCSPEE31Req.der  - PASSED
chains.sh: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE31Req.der -o OCSPEE31OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 1   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6391: OCSPD: Creating certficate OCSPEE31OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database
certutil -A -n OCSPEE31 -t u,u,u -d OCSPEE31DB -f OCSPEE31DB/dbpasswd -i OCSPEE31OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6392: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to OCSPEE31DB database  - PASSED
chains.sh: Creating DB OCSPEE32DB
certutil -N -d OCSPEE32DB -f OCSPEE32DB/dbpasswd
chains.sh: #6393: OCSPD: Creating DB OCSPEE32DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE32Req.der
certutil -s "CN=OCSPEE32 EE, O=OCSPEE32, C=US"  -R  -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6394: OCSPD: Creating EE certifiate request OCSPEE32Req.der  - PASSED
chains.sh: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE32Req.der -o OCSPEE32OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 2   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9668/ocsp
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6395: OCSPD: Creating certficate OCSPEE32OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database
certutil -A -n OCSPEE32 -t u,u,u -d OCSPEE32DB -f OCSPEE32DB/dbpasswd -i OCSPEE32OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6396: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to OCSPEE32DB database  - PASSED
chains.sh: Creating DB OCSPEE33DB
certutil -N -d OCSPEE33DB -f OCSPEE33DB/dbpasswd
chains.sh: #6397: OCSPD: Creating DB OCSPEE33DB  - PASSED
chains.sh: Creating EE certifiate request OCSPEE33Req.der
certutil -s "CN=OCSPEE33 EE, O=OCSPEE33, C=US"  -R  -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OCSPEE33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6398: OCSPD: Creating EE certifiate request OCSPEE33Req.der  - PASSED
chains.sh: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3
certutil -C -c OCSPCA3 -v 60 -d OCSPCA3DB -i OCSPEE33Req.der -o OCSPEE33OCSPCA3.der -f OCSPCA3DB/dbpasswd -m 3   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
2
7
http://localhost.localdomain:9669
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6399: OCSPD: Creating certficate OCSPEE33OCSPCA3.der signed by OCSPCA3  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database
certutil -A -n OCSPEE33 -t u,u,u -d OCSPEE33DB -f OCSPEE33DB/dbpasswd -i OCSPEE33OCSPCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6400: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to OCSPEE33DB database  - PASSED
chains.sh: Create CRL for OCSPRootDB
crlutil -G -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628182858Z
nextupdate=20170628182858Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 18:28:58 2016
    Next Update: Wed Jun 28 18:28:58 2017
    CRL Extensions:
chains.sh: #6401: OCSPD: Create CRL for OCSPRootDB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPRoot
crlutil -M -d OCSPRootDB -n OCSPRoot -f OCSPRootDB/dbpasswd -o OCSPRoot.crl
=== Crlutil input data ===
update=20160628182859Z
addcert 2 20160628182859Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
    This Update: Tue Jun 28 18:28:59 2016
    Next Update: Wed Jun 28 18:28:58 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:28:59 2016
    CRL Extensions:
chains.sh: #6402: OCSPD: Revoking certificate with SN 2 issued by OCSPRoot  - PASSED
chains.sh: Create CRL for OCSPCA1DB
crlutil -G -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628182859Z
nextupdate=20170628182859Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 18:28:59 2016
    Next Update: Wed Jun 28 18:28:59 2017
    CRL Extensions:
chains.sh: #6403: OCSPD: Create CRL for OCSPCA1DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628182900Z
addcert 2 20160628182900Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 18:29:00 2016
    Next Update: Wed Jun 28 18:28:59 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:00 2016
    CRL Extensions:
chains.sh: #6404: OCSPD: Revoking certificate with SN 2 issued by OCSPCA1  - PASSED
chains.sh: Revoking certificate with SN 4 issued by OCSPCA1
crlutil -M -d OCSPCA1DB -n OCSPCA1 -f OCSPCA1DB/dbpasswd -o OCSPCA1.crl
=== Crlutil input data ===
update=20160628182901Z
addcert 4 20160628182901Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
    This Update: Tue Jun 28 18:29:01 2016
    Next Update: Wed Jun 28 18:28:59 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:00 2016
    Entry 2 (0x2):
        Serial Number: 4 (0x4)
        Revocation Date: Tue Jun 28 18:29:01 2016
    CRL Extensions:
chains.sh: #6405: OCSPD: Revoking certificate with SN 4 issued by OCSPCA1  - PASSED
chains.sh: Create CRL for OCSPCA2DB
crlutil -G -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628182901Z
nextupdate=20170628182901Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 18:29:01 2016
    Next Update: Wed Jun 28 18:29:01 2017
    CRL Extensions:
chains.sh: #6406: OCSPD: Create CRL for OCSPCA2DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628182902Z
addcert 2 20160628182902Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 18:29:02 2016
    Next Update: Wed Jun 28 18:29:01 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:02 2016
    CRL Extensions:
chains.sh: #6407: OCSPD: Revoking certificate with SN 2 issued by OCSPCA2  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA2
crlutil -M -d OCSPCA2DB -n OCSPCA2 -f OCSPCA2DB/dbpasswd -o OCSPCA2.crl
=== Crlutil input data ===
update=20160628182903Z
addcert 3 20160628182903Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA2 Intermediate,O=OCSPCA2,C=US"
    This Update: Tue Jun 28 18:29:03 2016
    Next Update: Wed Jun 28 18:29:01 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:02 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 18:29:03 2016
    CRL Extensions:
chains.sh: #6408: OCSPD: Revoking certificate with SN 3 issued by OCSPCA2  - PASSED
chains.sh: Create CRL for OCSPCA3DB
crlutil -G -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628182904Z
nextupdate=20170628182904Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 18:29:04 2016
    Next Update: Wed Jun 28 18:29:04 2017
    CRL Extensions:
chains.sh: #6409: OCSPD: Create CRL for OCSPCA3DB  - PASSED
chains.sh: Revoking certificate with SN 2 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628182905Z
addcert 2 20160628182905Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 18:29:05 2016
    Next Update: Wed Jun 28 18:29:04 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:05 2016
    CRL Extensions:
chains.sh: #6410: OCSPD: Revoking certificate with SN 2 issued by OCSPCA3  - PASSED
chains.sh: Revoking certificate with SN 3 issued by OCSPCA3
crlutil -M -d OCSPCA3DB -n OCSPCA3 -f OCSPCA3DB/dbpasswd -o OCSPCA3.crl
=== Crlutil input data ===
update=20160628182906Z
addcert 3 20160628182906Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=OCSPCA3 Intermediate,O=OCSPCA3,C=US"
    This Update: Tue Jun 28 18:29:06 2016
    Next Update: Wed Jun 28 18:29:04 2017
    Entry 1 (0x1):
        Serial Number: 2 (0x2)
        Revocation Date: Tue Jun 28 18:29:05 2016
    Entry 2 (0x2):
        Serial Number: 3 (0x3)
        Revocation Date: Tue Jun 28 18:29:06 2016
    CRL Extensions:
chains.sh: #6411: OCSPD: Revoking certificate with SN 3 issued by OCSPCA3  - PASSED
chains.sh: Creating DB ServerDB
certutil -N -d ServerDB -f ServerDB/dbpasswd
chains.sh: #6412: OCSPD: Creating DB ServerDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ServerDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.der
chains.sh: #6413: OCSPD: Importing certificate OCSPRoot.der to ServerDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ServerDB database
crlutil -I -d ServerDB -f ServerDB/dbpasswd -i OCSPRoot.crl
chains.sh: #6414: OCSPD: Importing CRL OCSPRoot.crl to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPRoot.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPRoot.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #6415: OCSPD: Importing p12 key OCSPRoot.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA1.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA1.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #6416: OCSPD: Importing p12 key OCSPCA1.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA2.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA2.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #6417: OCSPD: Importing p12 key OCSPCA2.p12 to ServerDB database  - PASSED
chains.sh: Importing p12 key OCSPCA3.p12 to ServerDB database
/builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk12util -d ServerDB -i ../OCSPD/OCSPCA3.p12 -k ServerDB/dbpasswd -W nssnss
pk12util: PKCS12 IMPORT SUCCESSFUL
chains.sh: #6418: OCSPD: Importing p12 key OCSPCA3.p12 to ServerDB database  - PASSED
chains.sh: Creating DB ClientDB
certutil -N -d ClientDB -f ClientDB/dbpasswd
chains.sh: #6419: OCSPD: Creating DB ClientDB  - PASSED
chains.sh: Importing certificate OCSPRoot.der to ClientDB database
certutil -A -n OCSPRoot  -t "CT,C,C" -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.der
chains.sh: #6420: OCSPD: Importing certificate OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing CRL OCSPRoot.crl to ClientDB database
crlutil -I -d ClientDB -f ClientDB/dbpasswd -i OCSPRoot.crl
chains.sh: #6421: OCSPD: Importing CRL OCSPRoot.crl to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA1OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA1OCSPRoot.der
chains.sh: #6422: OCSPD: Importing certificate OCSPCA1OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA2OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA2OCSPRoot.der
chains.sh: #6423: OCSPD: Importing certificate OCSPCA2OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database
certutil -A -n OCSPCA3OCSPRoot  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPCA3OCSPRoot.der
chains.sh: #6424: OCSPD: Importing certificate OCSPCA3OCSPRoot.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE11OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE11OCSPCA1.der
chains.sh: #6425: OCSPD: Importing certificate OCSPEE11OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE12OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE12OCSPCA1.der
chains.sh: #6426: OCSPD: Importing certificate OCSPEE12OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE13OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE13OCSPCA1.der
chains.sh: #6427: OCSPD: Importing certificate OCSPEE13OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE14OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE14OCSPCA1.der
chains.sh: #6428: OCSPD: Importing certificate OCSPEE14OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database
certutil -A -n OCSPEE15OCSPCA1  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE15OCSPCA1.der
chains.sh: #6429: OCSPD: Importing certificate OCSPEE15OCSPCA1.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE21OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE21OCSPCA2.der
chains.sh: #6430: OCSPD: Importing certificate OCSPEE21OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE22OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE22OCSPCA2.der
chains.sh: #6431: OCSPD: Importing certificate OCSPEE22OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database
certutil -A -n OCSPEE23OCSPCA2  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE23OCSPCA2.der
chains.sh: #6432: OCSPD: Importing certificate OCSPEE23OCSPCA2.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE31OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE31OCSPCA3.der
chains.sh: #6433: OCSPD: Importing certificate OCSPEE31OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE32OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE32OCSPCA3.der
chains.sh: #6434: OCSPD: Importing certificate OCSPEE32OCSPCA3.der to ClientDB database  - PASSED
chains.sh: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database
certutil -A -n OCSPEE33OCSPCA3  -t "" -d ClientDB -f ClientDB/dbpasswd -i OCSPEE33OCSPCA3.der
chains.sh: #6435: OCSPD: Importing certificate OCSPEE33OCSPCA3.der to ClientDB database  - PASSED
httpserv starting at Tue Jun 28 18:29:17 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \
         -O get -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 18:29:17 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 16019 >/dev/null 2>/dev/null
httpserv with PID 16019 found at Tue Jun 28 18:29:17 UTC 2016
httpserv with PID 16019 started at Tue Jun 28 18:29:17 UTC 2016
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #6436: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182711 (0x25714eb7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:27:19 2016
            Not After : Mon Jun 28 18:27:19 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:f2:a8:b9:d8:65:22:dd:5a:57:b1:b1:f5:84:14:4e:
                    c4:7f:38:b7:e6:a4:5e:89:de:7d:66:9b:fe:85:3f:4e:
                    bc:82:f2:16:bf:bd:9d:fc:55:2c:81:b5:7b:ad:1d:ba:
                    7f:82:6e:bf:6a:6d:2d:ba:2e:ec:0a:a4:50:97:0c:e1:
                    5b:2d:29:4f:1a:9b:7d:1d:9c:7e:d0:09:51:4f:6e:2b:
                    af:51:5a:25:9f:db:4a:18:82:63:55:20:7d:6f:7c:c9:
                    46:a3:6c:77:80:1d:48:33:5d:3d:5a:6f:1c:8d:c8:2d:
                    87:b1:c8:25:8d:c2:6d:be:5c:8c:29:84:fd:a8:68:d3:
                    69:1e:8a:52:75:cc:ab:a8:74:ec:6a:cf:19:ee:63:35:
                    d9:82:d3:ab:8c:ea:6d:b6:29:f4:95:60:71:ef:8b:78:
                    bf:1e:c3:e0:26:bd:a1:fb:cb:dd:17:24:e0:df:d7:20:
                    4f:86:2d:42:1f:52:5c:a4:e9:f2:28:44:fb:50:49:f5:
                    8c:92:70:66:cc:5d:a6:aa:1a:8e:0f:ff:3c:07:e8:8a:
                    49:87:78:4d:f2:27:be:e3:50:48:e3:57:a8:6a:06:db:
                    62:ac:d4:ce:4f:40:b2:0a:4b:87:9d:92:e8:76:69:99:
                    38:62:6d:51:e9:d8:fe:80:0b:e4:7c:d3:20:0e:4a:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:b5:e2:92:49:5b:b6:dd:bf:a0:24:c5:32:54:34:45:
        06:47:c3:a3:d7:4e:fa:59:c1:ed:e8:43:a9:4b:71:a5:
        eb:56:ba:69:cb:66:cd:1e:45:b3:31:07:71:27:f8:ab:
        12:54:f0:9f:a0:66:e3:0a:a6:73:92:f7:dd:94:8c:e0:
        c9:0c:98:12:ea:00:c0:23:3e:a3:87:5b:d9:e7:40:8b:
        22:b0:d3:fc:49:38:2f:83:6f:59:5c:50:8c:be:96:b0:
        15:83:b9:ca:e4:81:c6:27:8d:e9:9a:e9:3b:06:33:5a:
        b2:35:14:09:17:e5:cc:43:38:e4:ab:da:e7:c8:d6:37:
        7d:e0:62:a3:06:b7:42:58:3f:cf:93:3b:d9:0f:08:5e:
        c7:12:81:ac:1a:22:5c:48:66:55:a8:9a:e4:3b:3b:2f:
        9b:7a:b7:26:68:df:97:d1:97:84:8d:09:fe:57:c8:e1:
        dc:e0:84:35:c1:48:e2:12:a5:4d:3e:8a:2b:07:7c:36:
        71:73:4b:d7:4e:11:0c:e4:5d:a6:80:00:ab:80:5e:ec:
        8d:e5:73:29:1b:ed:88:db:75:31:cb:3b:2b:d0:47:30:
        30:57:aa:f9:21:10:2a:ea:6e:05:46:e2:0d:b2:88:2e:
        2f:e1:19:91:4d:70:81:b9:ff:1e:6b:d8:75:48:8f:f3
    Fingerprint (SHA-256):
        79:FB:D3:7B:C9:DD:25:F7:13:A6:21:79:B9:20:C4:87:C9:77:78:FD:1F:CF:FE:74:A3:19:55:09:E3:9C:8F:45
    Fingerprint (SHA1):
        3E:11:3A:6F:40:C1:27:29:76:99:F4:8E:56:03:3E:AD:6A:2A:9C:5B
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6437: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #6438: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #6439: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 16019 at Tue Jun 28 18:29:18 UTC 2016
kill -USR1 16019
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 16019 killed at Tue Jun 28 18:29:18 UTC 2016
httpserv starting at Tue Jun 28 18:29:18 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \
         -O post -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 18:29:18 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 16188 >/dev/null 2>/dev/null
httpserv with PID 16188 found at Tue Jun 28 18:29:18 UTC 2016
httpserv with PID 16188 started at Tue Jun 28 18:29:18 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #6440: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. OCSPEE12OCSPCA1 :
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #6441: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #6442: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
tstclnt -h localhost.localdomain -p 9668 -q -t 20
chains.sh: #6443: Test that OCSP server is reachable - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182711 (0x25714eb7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:27:19 2016
            Not After : Mon Jun 28 18:27:19 2066
        Subject: "CN=OCSPRoot ROOT CA,O=OCSPRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    df:f2:a8:b9:d8:65:22:dd:5a:57:b1:b1:f5:84:14:4e:
                    c4:7f:38:b7:e6:a4:5e:89:de:7d:66:9b:fe:85:3f:4e:
                    bc:82:f2:16:bf:bd:9d:fc:55:2c:81:b5:7b:ad:1d:ba:
                    7f:82:6e:bf:6a:6d:2d:ba:2e:ec:0a:a4:50:97:0c:e1:
                    5b:2d:29:4f:1a:9b:7d:1d:9c:7e:d0:09:51:4f:6e:2b:
                    af:51:5a:25:9f:db:4a:18:82:63:55:20:7d:6f:7c:c9:
                    46:a3:6c:77:80:1d:48:33:5d:3d:5a:6f:1c:8d:c8:2d:
                    87:b1:c8:25:8d:c2:6d:be:5c:8c:29:84:fd:a8:68:d3:
                    69:1e:8a:52:75:cc:ab:a8:74:ec:6a:cf:19:ee:63:35:
                    d9:82:d3:ab:8c:ea:6d:b6:29:f4:95:60:71:ef:8b:78:
                    bf:1e:c3:e0:26:bd:a1:fb:cb:dd:17:24:e0:df:d7:20:
                    4f:86:2d:42:1f:52:5c:a4:e9:f2:28:44:fb:50:49:f5:
                    8c:92:70:66:cc:5d:a6:aa:1a:8e:0f:ff:3c:07:e8:8a:
                    49:87:78:4d:f2:27:be:e3:50:48:e3:57:a8:6a:06:db:
                    62:ac:d4:ce:4f:40:b2:0a:4b:87:9d:92:e8:76:69:99:
                    38:62:6d:51:e9:d8:fe:80:0b:e4:7c:d3:20:0e:4a:ef
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:b5:e2:92:49:5b:b6:dd:bf:a0:24:c5:32:54:34:45:
        06:47:c3:a3:d7:4e:fa:59:c1:ed:e8:43:a9:4b:71:a5:
        eb:56:ba:69:cb:66:cd:1e:45:b3:31:07:71:27:f8:ab:
        12:54:f0:9f:a0:66:e3:0a:a6:73:92:f7:dd:94:8c:e0:
        c9:0c:98:12:ea:00:c0:23:3e:a3:87:5b:d9:e7:40:8b:
        22:b0:d3:fc:49:38:2f:83:6f:59:5c:50:8c:be:96:b0:
        15:83:b9:ca:e4:81:c6:27:8d:e9:9a:e9:3b:06:33:5a:
        b2:35:14:09:17:e5:cc:43:38:e4:ab:da:e7:c8:d6:37:
        7d:e0:62:a3:06:b7:42:58:3f:cf:93:3b:d9:0f:08:5e:
        c7:12:81:ac:1a:22:5c:48:66:55:a8:9a:e4:3b:3b:2f:
        9b:7a:b7:26:68:df:97:d1:97:84:8d:09:fe:57:c8:e1:
        dc:e0:84:35:c1:48:e2:12:a5:4d:3e:8a:2b:07:7c:36:
        71:73:4b:d7:4e:11:0c:e4:5d:a6:80:00:ab:80:5e:ec:
        8d:e5:73:29:1b:ed:88:db:75:31:cb:3b:2b:d0:47:30:
        30:57:aa:f9:21:10:2a:ea:6e:05:46:e2:0d:b2:88:2e:
        2f:e1:19:91:4d:70:81:b9:ff:1e:6b:d8:75:48:8f:f3
    Fingerprint (SHA-256):
        79:FB:D3:7B:C9:DD:25:F7:13:A6:21:79:B9:20:C4:87:C9:77:78:FD:1F:CF:FE:74:A3:19:55:09:E3:9C:8F:45
    Fingerprint (SHA1):
        3E:11:3A:6F:40:C1:27:29:76:99:F4:8E:56:03:3E:AD:6A:2A:9C:5B
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=OCSPEE11 EE,O=OCSPEE11,C=US"
Certificate 2 Subject: "CN=OCSPCA1 Intermediate,O=OCSPCA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6444: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB  -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #6445: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB    -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -p -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE11OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is good!
Returned value is 0, expected result is pass
chains.sh: #6446: Method: Verifying certificate(s)  OCSPEE11OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -p   -g leaf -h requireFreshInfo -m ocsp     - PASSED
trying to kill httpserv with PID 16188 at Tue Jun 28 18:29:20 UTC 2016
kill -USR1 16188
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 16188 killed at Tue Jun 28 18:29:20 UTC 2016
httpserv starting at Tue Jun 28 18:29:20 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \
         -O random -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 18:29:20 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 16435 >/dev/null 2>/dev/null
httpserv with PID 16435 found at Tue Jun 28 18:29:20 UTC 2016
httpserv with PID 16435 started at Tue Jun 28 18:29:20 UTC 2016
chains.sh: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp    
vfychain -d ../OCSPD/ClientDB -pp -vv   -g leaf -h requireFreshInfo -m ocsp     ../OCSPD/OCSPEE12OCSPCA1.der ../OCSPD/OCSPCA1OCSPRoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. OCSPRoot [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #6447: Verifying certificate(s)  OCSPEE12OCSPCA1.cert OCSPCA1OCSPRoot.cert with flags -d ../OCSPD/ClientDB -pp   -g leaf -h requireFreshInfo -m ocsp     - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #6448: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182712 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6449: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #6450: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #6451: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182713 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6452: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #6453: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #6454: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6455: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182714 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6456: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6457: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182715 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6458: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6459: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #6460: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #6461: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6462: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628182716   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6463: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6464: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6465: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #6466: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #6467: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182713 (0x25714eb9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:28 2016
            Not After : Mon Jun 28 18:29:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:2b:57:2d:58:53:08:71:9c:30:c2:23:22:84:be:a0:
                    39:08:05:d9:d6:8b:fb:b8:1b:e2:6e:5c:9b:72:67:fa:
                    9c:e9:4a:59:8a:2f:8a:49:0d:e9:dd:4b:77:fc:88:43:
                    fc:55:49:82:3c:ad:81:4f:6a:40:c9:9a:c7:c6:de:29:
                    b6:f1:4d:bc:bc:cd:d5:10:9c:37:62:87:cd:de:a6:cb:
                    ba:18:e3:7e:e5:f1:1f:6f:c5:a4:b2:37:1e:85:84:30:
                    12:ab:23:64:33:d3:b5:74:be:eb:1d:31:ba:f2:7f:37:
                    3f:14:9e:b9:41:9a:63:63:55:db:d7:a0:62:91:30:b7:
                    ea:8b:7f:63:66:18:39:de:30:e5:ab:a2:1c:58:3b:e7:
                    54:2f:2a:79:e3:ab:36:d8:56:28:67:1e:54:c9:35:1b:
                    f3:f0:3c:b7:47:ce:1f:40:09:aa:56:93:e8:25:a6:a9:
                    e7:22:70:7b:52:ff:da:7b:57:6b:b3:2d:6c:2a:d9:cd:
                    b6:36:e3:06:a3:8e:4d:c0:1b:d5:4c:c5:40:4f:b3:0b:
                    5f:83:a3:c2:02:c8:34:ce:8a:01:84:63:54:4c:c7:60:
                    20:7d:1e:31:74:f4:65:e8:92:b2:55:37:40:b4:62:ff:
                    88:27:af:9a:68:ed:c4:b8:af:dd:ef:fa:1b:72:ad:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:64:64:5a:ec:25:0e:28:81:0c:07:05:c6:8c:6e:4a:
        3c:d5:18:5b:9f:a0:bc:be:a2:cd:fc:30:d5:c6:ee:02:
        b5:35:9d:5e:34:1f:ae:3c:c1:24:ff:43:cd:01:ca:13:
        a1:33:b2:ad:29:a2:97:b0:91:e9:0c:f8:b6:4a:1c:d9:
        8b:8e:7f:c3:9f:04:35:30:dc:50:e9:43:ea:e9:aa:84:
        51:33:07:be:75:f7:be:85:35:57:67:ad:28:48:2c:0c:
        06:b6:b2:2e:8d:3e:fd:75:a0:7b:9c:9a:84:90:aa:e4:
        24:5e:ec:3a:62:20:5b:52:7c:f3:90:ef:74:e9:4f:17:
        ca:b6:4b:6c:2c:45:f6:ae:16:d8:6a:e4:4e:e3:18:ad:
        b9:d6:b0:38:a9:48:09:f4:ce:68:70:9f:2c:2c:eb:7a:
        a8:b8:cf:66:16:5a:ba:66:b7:e8:9a:0b:47:bd:80:cc:
        51:26:b0:23:71:c6:f6:0e:da:1a:51:bb:80:e7:14:48:
        7f:2e:e6:51:a4:21:8c:3b:9a:67:9f:af:8a:00:f6:77:
        fc:9b:2c:8d:9e:6a:43:8e:05:38:05:77:a6:ec:ad:53:
        a1:49:19:92:4b:ba:24:2b:8c:4b:e0:fc:b7:40:d5:36:
        ed:6d:f6:70:ad:50:fd:fc:5d:f8:51:09:45:0c:8d:ec
    Fingerprint (SHA-256):
        86:A7:60:E5:04:0C:90:C5:F4:83:22:EE:CF:2C:FA:E4:C4:C1:6E:13:64:F7:8D:E3:0E:25:4E:E1:EF:3B:A8:AC
    Fingerprint (SHA1):
        96:46:5D:6B:C8:18:99:78:5C:98:AF:EC:5A:7D:AE:5B:0D:A3:88:21
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6468: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182712 (0x25714eb8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:24 2016
            Not After : Mon Jun 28 18:29:24 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:54:e5:1b:04:ac:ad:18:b7:90:d1:d3:89:d1:b9:1b:
                    9c:8a:65:fe:ee:9f:7d:f0:35:25:35:ae:3d:d9:3f:f3:
                    bd:9b:e3:3e:be:ca:f3:dd:34:5b:64:4a:53:6b:91:65:
                    8a:ad:3c:04:3b:c3:56:23:60:b4:a0:09:c6:60:3a:f0:
                    eb:d9:5a:f6:34:d1:f9:ab:54:b3:a3:fc:4a:58:bb:71:
                    09:31:74:d1:ce:f0:4c:6f:fe:ce:74:2a:ab:a7:44:c7:
                    fa:bc:b0:50:03:47:47:d4:a3:d3:8c:aa:05:e7:92:18:
                    6a:e9:a3:e9:96:3f:1e:7f:2f:86:5c:3b:9c:fd:c5:6e:
                    2d:57:27:40:9f:26:f6:3b:0d:b9:ab:96:c6:26:b1:6f:
                    05:98:fd:00:ed:a3:91:f6:18:a4:43:51:42:04:e0:40:
                    30:c1:39:51:e2:34:ff:ce:8d:5c:2c:63:9e:f2:75:bf:
                    d4:9b:c1:60:43:33:a9:91:9f:6d:58:99:59:57:2a:b4:
                    72:25:7c:16:25:04:b7:54:93:9e:6d:73:b6:15:c7:8d:
                    0f:1a:b5:8c:61:b5:16:66:45:76:06:0b:50:11:f7:40:
                    90:f7:9a:29:69:ae:7e:a9:a6:92:5f:0c:1c:13:52:24:
                    fc:5a:d8:46:00:19:bc:90:7f:1d:c5:a5:67:20:c3:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:37:e3:60:cf:bf:3d:2d:70:44:0a:ca:95:2e:5c:2c:
        97:75:ac:1f:4d:a9:da:44:43:de:ba:e5:08:d7:60:03:
        ba:f2:a0:57:50:95:db:ef:5f:8f:cf:ff:44:40:f1:f4:
        cf:61:f4:fb:4c:60:7a:81:26:26:1b:47:cd:12:1b:36:
        6b:2a:7f:ba:ad:94:4d:00:87:70:db:af:f6:a0:fa:ab:
        b2:f9:37:5a:8b:49:1c:5d:90:91:9a:98:56:67:18:46:
        7b:08:3c:1b:ff:96:db:f6:1f:18:a2:11:d6:8d:3a:ec:
        f2:52:f2:76:f5:cf:47:d9:96:4d:57:3d:ea:62:e6:30:
        f7:a0:4e:94:48:7e:f0:51:8f:2d:fc:1d:44:e6:ea:2e:
        d2:40:08:0a:52:67:af:1e:ad:a8:24:be:e1:b7:ed:17:
        fe:5e:4c:2b:ad:82:82:76:c3:87:bc:b3:8b:32:93:09:
        b4:ec:df:11:95:8b:09:64:cc:7e:16:1c:95:18:c6:6b:
        32:8b:2a:8c:fd:49:9b:75:b6:ad:98:45:85:f3:9f:fa:
        f9:76:2d:b7:ef:e0:e0:cf:d5:fb:62:f7:91:5f:9e:1e:
        56:7b:cf:3f:93:3b:d3:8e:55:e6:8f:5c:a4:c9:a1:9f:
        a7:e3:ad:e0:77:32:d9:84:ad:d7:47:d2:71:ae:6f:a8
    Fingerprint (SHA-256):
        DA:00:87:61:C0:22:5C:2B:C1:27:F3:A7:C7:DE:0A:F2:78:16:59:03:2C:4C:F3:CD:4C:CA:C2:FA:B5:CD:ED:D1
    Fingerprint (SHA1):
        FD:FC:57:50:0B:63:3E:11:46:3E:B7:F8:91:F4:09:0F:41:53:9F:46
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6469: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #6470: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #6471: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #6472: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182712 (0x25714eb8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:24 2016
            Not After : Mon Jun 28 18:29:24 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:54:e5:1b:04:ac:ad:18:b7:90:d1:d3:89:d1:b9:1b:
                    9c:8a:65:fe:ee:9f:7d:f0:35:25:35:ae:3d:d9:3f:f3:
                    bd:9b:e3:3e:be:ca:f3:dd:34:5b:64:4a:53:6b:91:65:
                    8a:ad:3c:04:3b:c3:56:23:60:b4:a0:09:c6:60:3a:f0:
                    eb:d9:5a:f6:34:d1:f9:ab:54:b3:a3:fc:4a:58:bb:71:
                    09:31:74:d1:ce:f0:4c:6f:fe:ce:74:2a:ab:a7:44:c7:
                    fa:bc:b0:50:03:47:47:d4:a3:d3:8c:aa:05:e7:92:18:
                    6a:e9:a3:e9:96:3f:1e:7f:2f:86:5c:3b:9c:fd:c5:6e:
                    2d:57:27:40:9f:26:f6:3b:0d:b9:ab:96:c6:26:b1:6f:
                    05:98:fd:00:ed:a3:91:f6:18:a4:43:51:42:04:e0:40:
                    30:c1:39:51:e2:34:ff:ce:8d:5c:2c:63:9e:f2:75:bf:
                    d4:9b:c1:60:43:33:a9:91:9f:6d:58:99:59:57:2a:b4:
                    72:25:7c:16:25:04:b7:54:93:9e:6d:73:b6:15:c7:8d:
                    0f:1a:b5:8c:61:b5:16:66:45:76:06:0b:50:11:f7:40:
                    90:f7:9a:29:69:ae:7e:a9:a6:92:5f:0c:1c:13:52:24:
                    fc:5a:d8:46:00:19:bc:90:7f:1d:c5:a5:67:20:c3:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:37:e3:60:cf:bf:3d:2d:70:44:0a:ca:95:2e:5c:2c:
        97:75:ac:1f:4d:a9:da:44:43:de:ba:e5:08:d7:60:03:
        ba:f2:a0:57:50:95:db:ef:5f:8f:cf:ff:44:40:f1:f4:
        cf:61:f4:fb:4c:60:7a:81:26:26:1b:47:cd:12:1b:36:
        6b:2a:7f:ba:ad:94:4d:00:87:70:db:af:f6:a0:fa:ab:
        b2:f9:37:5a:8b:49:1c:5d:90:91:9a:98:56:67:18:46:
        7b:08:3c:1b:ff:96:db:f6:1f:18:a2:11:d6:8d:3a:ec:
        f2:52:f2:76:f5:cf:47:d9:96:4d:57:3d:ea:62:e6:30:
        f7:a0:4e:94:48:7e:f0:51:8f:2d:fc:1d:44:e6:ea:2e:
        d2:40:08:0a:52:67:af:1e:ad:a8:24:be:e1:b7:ed:17:
        fe:5e:4c:2b:ad:82:82:76:c3:87:bc:b3:8b:32:93:09:
        b4:ec:df:11:95:8b:09:64:cc:7e:16:1c:95:18:c6:6b:
        32:8b:2a:8c:fd:49:9b:75:b6:ad:98:45:85:f3:9f:fa:
        f9:76:2d:b7:ef:e0:e0:cf:d5:fb:62:f7:91:5f:9e:1e:
        56:7b:cf:3f:93:3b:d3:8e:55:e6:8f:5c:a4:c9:a1:9f:
        a7:e3:ad:e0:77:32:d9:84:ad:d7:47:d2:71:ae:6f:a8
    Fingerprint (SHA-256):
        DA:00:87:61:C0:22:5C:2B:C1:27:F3:A7:C7:DE:0A:F2:78:16:59:03:2C:4C:F3:CD:4C:CA:C2:FA:B5:CD:ED:D1
    Fingerprint (SHA1):
        FD:FC:57:50:0B:63:3E:11:46:3E:B7:F8:91:F4:09:0F:41:53:9F:46
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6473: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182713 (0x25714eb9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:28 2016
            Not After : Mon Jun 28 18:29:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:2b:57:2d:58:53:08:71:9c:30:c2:23:22:84:be:a0:
                    39:08:05:d9:d6:8b:fb:b8:1b:e2:6e:5c:9b:72:67:fa:
                    9c:e9:4a:59:8a:2f:8a:49:0d:e9:dd:4b:77:fc:88:43:
                    fc:55:49:82:3c:ad:81:4f:6a:40:c9:9a:c7:c6:de:29:
                    b6:f1:4d:bc:bc:cd:d5:10:9c:37:62:87:cd:de:a6:cb:
                    ba:18:e3:7e:e5:f1:1f:6f:c5:a4:b2:37:1e:85:84:30:
                    12:ab:23:64:33:d3:b5:74:be:eb:1d:31:ba:f2:7f:37:
                    3f:14:9e:b9:41:9a:63:63:55:db:d7:a0:62:91:30:b7:
                    ea:8b:7f:63:66:18:39:de:30:e5:ab:a2:1c:58:3b:e7:
                    54:2f:2a:79:e3:ab:36:d8:56:28:67:1e:54:c9:35:1b:
                    f3:f0:3c:b7:47:ce:1f:40:09:aa:56:93:e8:25:a6:a9:
                    e7:22:70:7b:52:ff:da:7b:57:6b:b3:2d:6c:2a:d9:cd:
                    b6:36:e3:06:a3:8e:4d:c0:1b:d5:4c:c5:40:4f:b3:0b:
                    5f:83:a3:c2:02:c8:34:ce:8a:01:84:63:54:4c:c7:60:
                    20:7d:1e:31:74:f4:65:e8:92:b2:55:37:40:b4:62:ff:
                    88:27:af:9a:68:ed:c4:b8:af:dd:ef:fa:1b:72:ad:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:64:64:5a:ec:25:0e:28:81:0c:07:05:c6:8c:6e:4a:
        3c:d5:18:5b:9f:a0:bc:be:a2:cd:fc:30:d5:c6:ee:02:
        b5:35:9d:5e:34:1f:ae:3c:c1:24:ff:43:cd:01:ca:13:
        a1:33:b2:ad:29:a2:97:b0:91:e9:0c:f8:b6:4a:1c:d9:
        8b:8e:7f:c3:9f:04:35:30:dc:50:e9:43:ea:e9:aa:84:
        51:33:07:be:75:f7:be:85:35:57:67:ad:28:48:2c:0c:
        06:b6:b2:2e:8d:3e:fd:75:a0:7b:9c:9a:84:90:aa:e4:
        24:5e:ec:3a:62:20:5b:52:7c:f3:90:ef:74:e9:4f:17:
        ca:b6:4b:6c:2c:45:f6:ae:16:d8:6a:e4:4e:e3:18:ad:
        b9:d6:b0:38:a9:48:09:f4:ce:68:70:9f:2c:2c:eb:7a:
        a8:b8:cf:66:16:5a:ba:66:b7:e8:9a:0b:47:bd:80:cc:
        51:26:b0:23:71:c6:f6:0e:da:1a:51:bb:80:e7:14:48:
        7f:2e:e6:51:a4:21:8c:3b:9a:67:9f:af:8a:00:f6:77:
        fc:9b:2c:8d:9e:6a:43:8e:05:38:05:77:a6:ec:ad:53:
        a1:49:19:92:4b:ba:24:2b:8c:4b:e0:fc:b7:40:d5:36:
        ed:6d:f6:70:ad:50:fd:fc:5d:f8:51:09:45:0c:8d:ec
    Fingerprint (SHA-256):
        86:A7:60:E5:04:0C:90:C5:F4:83:22:EE:CF:2C:FA:E4:C4:C1:6E:13:64:F7:8D:E3:0E:25:4E:E1:EF:3B:A8:AC
    Fingerprint (SHA1):
        96:46:5D:6B:C8:18:99:78:5C:98:AF:EC:5A:7D:AE:5B:0D:A3:88:21
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6474: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #6475: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #6476: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #6477: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #6478: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #6479: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182713 (0x25714eb9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:28 2016
            Not After : Mon Jun 28 18:29:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:2b:57:2d:58:53:08:71:9c:30:c2:23:22:84:be:a0:
                    39:08:05:d9:d6:8b:fb:b8:1b:e2:6e:5c:9b:72:67:fa:
                    9c:e9:4a:59:8a:2f:8a:49:0d:e9:dd:4b:77:fc:88:43:
                    fc:55:49:82:3c:ad:81:4f:6a:40:c9:9a:c7:c6:de:29:
                    b6:f1:4d:bc:bc:cd:d5:10:9c:37:62:87:cd:de:a6:cb:
                    ba:18:e3:7e:e5:f1:1f:6f:c5:a4:b2:37:1e:85:84:30:
                    12:ab:23:64:33:d3:b5:74:be:eb:1d:31:ba:f2:7f:37:
                    3f:14:9e:b9:41:9a:63:63:55:db:d7:a0:62:91:30:b7:
                    ea:8b:7f:63:66:18:39:de:30:e5:ab:a2:1c:58:3b:e7:
                    54:2f:2a:79:e3:ab:36:d8:56:28:67:1e:54:c9:35:1b:
                    f3:f0:3c:b7:47:ce:1f:40:09:aa:56:93:e8:25:a6:a9:
                    e7:22:70:7b:52:ff:da:7b:57:6b:b3:2d:6c:2a:d9:cd:
                    b6:36:e3:06:a3:8e:4d:c0:1b:d5:4c:c5:40:4f:b3:0b:
                    5f:83:a3:c2:02:c8:34:ce:8a:01:84:63:54:4c:c7:60:
                    20:7d:1e:31:74:f4:65:e8:92:b2:55:37:40:b4:62:ff:
                    88:27:af:9a:68:ed:c4:b8:af:dd:ef:fa:1b:72:ad:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:64:64:5a:ec:25:0e:28:81:0c:07:05:c6:8c:6e:4a:
        3c:d5:18:5b:9f:a0:bc:be:a2:cd:fc:30:d5:c6:ee:02:
        b5:35:9d:5e:34:1f:ae:3c:c1:24:ff:43:cd:01:ca:13:
        a1:33:b2:ad:29:a2:97:b0:91:e9:0c:f8:b6:4a:1c:d9:
        8b:8e:7f:c3:9f:04:35:30:dc:50:e9:43:ea:e9:aa:84:
        51:33:07:be:75:f7:be:85:35:57:67:ad:28:48:2c:0c:
        06:b6:b2:2e:8d:3e:fd:75:a0:7b:9c:9a:84:90:aa:e4:
        24:5e:ec:3a:62:20:5b:52:7c:f3:90:ef:74:e9:4f:17:
        ca:b6:4b:6c:2c:45:f6:ae:16:d8:6a:e4:4e:e3:18:ad:
        b9:d6:b0:38:a9:48:09:f4:ce:68:70:9f:2c:2c:eb:7a:
        a8:b8:cf:66:16:5a:ba:66:b7:e8:9a:0b:47:bd:80:cc:
        51:26:b0:23:71:c6:f6:0e:da:1a:51:bb:80:e7:14:48:
        7f:2e:e6:51:a4:21:8c:3b:9a:67:9f:af:8a:00:f6:77:
        fc:9b:2c:8d:9e:6a:43:8e:05:38:05:77:a6:ec:ad:53:
        a1:49:19:92:4b:ba:24:2b:8c:4b:e0:fc:b7:40:d5:36:
        ed:6d:f6:70:ad:50:fd:fc:5d:f8:51:09:45:0c:8d:ec
    Fingerprint (SHA-256):
        86:A7:60:E5:04:0C:90:C5:F4:83:22:EE:CF:2C:FA:E4:C4:C1:6E:13:64:F7:8D:E3:0E:25:4E:E1:EF:3B:A8:AC
    Fingerprint (SHA1):
        96:46:5D:6B:C8:18:99:78:5C:98:AF:EC:5A:7D:AE:5B:0D:A3:88:21
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6480: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182713 (0x25714eb9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:28 2016
            Not After : Mon Jun 28 18:29:28 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:2b:57:2d:58:53:08:71:9c:30:c2:23:22:84:be:a0:
                    39:08:05:d9:d6:8b:fb:b8:1b:e2:6e:5c:9b:72:67:fa:
                    9c:e9:4a:59:8a:2f:8a:49:0d:e9:dd:4b:77:fc:88:43:
                    fc:55:49:82:3c:ad:81:4f:6a:40:c9:9a:c7:c6:de:29:
                    b6:f1:4d:bc:bc:cd:d5:10:9c:37:62:87:cd:de:a6:cb:
                    ba:18:e3:7e:e5:f1:1f:6f:c5:a4:b2:37:1e:85:84:30:
                    12:ab:23:64:33:d3:b5:74:be:eb:1d:31:ba:f2:7f:37:
                    3f:14:9e:b9:41:9a:63:63:55:db:d7:a0:62:91:30:b7:
                    ea:8b:7f:63:66:18:39:de:30:e5:ab:a2:1c:58:3b:e7:
                    54:2f:2a:79:e3:ab:36:d8:56:28:67:1e:54:c9:35:1b:
                    f3:f0:3c:b7:47:ce:1f:40:09:aa:56:93:e8:25:a6:a9:
                    e7:22:70:7b:52:ff:da:7b:57:6b:b3:2d:6c:2a:d9:cd:
                    b6:36:e3:06:a3:8e:4d:c0:1b:d5:4c:c5:40:4f:b3:0b:
                    5f:83:a3:c2:02:c8:34:ce:8a:01:84:63:54:4c:c7:60:
                    20:7d:1e:31:74:f4:65:e8:92:b2:55:37:40:b4:62:ff:
                    88:27:af:9a:68:ed:c4:b8:af:dd:ef:fa:1b:72:ad:1d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        02:64:64:5a:ec:25:0e:28:81:0c:07:05:c6:8c:6e:4a:
        3c:d5:18:5b:9f:a0:bc:be:a2:cd:fc:30:d5:c6:ee:02:
        b5:35:9d:5e:34:1f:ae:3c:c1:24:ff:43:cd:01:ca:13:
        a1:33:b2:ad:29:a2:97:b0:91:e9:0c:f8:b6:4a:1c:d9:
        8b:8e:7f:c3:9f:04:35:30:dc:50:e9:43:ea:e9:aa:84:
        51:33:07:be:75:f7:be:85:35:57:67:ad:28:48:2c:0c:
        06:b6:b2:2e:8d:3e:fd:75:a0:7b:9c:9a:84:90:aa:e4:
        24:5e:ec:3a:62:20:5b:52:7c:f3:90:ef:74:e9:4f:17:
        ca:b6:4b:6c:2c:45:f6:ae:16:d8:6a:e4:4e:e3:18:ad:
        b9:d6:b0:38:a9:48:09:f4:ce:68:70:9f:2c:2c:eb:7a:
        a8:b8:cf:66:16:5a:ba:66:b7:e8:9a:0b:47:bd:80:cc:
        51:26:b0:23:71:c6:f6:0e:da:1a:51:bb:80:e7:14:48:
        7f:2e:e6:51:a4:21:8c:3b:9a:67:9f:af:8a:00:f6:77:
        fc:9b:2c:8d:9e:6a:43:8e:05:38:05:77:a6:ec:ad:53:
        a1:49:19:92:4b:ba:24:2b:8c:4b:e0:fc:b7:40:d5:36:
        ed:6d:f6:70:ad:50:fd:fc:5d:f8:51:09:45:0c:8d:ec
    Fingerprint (SHA-256):
        86:A7:60:E5:04:0C:90:C5:F4:83:22:EE:CF:2C:FA:E4:C4:C1:6E:13:64:F7:8D:E3:0E:25:4E:E1:EF:3B:A8:AC
    Fingerprint (SHA1):
        96:46:5D:6B:C8:18:99:78:5C:98:AF:EC:5A:7D:AE:5B:0D:A3:88:21
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6481: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #6482: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #6483: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #6484: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #6485: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #6486: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182712 (0x25714eb8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:24 2016
            Not After : Mon Jun 28 18:29:24 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:54:e5:1b:04:ac:ad:18:b7:90:d1:d3:89:d1:b9:1b:
                    9c:8a:65:fe:ee:9f:7d:f0:35:25:35:ae:3d:d9:3f:f3:
                    bd:9b:e3:3e:be:ca:f3:dd:34:5b:64:4a:53:6b:91:65:
                    8a:ad:3c:04:3b:c3:56:23:60:b4:a0:09:c6:60:3a:f0:
                    eb:d9:5a:f6:34:d1:f9:ab:54:b3:a3:fc:4a:58:bb:71:
                    09:31:74:d1:ce:f0:4c:6f:fe:ce:74:2a:ab:a7:44:c7:
                    fa:bc:b0:50:03:47:47:d4:a3:d3:8c:aa:05:e7:92:18:
                    6a:e9:a3:e9:96:3f:1e:7f:2f:86:5c:3b:9c:fd:c5:6e:
                    2d:57:27:40:9f:26:f6:3b:0d:b9:ab:96:c6:26:b1:6f:
                    05:98:fd:00:ed:a3:91:f6:18:a4:43:51:42:04:e0:40:
                    30:c1:39:51:e2:34:ff:ce:8d:5c:2c:63:9e:f2:75:bf:
                    d4:9b:c1:60:43:33:a9:91:9f:6d:58:99:59:57:2a:b4:
                    72:25:7c:16:25:04:b7:54:93:9e:6d:73:b6:15:c7:8d:
                    0f:1a:b5:8c:61:b5:16:66:45:76:06:0b:50:11:f7:40:
                    90:f7:9a:29:69:ae:7e:a9:a6:92:5f:0c:1c:13:52:24:
                    fc:5a:d8:46:00:19:bc:90:7f:1d:c5:a5:67:20:c3:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:37:e3:60:cf:bf:3d:2d:70:44:0a:ca:95:2e:5c:2c:
        97:75:ac:1f:4d:a9:da:44:43:de:ba:e5:08:d7:60:03:
        ba:f2:a0:57:50:95:db:ef:5f:8f:cf:ff:44:40:f1:f4:
        cf:61:f4:fb:4c:60:7a:81:26:26:1b:47:cd:12:1b:36:
        6b:2a:7f:ba:ad:94:4d:00:87:70:db:af:f6:a0:fa:ab:
        b2:f9:37:5a:8b:49:1c:5d:90:91:9a:98:56:67:18:46:
        7b:08:3c:1b:ff:96:db:f6:1f:18:a2:11:d6:8d:3a:ec:
        f2:52:f2:76:f5:cf:47:d9:96:4d:57:3d:ea:62:e6:30:
        f7:a0:4e:94:48:7e:f0:51:8f:2d:fc:1d:44:e6:ea:2e:
        d2:40:08:0a:52:67:af:1e:ad:a8:24:be:e1:b7:ed:17:
        fe:5e:4c:2b:ad:82:82:76:c3:87:bc:b3:8b:32:93:09:
        b4:ec:df:11:95:8b:09:64:cc:7e:16:1c:95:18:c6:6b:
        32:8b:2a:8c:fd:49:9b:75:b6:ad:98:45:85:f3:9f:fa:
        f9:76:2d:b7:ef:e0:e0:cf:d5:fb:62:f7:91:5f:9e:1e:
        56:7b:cf:3f:93:3b:d3:8e:55:e6:8f:5c:a4:c9:a1:9f:
        a7:e3:ad:e0:77:32:d9:84:ad:d7:47:d2:71:ae:6f:a8
    Fingerprint (SHA-256):
        DA:00:87:61:C0:22:5C:2B:C1:27:F3:A7:C7:DE:0A:F2:78:16:59:03:2C:4C:F3:CD:4C:CA:C2:FA:B5:CD:ED:D1
    Fingerprint (SHA1):
        FD:FC:57:50:0B:63:3E:11:46:3E:B7:F8:91:F4:09:0F:41:53:9F:46
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6487: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182712 (0x25714eb8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:29:24 2016
            Not After : Mon Jun 28 18:29:24 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:54:e5:1b:04:ac:ad:18:b7:90:d1:d3:89:d1:b9:1b:
                    9c:8a:65:fe:ee:9f:7d:f0:35:25:35:ae:3d:d9:3f:f3:
                    bd:9b:e3:3e:be:ca:f3:dd:34:5b:64:4a:53:6b:91:65:
                    8a:ad:3c:04:3b:c3:56:23:60:b4:a0:09:c6:60:3a:f0:
                    eb:d9:5a:f6:34:d1:f9:ab:54:b3:a3:fc:4a:58:bb:71:
                    09:31:74:d1:ce:f0:4c:6f:fe:ce:74:2a:ab:a7:44:c7:
                    fa:bc:b0:50:03:47:47:d4:a3:d3:8c:aa:05:e7:92:18:
                    6a:e9:a3:e9:96:3f:1e:7f:2f:86:5c:3b:9c:fd:c5:6e:
                    2d:57:27:40:9f:26:f6:3b:0d:b9:ab:96:c6:26:b1:6f:
                    05:98:fd:00:ed:a3:91:f6:18:a4:43:51:42:04:e0:40:
                    30:c1:39:51:e2:34:ff:ce:8d:5c:2c:63:9e:f2:75:bf:
                    d4:9b:c1:60:43:33:a9:91:9f:6d:58:99:59:57:2a:b4:
                    72:25:7c:16:25:04:b7:54:93:9e:6d:73:b6:15:c7:8d:
                    0f:1a:b5:8c:61:b5:16:66:45:76:06:0b:50:11:f7:40:
                    90:f7:9a:29:69:ae:7e:a9:a6:92:5f:0c:1c:13:52:24:
                    fc:5a:d8:46:00:19:bc:90:7f:1d:c5:a5:67:20:c3:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:37:e3:60:cf:bf:3d:2d:70:44:0a:ca:95:2e:5c:2c:
        97:75:ac:1f:4d:a9:da:44:43:de:ba:e5:08:d7:60:03:
        ba:f2:a0:57:50:95:db:ef:5f:8f:cf:ff:44:40:f1:f4:
        cf:61:f4:fb:4c:60:7a:81:26:26:1b:47:cd:12:1b:36:
        6b:2a:7f:ba:ad:94:4d:00:87:70:db:af:f6:a0:fa:ab:
        b2:f9:37:5a:8b:49:1c:5d:90:91:9a:98:56:67:18:46:
        7b:08:3c:1b:ff:96:db:f6:1f:18:a2:11:d6:8d:3a:ec:
        f2:52:f2:76:f5:cf:47:d9:96:4d:57:3d:ea:62:e6:30:
        f7:a0:4e:94:48:7e:f0:51:8f:2d:fc:1d:44:e6:ea:2e:
        d2:40:08:0a:52:67:af:1e:ad:a8:24:be:e1:b7:ed:17:
        fe:5e:4c:2b:ad:82:82:76:c3:87:bc:b3:8b:32:93:09:
        b4:ec:df:11:95:8b:09:64:cc:7e:16:1c:95:18:c6:6b:
        32:8b:2a:8c:fd:49:9b:75:b6:ad:98:45:85:f3:9f:fa:
        f9:76:2d:b7:ef:e0:e0:cf:d5:fb:62:f7:91:5f:9e:1e:
        56:7b:cf:3f:93:3b:d3:8e:55:e6:8f:5c:a4:c9:a1:9f:
        a7:e3:ad:e0:77:32:d9:84:ad:d7:47:d2:71:ae:6f:a8
    Fingerprint (SHA-256):
        DA:00:87:61:C0:22:5C:2B:C1:27:F3:A7:C7:DE:0A:F2:78:16:59:03:2C:4C:F3:CD:4C:CA:C2:FA:B5:CD:ED:D1
    Fingerprint (SHA1):
        FD:FC:57:50:0B:63:3E:11:46:3E:B7:F8:91:F4:09:0F:41:53:9F:46
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6488: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #6489: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182717 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6490: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #6491: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #6492: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182718 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6493: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #6494: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #6495: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182719 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6496: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #6497: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #6498: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182720 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6499: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #6500: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #6501: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182721 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6502: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #6503: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #6504: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182722 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6505: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #6506: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #6507: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182723 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6508: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #6509: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #6510: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182724 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6511: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #6512: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #6513: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182725 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6514: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #6515: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #6516: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6517: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628182726 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6518: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6519: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628182727 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6520: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6521: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628182728 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6522: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6523: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #6524: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #6525: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6526: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628182729 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6527: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6528: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628182730 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6529: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6530: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628182731 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6531: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6532: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #6533: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #6534: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6535: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628182732 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6536: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6537: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628182733 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6538: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6539: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628182734 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6540: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6541: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #6542: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #6543: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6544: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628182735 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6545: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6546: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628182736 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6547: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6548: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628182737 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6549: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6550: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #6551: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6552: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6553: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628182738   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6554: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6555: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #6556: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6557: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182739   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6558: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6559: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182717 (0x25714ebd)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:01 2016
            Not After : Mon Jun 28 18:30:01 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:25:73:e5:23:80:94:7f:7e:73:73:77:08:ef:3c:25:
                    d2:ac:46:48:91:37:01:57:f7:61:39:19:99:ce:70:d1:
                    cb:e4:85:57:66:bf:52:2c:99:4e:da:21:9a:77:1a:e1:
                    b1:6c:d6:10:51:d4:25:8c:d3:76:e8:e8:b8:04:f3:b8:
                    29:b9:1c:f9:39:8a:91:fd:06:bb:50:5d:cc:83:d5:75:
                    54:4f:d0:28:2a:61:a7:7e:c0:42:53:d0:ee:b2:0f:cc:
                    20:6b:c6:de:23:20:0a:d7:e6:f7:14:3c:99:d8:9c:2a:
                    a1:ed:52:4d:28:ab:c5:58:2e:cd:02:33:f7:d9:c2:7f:
                    ac:a3:ed:b4:01:d2:91:7d:d8:08:b7:7a:d2:93:ac:53:
                    d8:86:15:44:0a:39:ac:21:0c:a0:24:6e:b9:7e:63:81:
                    c7:c6:c1:5a:8a:92:f6:7b:fb:dd:f7:e5:f4:79:87:e4:
                    f4:43:a2:ae:88:83:68:8c:17:02:f0:7d:ab:e9:d7:2f:
                    3d:93:c1:ac:79:08:80:d0:c6:4e:9f:64:2b:d1:b9:0c:
                    24:cd:f8:f5:65:cb:18:b2:99:ab:58:da:29:eb:3a:19:
                    29:09:56:4f:b7:73:dc:2b:b5:7f:bd:bf:42:22:69:7f:
                    23:86:ef:17:99:7c:27:71:44:c9:c7:21:a4:e7:7e:cd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7e:cc:fd:ee:c2:7c:1c:44:cc:c6:1d:e4:52:9b:72:77:
        2e:0e:4a:0e:5a:ec:5a:e3:9f:43:07:22:55:9e:61:d5:
        44:30:0c:29:35:c3:a0:b4:eb:63:45:33:02:36:7c:5d:
        1e:a0:b6:1a:6a:7c:46:1b:79:80:58:b3:f6:26:6b:e1:
        3c:4c:d1:9c:ce:60:5a:fb:bf:0e:54:41:e8:fa:9a:f6:
        d9:38:7c:13:05:81:73:7a:c3:a9:a2:eb:ea:b3:be:44:
        05:86:3d:14:75:7d:0e:fd:57:ad:21:21:b2:15:4c:1f:
        fd:72:28:56:ce:1e:01:0a:38:92:a6:25:a8:8c:dd:46:
        f7:99:31:14:67:61:89:db:f8:09:be:c6:ff:c6:9b:5d:
        91:55:9c:f7:03:eb:23:fe:09:6d:93:dc:68:02:e3:5c:
        27:52:10:66:3a:13:20:20:5c:0b:01:48:3e:51:1b:71:
        6f:96:b6:b0:2c:96:6a:f4:c6:30:53:de:68:b9:ed:92:
        64:10:2b:6f:90:e5:49:74:f9:ad:c2:c3:2d:8b:3f:5c:
        62:b9:ba:5f:d8:d7:63:48:55:24:a9:81:d1:fe:7f:90:
        0d:2f:a4:2c:15:38:c7:61:fa:29:16:9a:a5:e4:f3:ab:
        cb:d0:1a:08:ca:34:82:b8:86:03:bd:d2:13:0a:97:85
    Fingerprint (SHA-256):
        BE:A7:6A:55:8B:87:EB:DB:1D:94:DC:23:A6:9E:27:7A:71:1E:B0:EB:D8:7B:2A:09:B5:B3:CF:32:E7:97:BB:5A
    Fingerprint (SHA1):
        FF:1C:CE:A2:3C:2B:C7:91:F7:45:BE:C7:C7:6F:F7:16:DF:73:D8:8F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #6560: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182718 (0x25714ebe)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:09 2016
            Not After : Mon Jun 28 18:30:09 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cc:dc:46:ca:f0:7c:1a:e5:b6:46:b8:51:ee:1f:ab:99:
                    f5:d1:41:67:8c:51:f7:d8:52:61:60:6f:1d:bc:a1:9d:
                    1b:b9:b6:95:d3:52:45:90:75:b7:a5:47:2c:0c:1f:1f:
                    8d:32:ac:0a:9c:4b:a1:39:1d:d2:73:1a:cd:51:e9:8a:
                    25:9b:3c:aa:cf:81:e4:b4:b1:05:83:2f:a1:6d:61:ba:
                    a5:56:04:b4:8c:4e:df:c3:bc:54:5c:2a:a4:6a:bb:6b:
                    c5:0e:c5:ab:f6:af:4f:09:24:88:30:ed:fe:6e:9f:13:
                    37:80:a7:16:84:35:93:fe:93:93:af:f8:e4:67:b0:59:
                    98:4c:90:8a:3d:d6:ea:8f:77:d8:18:e0:17:1d:e2:93:
                    75:d7:57:a9:60:43:89:e1:43:61:c5:d9:21:73:b9:70:
                    74:42:50:d2:d8:f5:29:28:20:ba:bb:64:07:ec:9d:e3:
                    cb:95:47:53:e0:ed:dc:ac:06:ac:5b:aa:f3:b4:b6:74:
                    57:18:ac:31:01:04:67:13:86:92:c6:6a:aa:c5:29:65:
                    05:c7:08:08:cf:ab:02:1e:7c:0f:ff:5e:8a:f2:73:61:
                    f4:10:9f:c0:2a:f1:54:d8:37:49:a2:2e:fb:d1:17:fb:
                    03:c7:be:bf:f9:bd:1c:32:47:f5:db:e0:4c:9d:57:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9a:a9:b4:58:1a:a3:23:b1:aa:8e:7a:b7:20:30:83:0f:
        65:88:a5:0c:8b:39:8d:88:7f:e8:5f:c5:03:e9:6a:59:
        30:59:d7:ee:62:ea:40:c2:04:3a:f4:17:93:39:c3:b4:
        93:32:7c:12:00:52:c4:f8:af:83:6b:87:30:99:b2:3f:
        a6:eb:a0:8f:69:67:4f:89:57:b0:64:4c:8c:f1:86:e3:
        aa:cc:e2:f2:9b:69:e4:63:d5:05:cb:31:11:89:2b:4e:
        4f:f2:eb:30:a2:84:e1:6f:5f:a4:37:02:38:64:1f:a2:
        7e:54:78:75:5d:e7:2a:5d:fb:03:66:2f:12:b4:aa:61:
        bb:77:34:82:71:9d:4c:06:b0:95:f9:f2:e3:41:c8:ce:
        9b:b3:8f:b6:52:10:1b:d5:86:ed:41:70:f2:96:04:e1:
        d5:3a:14:7f:7b:12:f4:4d:16:26:fc:e2:eb:81:21:c6:
        3e:bc:ea:77:98:c2:0f:ff:3a:fa:06:00:7f:f9:6c:fc:
        3e:11:c7:55:31:5c:86:6c:b6:d7:94:6b:fe:8f:60:53:
        b7:d1:f7:0e:76:6c:88:dd:49:b5:de:16:4b:92:f2:33:
        7e:14:79:6b:95:9d:e0:81:b1:57:08:38:a8:24:1c:5d:
        4b:ca:d4:1a:ba:e7:7a:ab:96:49:4b:0a:4e:07:69:21
    Fingerprint (SHA-256):
        8B:BA:6F:91:B6:CF:A1:4E:C3:77:26:4A:C0:1B:5B:9F:E6:5D:9B:CA:46:DA:E3:DB:7F:9D:37:1C:A7:19:3A:F8
    Fingerprint (SHA1):
        97:7F:32:C8:55:25:26:9C:0A:79:8A:C8:56:7E:E0:1B:E3:AF:86:80
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #6561: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182719 (0x25714ebf)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:13 2016
            Not After : Mon Jun 28 18:30:13 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3a:4e:87:4d:26:51:25:39:83:fa:11:bb:c3:27:4b:
                    88:7c:6c:7e:a1:43:52:6d:d0:ce:8e:e5:0e:3e:b3:7d:
                    02:54:dd:fa:56:6f:42:3b:59:44:f5:63:b1:a7:08:61:
                    61:57:ce:6f:da:02:51:f0:ed:6e:6d:fb:c1:31:21:3d:
                    93:57:05:c9:f7:79:64:8e:44:e2:99:a1:36:61:72:49:
                    f1:1e:14:6c:e8:28:ba:ea:3e:df:28:9a:20:70:40:49:
                    3b:3a:63:34:25:4e:a6:c1:81:cb:a9:3c:a4:d9:fd:30:
                    0c:c5:45:c2:dc:b4:24:31:dd:26:3f:ac:5a:0b:3e:26:
                    70:c0:6f:77:31:40:72:72:a3:d2:e1:01:48:4d:b1:b5:
                    9b:6e:2d:b2:bb:eb:a1:3d:0d:81:f3:c2:e5:d5:5b:02:
                    e5:9a:da:d6:b1:96:0c:57:57:16:f8:5e:d9:6c:8a:14:
                    72:85:71:ea:90:2b:0d:95:18:73:b0:d9:81:0e:70:f8:
                    84:df:c4:c7:9b:89:12:db:a5:29:c1:66:9b:82:7b:76:
                    01:66:7f:ac:e3:04:a4:bb:7a:97:ec:fa:b2:d9:2b:cb:
                    02:87:56:a1:82:65:32:56:35:ce:44:6b:8c:f6:09:c5:
                    65:dd:3b:a5:3e:d9:90:37:12:f1:1f:ae:f9:68:14:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:04:f0:67:7d:c4:ee:4d:fc:e8:1e:8b:f4:47:f7:1c:
        aa:88:74:2d:c5:c7:b6:53:ab:72:38:98:8d:11:12:af:
        45:57:34:c6:57:76:27:97:25:b3:0b:54:63:7d:51:28:
        21:6c:63:5a:6e:35:11:89:50:4f:ef:c4:a9:3d:7e:94:
        b2:ce:ba:a1:77:81:55:a5:dd:cb:9f:0f:9b:29:c3:15:
        b6:72:81:35:4c:e4:6a:0f:07:a6:dc:8f:fa:dd:20:81:
        af:c1:f9:b7:3d:02:c3:59:55:9c:43:db:db:68:9a:2b:
        b2:43:3f:22:18:53:c5:e8:e9:26:a5:e4:3f:79:43:d9:
        8c:aa:7b:2a:9b:91:0d:37:dd:0d:a3:fa:37:30:d7:25:
        d5:fe:61:b5:6a:a5:c5:85:9c:78:29:48:cb:6c:96:92:
        62:2e:44:71:f0:8b:4d:a1:17:39:3e:2f:f3:eb:9f:8c:
        68:06:fb:9d:05:f8:c6:58:85:ee:26:79:3e:dd:48:ee:
        3b:e2:da:71:dc:1c:c2:e3:8a:99:b6:1c:d4:95:1a:be:
        ca:08:38:95:7b:21:0d:e7:dc:11:95:34:59:4f:85:ec:
        d9:dc:bf:1d:3a:58:f9:4d:43:fa:06:c4:61:59:21:20:
        d7:d2:ff:eb:d5:f0:e6:b0:f7:3a:30:1d:40:e3:85:54
    Fingerprint (SHA-256):
        D0:8F:87:B4:D7:57:18:1A:84:9A:A9:3F:E1:68:10:F3:7C:AA:16:2A:33:9A:19:28:78:AD:50:A1:CC:0E:C8:61
    Fingerprint (SHA1):
        A7:F3:1E:2C:A3:E4:CF:4C:B8:4D:D0:8B:BF:EF:35:4C:B1:DC:45:72
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #6562: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182720 (0x25714ec0)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:19 2016
            Not After : Mon Jun 28 18:30:19 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:cf:9b:bc:35:2d:50:94:80:6c:06:5f:83:77:81:cf:
                    59:7e:8c:9c:7e:c3:df:23:6b:81:97:64:73:6c:41:00:
                    9e:4b:93:c2:46:e9:39:01:8c:3a:3c:8e:69:b3:12:67:
                    bd:00:27:1f:29:16:1a:6a:00:a9:a3:b4:b7:68:a2:91:
                    e0:71:1e:ea:11:a4:1f:3c:ce:4f:b0:d2:db:5f:1e:18:
                    28:20:4b:c5:89:3b:b6:d4:0c:54:19:44:42:eb:6b:3f:
                    8e:30:c4:73:3b:eb:4b:02:19:c9:36:c5:67:25:ed:df:
                    e6:55:59:5c:c8:f1:42:55:83:67:e4:bc:66:88:a1:d1:
                    d2:d9:f9:51:9f:55:7b:2f:bd:ff:37:d4:60:4f:a7:e5:
                    a8:a3:4e:be:72:65:81:f4:50:5f:66:b0:96:ac:95:3d:
                    af:81:ee:ca:bf:42:63:3b:c9:46:c4:1c:be:6c:a3:2e:
                    3e:d3:45:77:3e:fb:da:e7:ad:48:b2:cf:f7:11:e3:f1:
                    9e:65:d6:4b:d5:47:e7:42:64:e5:b2:a6:63:da:c6:b3:
                    44:e3:77:8d:0e:c2:23:3d:1e:83:0a:2d:4c:0b:39:36:
                    4d:6e:b1:e6:d0:9b:a4:13:51:87:74:e3:e7:73:a9:04:
                    86:dc:97:7b:12:d3:3e:e0:f1:c9:30:ff:10:c6:c4:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ab:ae:4b:0c:5c:a3:84:ec:cc:a3:51:03:04:26:34:9a:
        06:d6:fe:23:0f:fd:df:cb:6d:24:0f:ff:77:10:2b:8d:
        94:0b:6d:db:3f:cb:c1:52:95:3d:bb:fc:c4:fe:0e:05:
        65:4d:bc:13:7a:42:c8:90:a9:81:23:cd:dd:4e:bb:e3:
        52:57:41:9d:45:ed:df:50:6f:e7:68:e9:cb:8c:bd:ea:
        06:5e:76:97:e3:b5:1c:86:78:99:bb:cf:13:3d:be:e7:
        d8:3a:4e:b6:74:73:3c:8d:12:a1:0c:08:e0:68:b4:69:
        09:a0:c2:8b:29:7b:01:f9:3a:00:28:00:10:5e:8f:0a:
        f3:56:48:e9:53:a1:fb:83:c5:5a:15:0c:d0:e2:c5:39:
        08:9d:02:df:00:ec:2b:83:15:02:e9:dc:51:56:c5:ee:
        b4:44:41:a8:e6:95:d0:c4:83:68:c7:bb:63:25:0c:da:
        f2:7c:8b:cd:0e:d5:63:19:ea:95:09:3f:69:32:2b:b7:
        e5:5d:ae:2c:f0:f6:fa:ab:fa:5f:d3:c5:1e:46:00:94:
        22:c4:58:29:d5:ed:7a:5c:20:87:60:f9:6f:d1:52:96:
        d6:2b:07:da:6a:9e:26:f6:07:fe:38:f5:f3:c3:f4:38:
        b2:de:e5:2f:0d:59:1d:f8:7b:26:80:63:24:1e:f0:ec
    Fingerprint (SHA-256):
        D9:DA:D8:B4:57:2B:A2:99:65:23:85:9A:54:50:9B:8D:C4:32:3C:4F:EF:51:D2:EA:2D:D1:2B:48:1E:97:A8:A9
    Fingerprint (SHA1):
        A0:FF:79:91:E8:6A:21:D9:1A:61:4E:7A:AF:B3:7C:73:75:19:C9:0F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #6563: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182721 (0x25714ec1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:27 2016
            Not After : Mon Jun 28 18:30:27 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:a2:3c:ba:e1:32:66:50:69:11:39:84:92:cd:d2:ce:
                    0e:9e:ce:7d:54:55:c6:fa:40:46:74:6a:cd:9e:ff:76:
                    91:f7:6d:cf:70:8b:c8:ee:e1:50:16:44:09:52:49:18:
                    1b:bf:10:8a:9d:1d:88:4d:c0:d2:cf:36:b8:a3:7a:bd:
                    46:60:8a:67:70:11:58:ae:76:76:45:17:ac:4e:a9:a1:
                    29:27:e8:11:ac:83:e6:3e:92:2d:3f:6c:44:6b:c9:74:
                    5b:b0:a0:fc:5f:64:ed:73:7b:7b:28:ce:5d:af:c8:2e:
                    bd:b4:70:6b:91:93:d2:5a:64:3d:53:d1:de:3c:9b:ac:
                    2b:d4:4a:e5:d8:0e:fb:47:fb:81:50:7f:03:46:74:0e:
                    56:b9:55:93:c8:1e:22:ba:1d:f0:10:8c:d6:07:df:a7:
                    e2:a5:27:d1:08:99:e7:26:f1:22:2b:d3:41:d8:a8:16:
                    97:ff:bf:ef:5a:83:01:16:04:de:d6:48:ea:26:4e:27:
                    71:9b:e0:fd:b6:d6:23:7e:f6:2f:4c:17:6e:14:b3:2b:
                    d7:f5:15:c4:72:77:57:15:a0:99:95:1c:49:ac:8d:7c:
                    16:15:95:0c:9b:6a:af:3a:7f:5f:96:d8:5a:69:56:95:
                    6b:2a:76:88:a3:66:78:15:00:53:bf:26:78:f1:e6:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6b:d3:d1:f1:da:8c:d3:6c:c6:df:72:56:a3:22:fb:55:
        b5:b4:f0:ab:29:a0:07:14:08:51:67:88:d6:3d:98:23:
        6a:c8:e6:96:1f:66:30:6a:dd:29:68:02:4e:82:6b:20:
        b0:73:9c:82:1d:37:a9:23:73:d9:48:2e:27:a7:24:0a:
        33:7e:44:d1:59:14:22:ef:94:9f:29:99:38:f0:cb:ee:
        53:87:01:cf:07:9b:45:64:54:b2:fe:6d:33:4e:a9:a2:
        54:30:d2:9c:a5:c5:02:80:1b:0f:93:58:6d:d1:d3:5b:
        e4:ec:b5:f1:f7:6c:f6:0f:c4:71:7b:92:a2:ed:8d:cb:
        1e:91:28:2f:4b:a4:53:4c:02:43:e4:a3:0b:89:c1:b3:
        0b:c2:cd:c3:42:ec:e8:77:91:fd:45:ca:de:43:de:15:
        dc:08:1c:9e:ed:be:6c:88:ae:df:04:a5:00:fe:76:74:
        fe:62:26:95:7c:07:37:87:25:33:9f:eb:19:48:2b:f6:
        c3:38:93:1b:5a:df:30:fe:cf:98:39:a3:c9:9f:11:d8:
        4c:1f:a9:b2:d0:c6:67:39:28:28:30:41:d2:51:59:a4:
        bf:51:c9:cc:e4:39:0f:bc:09:88:c8:c9:cf:dd:f6:9a:
        b4:69:ce:43:fd:bd:6f:e0:84:68:13:f1:d4:0e:47:a3
    Fingerprint (SHA-256):
        ED:E7:89:4D:6C:93:F9:D6:71:51:FD:66:85:E6:C2:53:A6:E4:62:53:23:A8:37:59:C2:95:75:21:CC:7B:E3:B5
    Fingerprint (SHA1):
        1B:81:4E:DA:FD:5F:DA:45:A1:08:FA:82:B6:59:7A:C1:76:07:4D:F3
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #6564: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182722 (0x25714ec2)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:36 2016
            Not After : Mon Jun 28 18:30:36 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    de:e0:1e:37:73:53:72:da:c0:96:04:fe:f4:2a:ad:25:
                    d8:8b:74:20:f2:08:36:15:bd:e0:69:20:84:f2:e4:a4:
                    cb:e0:ba:a1:35:3b:07:a8:da:f3:4c:0f:06:1e:d4:06:
                    b2:99:e5:b3:26:8d:12:58:ea:9f:e5:f8:69:98:20:c0:
                    99:af:7d:86:91:50:8a:00:f2:5b:92:a6:f7:30:2f:ed:
                    f8:e2:10:56:01:9b:3d:ed:61:d7:00:d8:7c:c7:e7:33:
                    49:c7:30:92:b5:b8:bc:bc:6b:e5:69:4b:d2:a6:d5:f2:
                    6a:14:3e:0d:e2:34:97:38:f4:41:3b:a8:c2:59:4d:5d:
                    cb:df:28:03:2d:0d:91:27:3b:52:cc:6f:cf:a9:dd:26:
                    b0:a8:e7:de:98:db:23:5e:af:07:9e:5b:b8:94:e4:25:
                    f6:15:19:14:b4:ec:37:30:52:0f:29:89:cd:06:b1:76:
                    08:69:17:9b:5c:5b:21:37:ed:07:61:9c:e7:d0:58:ac:
                    b4:38:b9:b7:af:63:bb:10:e0:57:4f:70:c4:db:df:00:
                    70:a5:f5:88:fc:be:96:d4:40:01:86:b8:5c:77:33:07:
                    d5:2a:86:5b:e3:80:66:51:2a:63:da:79:c1:ea:e7:dd:
                    f4:b7:f4:36:38:19:14:c1:37:65:6a:9b:1d:06:82:3b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        53:89:ac:65:60:03:2c:04:d1:24:68:87:7b:b9:d3:2a:
        5b:62:f6:0c:81:85:36:76:b9:c2:25:21:16:80:af:64:
        2b:66:01:23:2b:6e:77:b2:b1:61:31:df:f4:ad:40:39:
        25:41:c4:c7:a6:44:e3:7a:0c:59:1c:c7:ba:98:64:7f:
        37:9f:f6:a3:95:6b:11:fc:24:7d:71:b6:b2:e5:49:3d:
        8c:27:cb:3b:0c:6a:34:ef:a2:19:e2:84:f4:a4:a0:0c:
        a6:dc:0d:67:f4:42:0e:1c:c4:23:01:33:08:ab:1e:2e:
        0e:da:72:9f:64:43:63:3e:7c:d0:2c:fd:36:c6:57:92:
        05:79:f6:59:a7:f6:fc:ee:5d:6b:d7:79:42:ca:4e:0a:
        83:55:25:07:e7:dc:10:95:e1:0c:23:7e:72:c3:0b:0c:
        62:d7:c4:3f:5c:8b:ca:de:5d:0d:08:f9:59:07:19:13:
        4a:f9:dc:e3:86:48:3d:ce:7e:9a:e4:50:43:b8:ca:ed:
        42:00:78:e7:df:94:b4:25:a1:78:c5:28:ad:d0:19:96:
        7e:86:c0:6f:9d:a7:71:6e:3f:57:fc:16:83:09:4b:64:
        70:60:29:db:14:ff:5a:f1:02:d7:f2:46:45:05:1c:cc:
        1b:44:d0:9d:d2:2d:51:dd:bd:96:e3:aa:a7:ec:8a:49
    Fingerprint (SHA-256):
        EF:BF:70:7A:93:CD:81:16:E1:AB:2B:A5:B5:00:E2:79:9A:3B:CA:E3:9D:7F:FB:6E:65:9C:B2:C2:5F:04:BD:1D
    Fingerprint (SHA1):
        D3:D7:B7:4C:95:B5:91:21:25:32:4E:2C:8A:29:41:7A:45:06:FE:97
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #6565: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182723 (0x25714ec3)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:39 2016
            Not After : Mon Jun 28 18:30:39 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b2:fb:4b:ba:2c:bf:f8:ca:0e:bd:40:59:bb:22:17:17:
                    21:60:25:84:61:fb:75:55:dd:b8:13:9c:f0:77:2a:08:
                    86:7e:0b:40:1d:68:c4:5a:55:02:07:31:78:e7:0f:68:
                    e8:68:f9:8a:38:35:0e:f7:c7:30:84:e1:0c:ca:0e:27:
                    41:06:d9:65:1f:4c:f8:30:ba:e8:39:b6:a2:4a:95:49:
                    c8:7c:bc:ee:ed:79:b0:98:24:10:7e:2d:ab:e1:bb:5e:
                    ec:05:d7:b9:2c:cc:a9:c8:10:a0:18:f8:76:73:e7:20:
                    98:c1:d7:d2:7e:a7:c8:bb:83:fd:2c:09:02:7f:07:14:
                    c6:bf:d7:0a:8d:b0:62:17:a5:5c:97:98:d4:78:e2:a7:
                    ed:4b:5a:0b:88:04:af:30:de:4b:86:81:32:09:1d:44:
                    ee:d2:6a:20:4e:98:b1:a1:bb:ec:a5:8a:bf:f7:5a:b2:
                    a2:df:75:e7:b2:59:4c:e9:34:c9:f9:1b:e4:70:93:ba:
                    75:fa:52:a0:35:72:83:ed:0b:a1:fe:43:4d:2d:70:c4:
                    d5:d4:b8:cb:40:a9:55:85:0b:38:56:8f:3d:91:b1:cd:
                    94:ef:f4:42:24:c4:83:cb:8b:4c:80:ba:e2:c7:4d:8c:
                    b2:bb:1e:83:db:f3:1a:06:33:80:01:d0:c3:f5:be:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ac:a7:c0:d6:7c:34:16:f2:a2:e7:dc:67:4b:81:d0:fc:
        45:b1:aa:24:ab:bd:bd:42:62:f6:eb:cd:6f:95:e5:53:
        e0:c7:dc:e8:1a:de:6c:3e:4e:e0:75:e4:14:9d:4b:19:
        d4:d0:f6:a8:91:f7:54:40:49:1e:fb:56:e3:f4:37:df:
        d0:1a:60:f0:9d:48:f3:88:f5:aa:91:eb:1e:16:9f:4d:
        66:f3:03:0b:d7:6f:74:9d:55:04:1b:81:0b:14:26:3a:
        97:a2:b8:39:91:34:68:5b:e2:c5:56:3e:bf:d4:15:31:
        3f:ac:e5:a4:96:ff:fa:85:70:18:44:7c:a4:da:cb:57:
        1f:26:43:1e:33:81:11:b3:1f:97:68:ae:6c:1a:b7:d6:
        58:e3:b3:40:55:19:07:b8:a2:7f:7b:f1:11:d2:41:b6:
        04:15:d2:82:c4:51:45:df:bb:52:47:4d:1e:4f:ec:3d:
        43:3c:c1:f7:8f:dc:f9:ed:a0:07:a2:fb:0d:59:01:c3:
        5e:92:ef:c6:5d:3c:47:74:7a:74:0e:0c:54:4a:0f:c4:
        a2:25:51:b9:55:aa:48:3b:00:ab:85:3a:b3:6b:f4:58:
        b3:cc:71:5e:35:7c:21:cc:68:35:2f:26:76:f4:8b:7f:
        7f:6f:9e:40:26:0e:2c:80:21:3c:08:72:e9:34:b6:e4
    Fingerprint (SHA-256):
        24:81:EE:BF:CE:FE:A5:D8:FE:18:9C:DA:45:54:E0:18:51:1A:EF:04:DA:66:19:58:1B:CD:0B:67:DF:F9:53:DF
    Fingerprint (SHA1):
        92:C5:C4:BA:2D:FB:74:45:BD:8E:6C:68:31:AC:22:0B:E7:69:07:31
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #6566: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182724 (0x25714ec4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:43 2016
            Not After : Mon Jun 28 18:30:43 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a1:6f:47:2a:b8:61:eb:31:5e:6d:60:c5:38:a7:86:56:
                    2d:47:42:04:15:b1:58:68:0b:c3:5c:d8:8f:3e:26:99:
                    e7:e3:f1:c8:1b:35:bd:1f:e9:8c:a3:00:11:51:a5:a3:
                    94:69:15:e2:2b:d1:8a:5b:cd:3b:83:7b:cd:88:11:fa:
                    2a:d3:a8:d1:45:dc:1f:4d:29:c4:b4:63:08:d9:37:2d:
                    9b:22:c9:9e:76:03:f3:22:e4:ad:20:33:e7:6d:ef:45:
                    62:92:5c:f7:d4:73:d5:59:b5:23:fe:bf:72:00:41:ea:
                    8a:9d:19:b8:c4:63:70:88:81:02:69:7f:2a:6b:8d:52:
                    38:94:20:3f:bf:f9:ae:b7:3e:e6:e8:9c:f8:7c:1b:34:
                    e1:1b:3d:e4:94:8f:19:a9:55:74:2d:9c:94:63:40:be:
                    ed:28:26:2a:d4:1f:7d:28:3f:e9:07:5b:5d:e5:c9:08:
                    5d:2e:9b:b7:63:a0:4d:20:08:9a:ed:90:78:a8:14:d4:
                    c5:1e:99:3b:24:11:f4:3c:f7:ba:54:a8:79:c6:cd:cc:
                    0c:d1:77:cc:6d:1e:28:68:61:95:65:c1:da:1a:50:33:
                    b7:87:d6:f0:1c:4a:10:a6:3e:5f:60:0f:54:9c:61:fc:
                    72:39:55:2e:3c:c8:e7:57:dc:4c:50:33:0b:d1:1f:7d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7b:2a:e9:1d:85:7a:23:dc:ee:9c:b1:ab:33:6f:2a:ac:
        93:68:3a:86:9a:f7:1c:67:c1:86:1b:53:a6:35:cf:6f:
        9e:63:f9:03:68:68:63:6b:f4:76:09:86:99:5a:79:ce:
        1a:6b:7b:ca:f9:64:31:f2:b1:ec:ea:2b:5a:42:8d:fd:
        d4:0f:35:c7:bb:87:57:38:62:93:9c:19:9f:98:fd:c0:
        6b:30:19:d5:aa:06:2f:df:83:97:7e:9e:79:7b:74:cb:
        97:5b:cd:2c:21:1f:4c:38:bd:8a:19:73:83:a2:0c:de:
        0d:bb:0b:32:10:c4:57:b3:b0:3a:f9:12:95:5b:d7:2e:
        11:54:4d:35:a4:74:81:83:90:e7:af:63:ea:d7:17:98:
        dd:cb:be:15:40:bc:65:b5:5b:6d:8e:ec:43:82:5e:65:
        b1:c5:25:22:e1:49:0a:93:d7:e1:a5:61:bd:17:91:09:
        c2:7a:25:6b:a5:81:fa:65:0c:36:2c:9b:fb:08:64:e1:
        b3:03:f8:4b:e6:3a:29:db:b9:e6:a1:90:9d:4e:8a:71:
        c2:02:5b:48:3c:33:4a:0e:ac:77:99:b9:16:d3:a2:60:
        53:b3:72:d0:38:fb:79:bb:f9:3e:b5:22:d0:72:cc:dd:
        60:89:57:a1:71:c2:5a:23:9f:ae:cc:04:f5:76:65:dc
    Fingerprint (SHA-256):
        EC:B7:5B:59:9F:A0:32:1C:17:9D:AE:2F:4B:2D:62:F3:60:9C:8F:A2:C9:74:48:09:BD:D5:BF:D5:2C:1E:18:CA
    Fingerprint (SHA1):
        10:52:80:69:09:CB:DF:B1:91:7F:8B:2B:44:50:5D:C0:CD:A2:6A:1C
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #6567: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182725 (0x25714ec5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 18:30:45 2016
            Not After : Mon Jun 28 18:30:45 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ce:ee:27:d2:a8:89:d2:ea:c3:f5:48:72:4f:cc:97:69:
                    de:30:19:e1:0f:ad:61:a6:4d:b1:b2:df:b6:bc:74:ce:
                    ef:38:f7:47:f9:1c:fb:cb:ee:2d:93:65:eb:07:86:31:
                    7c:17:5b:35:f7:21:92:95:ee:2a:c6:84:08:f7:9c:3e:
                    b0:e4:3e:b3:76:c8:03:cc:0f:1b:cd:4c:4b:f6:4b:2a:
                    61:71:c6:33:4c:5b:87:cd:20:f4:be:e8:5f:4b:ce:0c:
                    d9:c5:fb:f3:f4:a5:c4:7f:4f:62:41:98:0f:b8:f6:da:
                    5d:ae:16:47:d4:ea:ea:20:be:cc:c1:4b:9a:eb:77:f8:
                    ad:13:e8:28:3b:cf:43:d8:f6:de:a3:5c:32:ed:c4:b4:
                    52:2b:43:0e:b4:f4:72:6c:ba:c5:4d:d8:66:4f:2c:d9:
                    22:66:44:ca:52:ff:9d:9b:5d:26:23:c1:db:34:b6:57:
                    7f:d1:04:54:16:c3:02:6e:2e:68:ca:5b:ee:94:a1:41:
                    7f:d8:c7:28:3b:32:66:60:25:6e:8e:61:9e:df:cd:41:
                    aa:36:99:67:56:74:44:52:c7:2a:b7:ba:6b:5b:fa:d5:
                    26:b3:77:e8:71:06:31:da:7b:f6:9f:74:75:b1:d5:85:
                    72:50:86:68:5f:f6:f3:bb:13:22:49:7c:a3:36:80:3f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        77:21:1d:a3:2e:ad:69:64:7a:9c:1d:6d:a9:c8:bb:40:
        a7:1b:3c:ff:b5:10:a1:43:e2:b4:77:2b:54:88:72:e0:
        5b:27:b4:82:b0:9b:6c:81:49:62:5c:e4:96:a3:22:67:
        90:55:e0:9b:64:1f:15:25:96:d5:d1:24:f5:32:4f:d0:
        5b:73:8b:ce:be:d2:f2:6b:1a:82:a3:da:a9:28:4a:ef:
        ce:c5:a5:56:d2:e2:aa:86:1f:67:d5:a0:58:b8:ce:76:
        e5:1a:76:16:f2:06:a3:4e:aa:85:cc:43:17:99:1d:8f:
        db:0f:16:c7:e3:df:d4:aa:e5:a0:3f:9c:9e:84:9c:1a:
        e5:fe:30:29:8e:40:30:2a:98:30:5e:d2:33:ca:34:0d:
        b1:59:34:22:45:17:95:3e:6b:cb:43:4b:08:de:be:04:
        f0:b5:ad:af:cb:23:34:13:bf:02:5a:a8:8c:1a:18:e7:
        8f:2b:29:50:07:9d:2e:91:35:25:2d:65:12:d8:f2:7c:
        7f:05:57:4e:45:7b:74:dd:aa:4c:18:73:41:87:40:49:
        61:78:cb:5a:ff:57:45:63:8f:9c:63:1f:1f:48:f6:58:
        07:6c:23:7c:00:fe:c1:65:bf:3b:53:ed:f0:7f:f7:dc:
        aa:e0:5c:b3:eb:64:84:e9:6d:83:f3:e2:a5:fb:48:ef
    Fingerprint (SHA-256):
        E2:5D:63:C2:20:75:36:28:81:5F:00:81:6F:40:78:C9:6A:86:CB:8D:3A:6B:1C:99:B1:86:97:BC:DB:14:75:D9
    Fingerprint (SHA1):
        44:5C:9E:22:C5:9C:BD:80:26:4D:DC:3E:B2:1D:09:10:AE:69:98:F9
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #6568: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6569: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182740 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6570: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6571: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6572: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6573: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182741   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6574: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6575: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6576: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6577: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182742   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6578: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6579: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #6580: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6581: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182743   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6582: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6583: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6584: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182740 (0x25714ed4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:40 2016
            Not After : Mon Jun 28 18:31:40 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:89:b8:87:85:10:81:56:84:8f:58:f2:4c:88:dd:e0:
                    2d:03:04:e2:b9:65:83:35:46:65:b5:0b:d7:de:75:78:
                    3e:55:ee:f2:86:bc:df:50:27:78:c0:d9:91:1a:c5:59:
                    79:11:4f:c1:11:d1:e5:d1:e1:e0:3f:0b:8d:c1:4d:7f:
                    26:2d:e2:bc:36:0b:03:f3:70:67:a2:db:2d:97:74:be:
                    f7:84:a7:f5:c3:f6:14:08:b9:79:8f:40:db:4b:21:3d:
                    eb:8b:a6:fc:01:83:43:d3:0b:21:9c:92:6e:89:3c:d1:
                    a9:11:83:16:ce:1b:b3:63:99:cd:f4:c0:28:76:b5:ba:
                    95:21:ce:55:f0:4b:a8:10:f7:22:9b:0e:1a:9b:16:b6:
                    87:64:9d:c3:96:0c:a1:c2:9f:bd:79:e9:64:52:5a:60:
                    38:3f:e2:d1:df:23:08:7f:d1:de:ec:20:7f:79:9c:f7:
                    f2:4d:ab:77:de:2e:78:96:09:f3:f1:13:51:39:88:12:
                    d7:dd:db:8c:10:ba:1f:05:58:21:9e:13:49:4e:d5:d3:
                    8c:2b:23:0b:bb:dd:b6:d8:ca:10:e6:ed:84:ba:c5:b7:
                    9a:ae:cf:89:34:13:69:dc:a0:49:b5:1a:8a:59:1d:31:
                    77:18:cd:cb:fd:b6:57:b4:51:c3:f1:6c:df:49:99:a1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:0e:bc:19:b6:7d:c1:7c:d5:a8:16:73:8b:b7:9a:86:
        c6:ae:80:d2:9a:e4:90:cd:2c:1f:39:1d:5f:9d:6d:2b:
        a2:40:cd:2c:79:5d:94:80:e1:86:71:bc:a5:b5:01:bf:
        87:1a:a9:4b:c4:56:2f:9a:90:62:04:fa:ad:d0:0a:99:
        bf:94:ca:5a:de:bf:69:95:12:08:d0:c4:e4:d1:b7:ca:
        81:d7:5a:73:08:6a:e6:bf:b1:4b:a6:05:f7:00:c2:0c:
        46:de:e6:7e:eb:c2:69:27:fa:fa:e7:26:14:e8:46:45:
        05:ed:a9:0d:f2:78:22:27:ec:ca:a9:60:75:ad:f5:5f:
        bd:e4:1b:27:c5:b9:bf:13:67:e8:69:28:75:0c:e2:36:
        74:00:51:48:0f:6f:d7:d2:a8:a0:69:f8:df:77:72:ab:
        2b:75:6d:6c:83:a2:5a:74:3f:fe:f7:c0:33:0a:45:0b:
        60:60:f2:96:cb:04:4f:62:e3:0b:20:c3:d4:f4:93:40:
        37:92:a3:00:7a:83:12:d9:42:f4:20:cd:07:94:f9:4b:
        43:03:fb:bf:bd:74:5d:24:14:21:06:b2:f9:40:f9:0b:
        ac:38:2c:ae:8a:e5:f5:38:40:8f:13:2c:45:b5:16:27:
        85:43:7e:87:c8:b2:f8:61:06:58:3f:83:50:86:de:9d
    Fingerprint (SHA-256):
        B2:92:27:FB:56:2D:74:68:5C:25:47:71:22:28:BD:D2:16:05:C2:71:A7:70:AB:25:7D:F2:63:3B:75:66:90:4F
    Fingerprint (SHA1):
        39:1B:C8:1F:F2:E1:6E:50:F3:0F:26:3A:B9:44:12:43:64:FD:1E:A7
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6585: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6586: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182741 (0x25714ed5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:48 2016
            Not After : Mon Jun 28 18:31:48 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:6b:50:c0:70:94:29:0e:b1:79:e5:86:36:b8:cf:98:
                    a0:a2:65:a5:3f:de:4f:62:a3:38:32:ea:67:3b:9f:82:
                    56:7f:c1:39:18:e3:e9:97:8d:24:a1:16:af:c3:95:7a:
                    41:05:2d:28:03:26:91:8a:82:e3:fd:98:b8:ce:4e:b1:
                    dd:03:05:08:69:ad:d0:45:22:79:5b:7b:44:ef:eb:59:
                    e2:dd:94:97:a9:30:b7:ff:5e:78:bf:2c:c8:db:4f:a2:
                    21:72:89:c0:b0:f7:14:9a:20:09:de:04:e2:a3:6e:bc:
                    c8:86:83:f0:ad:11:5b:a4:06:8a:9f:47:0e:fd:5c:01:
                    03:0f:c4:06:6b:ea:8b:e4:cd:85:a2:82:fe:ac:8a:bb:
                    e5:b6:15:f0:c2:80:27:80:f5:ee:d5:aa:f1:44:59:9a:
                    81:62:e2:45:78:b3:c7:ac:29:00:d4:6f:7e:dd:99:e8:
                    9e:0f:a4:63:3d:09:46:6c:87:b7:e9:5f:1e:b5:6f:24:
                    57:fa:99:a0:ac:c1:3c:52:58:e3:21:d8:5e:f3:67:8b:
                    05:30:69:7c:8c:8c:b6:77:65:8b:e8:35:57:d1:62:e2:
                    af:9a:b2:69:02:4d:56:82:96:97:d9:c0:66:ce:3d:8d:
                    56:ad:0b:e7:a5:d0:ad:fa:b0:b1:5f:34:74:fb:61:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        62:03:fe:73:a6:08:a1:fc:06:33:f7:19:85:ac:4c:83:
        c7:6c:d9:3c:16:ed:f9:3c:91:58:3e:86:14:38:e6:1f:
        5d:d4:cd:49:9a:3c:a2:bc:5d:d5:f7:aa:e1:c4:2e:90:
        be:85:a8:c5:b8:aa:c9:81:ee:3c:45:29:3c:8a:ec:17:
        95:1d:b8:b8:c8:f7:14:99:d0:49:4d:dc:50:4c:a8:2a:
        82:57:38:ae:1b:ab:ed:e3:53:ad:60:11:67:d0:b9:4e:
        21:e3:04:58:be:c9:f3:3e:08:10:21:ed:43:d2:62:61:
        d0:d4:0c:0c:b8:1d:56:94:cc:63:53:ad:87:fe:98:58:
        62:79:c7:25:de:12:02:ca:df:75:c7:ac:ce:e0:10:2f:
        44:18:7a:2e:94:5d:b5:ac:84:20:2d:35:84:45:76:29:
        ce:c6:cb:e6:2a:9c:99:74:ac:98:05:ac:2f:36:01:38:
        79:b5:3d:9f:74:a7:36:81:8e:9a:31:6f:2e:6b:c9:f6:
        92:73:7c:62:82:db:68:72:15:2d:aa:e6:f6:dc:f4:ac:
        91:a3:7f:6e:a4:f8:c7:ab:8b:02:01:a0:bd:0f:9f:7d:
        1a:b5:20:b7:72:55:75:2a:fe:e8:80:21:75:88:3a:27:
        d2:80:ae:2b:96:5a:b7:64:80:1c:7e:1d:cf:d7:fa:b8
    Fingerprint (SHA-256):
        FB:78:11:AC:62:D5:E7:3F:9E:F9:EB:8B:BC:AD:49:9B:A3:5F:0E:FA:17:98:DF:B4:48:89:90:82:EC:57:51:B1
    Fingerprint (SHA1):
        8C:D4:D5:28:38:8A:57:87:97:9D:02:52:AB:BC:51:80:60:92:09:68
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6587: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6588: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182742 (0x25714ed6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:56 2016
            Not After : Mon Jun 28 18:31:56 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:af:0c:26:ab:fb:cc:43:1b:e1:1e:3a:a1:42:e3:8e:
                    07:55:3b:59:3c:4c:e4:59:26:77:b3:e5:43:1e:95:f1:
                    e8:e4:87:1c:19:f0:e1:c8:ce:47:13:6b:9e:cb:95:19:
                    02:cc:72:29:f2:e3:6c:c1:f6:aa:10:33:92:6a:eb:bf:
                    0a:d8:d8:9c:ea:9f:e0:47:86:89:91:07:a9:74:86:49:
                    5a:2d:51:b2:73:d7:ae:36:d8:76:1d:b1:46:c4:75:90:
                    95:01:76:76:ba:45:5f:db:9c:1e:79:a1:1f:d2:e2:b9:
                    03:1b:f7:a0:1b:2f:a5:ad:f6:75:bc:e3:d0:4c:5c:04:
                    c3:b1:d1:6b:95:0b:e1:ab:bf:4f:33:c5:ba:ae:e4:76:
                    93:68:cd:bf:ef:c0:73:fb:70:1d:28:28:39:f1:3d:5e:
                    f9:fc:6a:63:3f:9d:44:a1:6c:f8:a3:5b:a9:54:2d:16:
                    be:83:f2:d3:ca:98:10:a2:04:35:aa:ab:39:30:1d:77:
                    bc:9f:9d:87:2e:94:1e:e0:d9:dd:3b:25:c5:6d:92:1f:
                    44:46:a7:cc:f6:59:f7:9c:9a:c7:13:71:bb:44:e5:6f:
                    85:49:73:28:56:24:fe:49:26:89:78:ef:76:aa:dc:5e:
                    69:4e:ef:9b:51:19:f7:e5:f9:67:7a:ab:a5:ed:e5:e7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:fe:7e:76:25:38:34:ff:c2:40:52:49:99:03:23:c1:
        a9:c8:59:bf:c6:ca:32:d7:cd:11:95:a3:d5:bc:b9:9c:
        46:65:35:9f:49:8a:ea:00:89:5c:f8:7d:8d:0d:4b:8b:
        63:6b:ac:56:5b:b5:17:42:b6:30:8b:23:f2:cf:a8:c2:
        fd:af:e7:52:3e:27:51:71:70:ef:59:83:fb:38:a7:c7:
        d8:0f:f2:b5:5d:c5:1a:c7:74:f4:f9:41:a4:93:0e:b7:
        70:20:0f:b9:85:6e:01:cd:0e:9b:01:8e:b8:80:11:f9:
        40:24:f4:c4:76:b4:a8:72:2b:2e:9e:81:18:a0:16:e0:
        9c:2c:46:08:a6:39:1a:9b:a3:90:ac:dd:8d:ca:ef:0f:
        41:ef:d5:22:be:8c:da:dd:0d:b3:28:f3:c0:73:6f:e2:
        3f:3d:db:5c:89:b8:a9:72:da:70:f6:62:a3:a1:07:55:
        eb:64:44:d7:d0:ca:6c:1d:76:49:02:08:d9:b2:42:9a:
        94:24:a9:10:f7:7f:4f:16:8b:c8:89:52:cc:32:97:8a:
        a0:79:45:b5:7b:b7:22:14:9e:d2:99:43:cf:82:f1:9c:
        24:5a:4d:0b:c9:2b:f6:80:e1:44:3d:d2:f0:e2:45:76:
        be:02:8d:91:5f:3c:0e:49:d7:d8:65:c4:08:e4:7f:4e
    Fingerprint (SHA-256):
        21:A5:3A:61:20:7E:FD:62:11:DB:2A:90:32:6E:DC:61:7C:5E:4D:C6:8C:4B:F7:3F:12:C2:7F:04:D6:8D:E1:0D
    Fingerprint (SHA1):
        5F:61:B9:62:0F:DA:4F:D5:4A:BE:6F:F6:C9:5B:4F:4F:FA:EA:17:B4
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #6589: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6590: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #6591: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #6592: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #6593: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182740 (0x25714ed4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:40 2016
            Not After : Mon Jun 28 18:31:40 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:89:b8:87:85:10:81:56:84:8f:58:f2:4c:88:dd:e0:
                    2d:03:04:e2:b9:65:83:35:46:65:b5:0b:d7:de:75:78:
                    3e:55:ee:f2:86:bc:df:50:27:78:c0:d9:91:1a:c5:59:
                    79:11:4f:c1:11:d1:e5:d1:e1:e0:3f:0b:8d:c1:4d:7f:
                    26:2d:e2:bc:36:0b:03:f3:70:67:a2:db:2d:97:74:be:
                    f7:84:a7:f5:c3:f6:14:08:b9:79:8f:40:db:4b:21:3d:
                    eb:8b:a6:fc:01:83:43:d3:0b:21:9c:92:6e:89:3c:d1:
                    a9:11:83:16:ce:1b:b3:63:99:cd:f4:c0:28:76:b5:ba:
                    95:21:ce:55:f0:4b:a8:10:f7:22:9b:0e:1a:9b:16:b6:
                    87:64:9d:c3:96:0c:a1:c2:9f:bd:79:e9:64:52:5a:60:
                    38:3f:e2:d1:df:23:08:7f:d1:de:ec:20:7f:79:9c:f7:
                    f2:4d:ab:77:de:2e:78:96:09:f3:f1:13:51:39:88:12:
                    d7:dd:db:8c:10:ba:1f:05:58:21:9e:13:49:4e:d5:d3:
                    8c:2b:23:0b:bb:dd:b6:d8:ca:10:e6:ed:84:ba:c5:b7:
                    9a:ae:cf:89:34:13:69:dc:a0:49:b5:1a:8a:59:1d:31:
                    77:18:cd:cb:fd:b6:57:b4:51:c3:f1:6c:df:49:99:a1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:0e:bc:19:b6:7d:c1:7c:d5:a8:16:73:8b:b7:9a:86:
        c6:ae:80:d2:9a:e4:90:cd:2c:1f:39:1d:5f:9d:6d:2b:
        a2:40:cd:2c:79:5d:94:80:e1:86:71:bc:a5:b5:01:bf:
        87:1a:a9:4b:c4:56:2f:9a:90:62:04:fa:ad:d0:0a:99:
        bf:94:ca:5a:de:bf:69:95:12:08:d0:c4:e4:d1:b7:ca:
        81:d7:5a:73:08:6a:e6:bf:b1:4b:a6:05:f7:00:c2:0c:
        46:de:e6:7e:eb:c2:69:27:fa:fa:e7:26:14:e8:46:45:
        05:ed:a9:0d:f2:78:22:27:ec:ca:a9:60:75:ad:f5:5f:
        bd:e4:1b:27:c5:b9:bf:13:67:e8:69:28:75:0c:e2:36:
        74:00:51:48:0f:6f:d7:d2:a8:a0:69:f8:df:77:72:ab:
        2b:75:6d:6c:83:a2:5a:74:3f:fe:f7:c0:33:0a:45:0b:
        60:60:f2:96:cb:04:4f:62:e3:0b:20:c3:d4:f4:93:40:
        37:92:a3:00:7a:83:12:d9:42:f4:20:cd:07:94:f9:4b:
        43:03:fb:bf:bd:74:5d:24:14:21:06:b2:f9:40:f9:0b:
        ac:38:2c:ae:8a:e5:f5:38:40:8f:13:2c:45:b5:16:27:
        85:43:7e:87:c8:b2:f8:61:06:58:3f:83:50:86:de:9d
    Fingerprint (SHA-256):
        B2:92:27:FB:56:2D:74:68:5C:25:47:71:22:28:BD:D2:16:05:C2:71:A7:70:AB:25:7D:F2:63:3B:75:66:90:4F
    Fingerprint (SHA1):
        39:1B:C8:1F:F2:E1:6E:50:F3:0F:26:3A:B9:44:12:43:64:FD:1E:A7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6594: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6595: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182741 (0x25714ed5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:48 2016
            Not After : Mon Jun 28 18:31:48 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:6b:50:c0:70:94:29:0e:b1:79:e5:86:36:b8:cf:98:
                    a0:a2:65:a5:3f:de:4f:62:a3:38:32:ea:67:3b:9f:82:
                    56:7f:c1:39:18:e3:e9:97:8d:24:a1:16:af:c3:95:7a:
                    41:05:2d:28:03:26:91:8a:82:e3:fd:98:b8:ce:4e:b1:
                    dd:03:05:08:69:ad:d0:45:22:79:5b:7b:44:ef:eb:59:
                    e2:dd:94:97:a9:30:b7:ff:5e:78:bf:2c:c8:db:4f:a2:
                    21:72:89:c0:b0:f7:14:9a:20:09:de:04:e2:a3:6e:bc:
                    c8:86:83:f0:ad:11:5b:a4:06:8a:9f:47:0e:fd:5c:01:
                    03:0f:c4:06:6b:ea:8b:e4:cd:85:a2:82:fe:ac:8a:bb:
                    e5:b6:15:f0:c2:80:27:80:f5:ee:d5:aa:f1:44:59:9a:
                    81:62:e2:45:78:b3:c7:ac:29:00:d4:6f:7e:dd:99:e8:
                    9e:0f:a4:63:3d:09:46:6c:87:b7:e9:5f:1e:b5:6f:24:
                    57:fa:99:a0:ac:c1:3c:52:58:e3:21:d8:5e:f3:67:8b:
                    05:30:69:7c:8c:8c:b6:77:65:8b:e8:35:57:d1:62:e2:
                    af:9a:b2:69:02:4d:56:82:96:97:d9:c0:66:ce:3d:8d:
                    56:ad:0b:e7:a5:d0:ad:fa:b0:b1:5f:34:74:fb:61:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        62:03:fe:73:a6:08:a1:fc:06:33:f7:19:85:ac:4c:83:
        c7:6c:d9:3c:16:ed:f9:3c:91:58:3e:86:14:38:e6:1f:
        5d:d4:cd:49:9a:3c:a2:bc:5d:d5:f7:aa:e1:c4:2e:90:
        be:85:a8:c5:b8:aa:c9:81:ee:3c:45:29:3c:8a:ec:17:
        95:1d:b8:b8:c8:f7:14:99:d0:49:4d:dc:50:4c:a8:2a:
        82:57:38:ae:1b:ab:ed:e3:53:ad:60:11:67:d0:b9:4e:
        21:e3:04:58:be:c9:f3:3e:08:10:21:ed:43:d2:62:61:
        d0:d4:0c:0c:b8:1d:56:94:cc:63:53:ad:87:fe:98:58:
        62:79:c7:25:de:12:02:ca:df:75:c7:ac:ce:e0:10:2f:
        44:18:7a:2e:94:5d:b5:ac:84:20:2d:35:84:45:76:29:
        ce:c6:cb:e6:2a:9c:99:74:ac:98:05:ac:2f:36:01:38:
        79:b5:3d:9f:74:a7:36:81:8e:9a:31:6f:2e:6b:c9:f6:
        92:73:7c:62:82:db:68:72:15:2d:aa:e6:f6:dc:f4:ac:
        91:a3:7f:6e:a4:f8:c7:ab:8b:02:01:a0:bd:0f:9f:7d:
        1a:b5:20:b7:72:55:75:2a:fe:e8:80:21:75:88:3a:27:
        d2:80:ae:2b:96:5a:b7:64:80:1c:7e:1d:cf:d7:fa:b8
    Fingerprint (SHA-256):
        FB:78:11:AC:62:D5:E7:3F:9E:F9:EB:8B:BC:AD:49:9B:A3:5F:0E:FA:17:98:DF:B4:48:89:90:82:EC:57:51:B1
    Fingerprint (SHA1):
        8C:D4:D5:28:38:8A:57:87:97:9D:02:52:AB:BC:51:80:60:92:09:68
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6596: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6597: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182742 (0x25714ed6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:31:56 2016
            Not After : Mon Jun 28 18:31:56 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:af:0c:26:ab:fb:cc:43:1b:e1:1e:3a:a1:42:e3:8e:
                    07:55:3b:59:3c:4c:e4:59:26:77:b3:e5:43:1e:95:f1:
                    e8:e4:87:1c:19:f0:e1:c8:ce:47:13:6b:9e:cb:95:19:
                    02:cc:72:29:f2:e3:6c:c1:f6:aa:10:33:92:6a:eb:bf:
                    0a:d8:d8:9c:ea:9f:e0:47:86:89:91:07:a9:74:86:49:
                    5a:2d:51:b2:73:d7:ae:36:d8:76:1d:b1:46:c4:75:90:
                    95:01:76:76:ba:45:5f:db:9c:1e:79:a1:1f:d2:e2:b9:
                    03:1b:f7:a0:1b:2f:a5:ad:f6:75:bc:e3:d0:4c:5c:04:
                    c3:b1:d1:6b:95:0b:e1:ab:bf:4f:33:c5:ba:ae:e4:76:
                    93:68:cd:bf:ef:c0:73:fb:70:1d:28:28:39:f1:3d:5e:
                    f9:fc:6a:63:3f:9d:44:a1:6c:f8:a3:5b:a9:54:2d:16:
                    be:83:f2:d3:ca:98:10:a2:04:35:aa:ab:39:30:1d:77:
                    bc:9f:9d:87:2e:94:1e:e0:d9:dd:3b:25:c5:6d:92:1f:
                    44:46:a7:cc:f6:59:f7:9c:9a:c7:13:71:bb:44:e5:6f:
                    85:49:73:28:56:24:fe:49:26:89:78:ef:76:aa:dc:5e:
                    69:4e:ef:9b:51:19:f7:e5:f9:67:7a:ab:a5:ed:e5:e7
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:fe:7e:76:25:38:34:ff:c2:40:52:49:99:03:23:c1:
        a9:c8:59:bf:c6:ca:32:d7:cd:11:95:a3:d5:bc:b9:9c:
        46:65:35:9f:49:8a:ea:00:89:5c:f8:7d:8d:0d:4b:8b:
        63:6b:ac:56:5b:b5:17:42:b6:30:8b:23:f2:cf:a8:c2:
        fd:af:e7:52:3e:27:51:71:70:ef:59:83:fb:38:a7:c7:
        d8:0f:f2:b5:5d:c5:1a:c7:74:f4:f9:41:a4:93:0e:b7:
        70:20:0f:b9:85:6e:01:cd:0e:9b:01:8e:b8:80:11:f9:
        40:24:f4:c4:76:b4:a8:72:2b:2e:9e:81:18:a0:16:e0:
        9c:2c:46:08:a6:39:1a:9b:a3:90:ac:dd:8d:ca:ef:0f:
        41:ef:d5:22:be:8c:da:dd:0d:b3:28:f3:c0:73:6f:e2:
        3f:3d:db:5c:89:b8:a9:72:da:70:f6:62:a3:a1:07:55:
        eb:64:44:d7:d0:ca:6c:1d:76:49:02:08:d9:b2:42:9a:
        94:24:a9:10:f7:7f:4f:16:8b:c8:89:52:cc:32:97:8a:
        a0:79:45:b5:7b:b7:22:14:9e:d2:99:43:cf:82:f1:9c:
        24:5a:4d:0b:c9:2b:f6:80:e1:44:3d:d2:f0:e2:45:76:
        be:02:8d:91:5f:3c:0e:49:d7:d8:65:c4:08:e4:7f:4e
    Fingerprint (SHA-256):
        21:A5:3A:61:20:7E:FD:62:11:DB:2A:90:32:6E:DC:61:7C:5E:4D:C6:8C:4B:F7:3F:12:C2:7F:04:D6:8D:E1:0D
    Fingerprint (SHA1):
        5F:61:B9:62:0F:DA:4F:D5:4A:BE:6F:F6:C9:5B:4F:4F:FA:EA:17:B4
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #6598: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6599: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6600: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182744 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6601: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6602: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6603: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6604: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182745   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6605: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6606: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6607: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6608: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182746   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6609: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6610: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #6611: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6612: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628182747   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6613: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6614: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #6615: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6616: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628182748   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6617: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6618: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6619: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182744 (0x25714ed8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:17 2016
            Not After : Mon Jun 28 18:32:17 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:8a:6b:d6:82:99:a9:03:e3:bb:87:54:3a:51:06:ad:
                    06:80:f7:c0:68:f0:c4:64:d5:a0:93:ad:60:66:0d:29:
                    05:a4:29:e9:33:96:05:4e:4d:7f:4e:59:f7:b8:10:c0:
                    2b:2d:8c:2b:00:23:8e:57:e3:9b:30:73:d3:63:4f:d9:
                    b1:25:e2:c3:74:30:29:40:d0:12:01:60:23:46:eb:c1:
                    7c:b1:51:3a:39:e9:ca:8a:02:d7:29:4d:a1:ce:4c:ea:
                    48:79:4e:e7:59:b3:02:1e:6a:3e:c0:31:b7:de:8d:8d:
                    f0:fe:d3:0c:f9:b4:ce:d8:ed:ef:cb:f9:d8:17:95:a3:
                    68:af:4e:6a:c3:41:dc:ed:1d:96:d4:6a:9e:8d:9a:36:
                    d0:3b:18:8f:42:72:9a:06:31:bf:46:22:27:54:9a:8c:
                    4d:4f:02:db:a3:8c:17:4a:d9:c7:a2:d6:cb:ef:60:d3:
                    a9:c0:df:fc:8c:6c:d9:4e:75:09:17:7a:e3:4c:6e:00:
                    aa:f3:41:69:8a:5b:7f:ba:8f:29:97:0d:d5:ca:20:84:
                    3e:3b:b9:73:b6:f5:da:cb:06:c8:56:bd:73:39:bf:85:
                    8b:b2:62:ea:ee:34:35:ce:be:db:3a:46:d6:cc:33:2f:
                    90:1a:b4:75:de:cf:42:57:a2:15:01:ff:85:b4:a3:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:75:a9:77:13:90:33:d4:6b:73:44:09:af:ae:61:71:
        29:03:6a:90:11:21:fb:43:d6:96:b6:6a:9b:73:ea:db:
        44:27:c0:54:7c:06:dd:45:20:58:bd:9c:30:60:da:1f:
        9f:9f:25:14:f7:66:93:5e:d4:b8:d5:19:63:7e:f8:cd:
        7c:37:34:50:45:cd:10:0b:bd:29:50:67:46:5f:d9:90:
        f9:c5:99:ae:08:19:b5:04:67:59:71:28:89:6a:85:d1:
        97:59:b2:51:5a:8a:63:96:0f:6e:f0:dc:a8:ca:eb:81:
        82:ec:d6:83:c0:7e:1b:60:aa:89:da:b4:3f:da:74:f1:
        23:5f:59:99:7b:f8:6e:ae:6a:89:e1:84:6a:ed:6f:b6:
        1b:85:19:da:d4:e8:1f:e3:a4:9d:21:52:6a:7c:db:43:
        f1:fd:f8:4f:ee:c7:a2:a4:a5:e3:a9:be:72:e8:ea:ec:
        ae:c2:42:01:9d:c4:a2:65:13:7d:d3:1c:cd:59:f0:d7:
        a1:4e:08:9f:9d:7e:67:08:e0:05:67:3c:b1:36:68:fa:
        26:da:18:ab:20:21:8a:5f:b3:e5:18:39:71:6f:c7:f5:
        f8:3f:ec:fa:ac:07:6f:b7:d4:0f:d0:a7:55:c3:d0:d5:
        cc:1c:46:0b:6e:1c:82:83:c4:9f:73:ac:e3:41:48:43
    Fingerprint (SHA-256):
        D0:06:38:8B:CF:CB:82:01:1E:19:27:17:C6:83:C6:90:CF:0F:91:B0:FC:01:5F:E5:E1:EF:87:7B:E0:69:95:8C
    Fingerprint (SHA1):
        76:0A:5B:04:93:1D:38:FE:D5:73:10:76:46:8B:7B:C7:3D:D9:80:62
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6620: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6621: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182745 (0x25714ed9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:26 2016
            Not After : Mon Jun 28 18:32:26 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:a5:3e:14:62:15:63:d6:4f:2b:a6:08:49:72:4e:b0:
                    c9:dc:05:03:f2:14:8c:4c:f0:d4:3a:ac:bd:7e:65:ac:
                    b6:bb:89:cf:02:2a:58:81:3b:82:92:6e:5b:49:16:d4:
                    bd:1c:27:84:de:6e:b4:b9:19:4d:3b:c0:34:b1:36:91:
                    96:97:50:c0:c6:ab:68:c2:0a:4a:12:7e:c9:13:9d:a6:
                    2e:46:1d:1e:78:f7:53:ed:80:bc:af:5a:26:46:77:46:
                    12:2f:1b:a6:61:c7:ff:65:96:ce:00:bd:7b:47:48:18:
                    bb:f2:d5:8f:bb:4a:a1:70:0c:3a:81:c9:59:94:75:ff:
                    ee:5b:63:45:24:f5:fe:5f:bb:69:52:e4:1e:65:e4:4c:
                    93:83:44:9f:ba:e8:25:e0:c9:fd:b9:d7:39:71:57:f2:
                    00:e4:2a:86:e1:e0:72:27:46:ab:cb:52:78:08:06:34:
                    7a:e4:c4:5f:ee:aa:74:9a:a3:fe:37:3c:70:06:aa:0f:
                    76:5c:2b:76:19:9b:b6:11:86:9d:c2:3e:28:b7:53:7c:
                    99:ab:6d:c8:c9:25:1e:b5:54:fe:73:0c:a0:5a:ae:4d:
                    d0:a0:5e:b5:65:6d:1e:f9:b4:4b:1c:c6:26:0c:04:d6:
                    fd:35:de:3d:b2:a2:d1:17:57:17:0f:33:0a:e5:4b:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        cb:55:28:f1:d4:d7:8f:c6:98:4c:ad:12:ef:0c:fc:14:
        b7:4d:8f:42:cb:9e:98:37:60:81:1c:03:0d:88:00:03:
        07:ba:f1:39:11:9a:69:db:e4:60:f5:21:73:8e:99:0f:
        a1:cb:c5:0a:cc:f7:4f:c6:d7:6a:44:7d:4d:7d:72:ad:
        da:31:63:29:2a:aa:ef:86:42:d7:c4:6a:f4:88:36:cb:
        ff:eb:8a:a4:46:e2:8e:df:98:f0:a8:73:db:e3:f1:c3:
        49:06:c8:91:2d:5a:54:90:bc:11:49:69:53:67:19:4d:
        94:63:7f:93:92:31:ca:9a:1c:29:da:68:bb:dc:6e:92:
        1a:e3:1a:96:ec:04:80:a5:9d:58:14:54:4a:8b:72:9a:
        42:37:18:ff:ea:2a:2d:97:da:eb:fc:7b:35:b2:de:d2:
        ec:f9:01:65:04:e3:0d:c3:32:23:29:93:62:50:47:23:
        76:08:47:9f:36:ae:10:4d:d3:0c:28:1a:86:4a:40:d5:
        ba:20:d2:d1:14:cd:99:f6:21:88:a1:ba:b0:5c:03:a4:
        66:3c:8a:78:90:80:25:46:a0:da:14:7b:51:d4:ec:6a:
        7d:fc:94:28:4d:90:f7:68:d6:5e:b5:12:92:2e:2c:f4:
        80:8d:9a:70:64:bf:da:3d:34:e4:6d:58:e9:44:1c:d8
    Fingerprint (SHA-256):
        AE:73:37:F9:8D:06:65:E1:3B:05:45:09:12:B6:5F:70:B2:F0:58:28:C4:3A:3B:56:8D:59:07:71:BE:9B:CA:B8
    Fingerprint (SHA1):
        A9:0F:C2:5C:15:46:E8:38:2A:4C:A5:32:E5:45:56:CC:62:35:47:93
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6622: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6623: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182746 (0x25714eda)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:35 2016
            Not After : Mon Jun 28 18:32:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:91:00:e6:03:64:6f:67:a0:b0:9a:1b:da:3d:16:35:
                    34:e3:d1:d4:30:40:2d:b6:80:31:30:c6:11:e2:e2:1a:
                    b8:2d:26:69:fb:2c:4f:47:15:4f:ff:a3:9c:7f:0a:02:
                    d1:ed:f0:2a:2a:0a:36:be:65:61:43:17:99:f9:45:2f:
                    bd:2d:2d:44:a4:5e:2a:74:f6:e2:7a:89:ae:53:7d:e8:
                    85:f4:cc:ef:ee:74:36:ee:8e:81:d0:53:76:f9:39:97:
                    c8:d1:8c:da:2d:cf:5c:db:14:76:08:19:db:4e:83:8e:
                    1e:da:b9:57:26:83:14:0a:a3:50:c3:6c:36:aa:86:88:
                    2b:f5:94:35:d6:22:5b:b5:14:0f:96:cf:6a:fe:c2:a1:
                    cf:53:5d:ec:d1:3a:3d:a1:eb:54:1c:8d:6e:b3:64:da:
                    50:2b:23:65:35:18:1e:6c:a2:b5:5f:4b:8f:e2:bf:fd:
                    a2:89:da:8d:5f:65:79:3a:02:31:d2:fe:aa:95:19:47:
                    0f:57:ed:5a:40:3e:2a:79:93:f6:b0:cd:43:94:ab:75:
                    db:cb:70:57:7a:0a:a9:2d:23:1c:4f:80:72:ef:da:8e:
                    a1:8d:e7:63:71:31:ca:2d:cd:40:b1:82:27:95:12:55:
                    3e:37:57:55:50:0c:b7:eb:0a:f8:a6:f8:a3:e6:79:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:81:18:2b:ff:d8:a6:8a:06:8b:0c:7b:12:d5:78:d8:
        3d:7a:96:34:05:0e:1a:21:a5:a5:c4:d8:bf:cc:83:56:
        4b:6c:4c:63:b0:d1:3d:d3:e9:23:74:90:c3:c2:09:9b:
        33:d2:e5:3f:1f:eb:b3:d7:40:f8:26:8c:cb:77:c5:e2:
        73:92:52:f6:f3:f1:d1:30:5d:f4:cd:69:73:b4:ef:dd:
        3f:63:ed:8d:5c:b6:3c:a1:e6:ab:ec:b0:56:56:e6:1c:
        12:f2:84:7a:24:f9:9f:bf:92:fd:e0:42:0e:dc:fc:5b:
        29:6a:f8:a4:ca:6a:fa:1a:3b:92:e3:75:7a:86:71:b2:
        00:4a:f0:d4:86:71:6b:1b:c7:94:d9:e7:1d:f9:30:32:
        2b:94:a2:9d:9e:fb:8e:b3:96:b9:32:cc:68:b2:27:3d:
        54:39:a0:4c:96:21:e4:d7:15:c7:c6:0d:98:6f:9f:73:
        18:a9:1f:53:1d:c1:2e:cc:81:53:9b:73:ec:2d:e2:3f:
        54:06:cc:8f:a6:fa:83:49:93:1f:bb:c5:06:4d:04:28:
        87:52:d9:f1:43:a0:34:de:58:b4:6f:1a:d0:09:0c:26:
        94:fa:23:82:b9:c4:e4:b7:48:58:af:3c:c1:b5:a0:16:
        88:7b:36:13:c9:91:db:d0:a1:7c:97:60:8d:44:e5:c7
    Fingerprint (SHA-256):
        53:7B:62:C9:8C:F9:7B:8D:00:14:73:1D:B9:25:34:6C:D5:2E:28:06:BE:54:01:EF:B1:E9:61:18:9D:66:75:B2
    Fingerprint (SHA1):
        77:E5:DF:49:B1:CF:93:9F:24:B7:89:73:C3:D7:89:B0:14:3D:F2:A7
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6624: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6625: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #6626: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #6627: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #6628: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182744 (0x25714ed8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:17 2016
            Not After : Mon Jun 28 18:32:17 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:8a:6b:d6:82:99:a9:03:e3:bb:87:54:3a:51:06:ad:
                    06:80:f7:c0:68:f0:c4:64:d5:a0:93:ad:60:66:0d:29:
                    05:a4:29:e9:33:96:05:4e:4d:7f:4e:59:f7:b8:10:c0:
                    2b:2d:8c:2b:00:23:8e:57:e3:9b:30:73:d3:63:4f:d9:
                    b1:25:e2:c3:74:30:29:40:d0:12:01:60:23:46:eb:c1:
                    7c:b1:51:3a:39:e9:ca:8a:02:d7:29:4d:a1:ce:4c:ea:
                    48:79:4e:e7:59:b3:02:1e:6a:3e:c0:31:b7:de:8d:8d:
                    f0:fe:d3:0c:f9:b4:ce:d8:ed:ef:cb:f9:d8:17:95:a3:
                    68:af:4e:6a:c3:41:dc:ed:1d:96:d4:6a:9e:8d:9a:36:
                    d0:3b:18:8f:42:72:9a:06:31:bf:46:22:27:54:9a:8c:
                    4d:4f:02:db:a3:8c:17:4a:d9:c7:a2:d6:cb:ef:60:d3:
                    a9:c0:df:fc:8c:6c:d9:4e:75:09:17:7a:e3:4c:6e:00:
                    aa:f3:41:69:8a:5b:7f:ba:8f:29:97:0d:d5:ca:20:84:
                    3e:3b:b9:73:b6:f5:da:cb:06:c8:56:bd:73:39:bf:85:
                    8b:b2:62:ea:ee:34:35:ce:be:db:3a:46:d6:cc:33:2f:
                    90:1a:b4:75:de:cf:42:57:a2:15:01:ff:85:b4:a3:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:75:a9:77:13:90:33:d4:6b:73:44:09:af:ae:61:71:
        29:03:6a:90:11:21:fb:43:d6:96:b6:6a:9b:73:ea:db:
        44:27:c0:54:7c:06:dd:45:20:58:bd:9c:30:60:da:1f:
        9f:9f:25:14:f7:66:93:5e:d4:b8:d5:19:63:7e:f8:cd:
        7c:37:34:50:45:cd:10:0b:bd:29:50:67:46:5f:d9:90:
        f9:c5:99:ae:08:19:b5:04:67:59:71:28:89:6a:85:d1:
        97:59:b2:51:5a:8a:63:96:0f:6e:f0:dc:a8:ca:eb:81:
        82:ec:d6:83:c0:7e:1b:60:aa:89:da:b4:3f:da:74:f1:
        23:5f:59:99:7b:f8:6e:ae:6a:89:e1:84:6a:ed:6f:b6:
        1b:85:19:da:d4:e8:1f:e3:a4:9d:21:52:6a:7c:db:43:
        f1:fd:f8:4f:ee:c7:a2:a4:a5:e3:a9:be:72:e8:ea:ec:
        ae:c2:42:01:9d:c4:a2:65:13:7d:d3:1c:cd:59:f0:d7:
        a1:4e:08:9f:9d:7e:67:08:e0:05:67:3c:b1:36:68:fa:
        26:da:18:ab:20:21:8a:5f:b3:e5:18:39:71:6f:c7:f5:
        f8:3f:ec:fa:ac:07:6f:b7:d4:0f:d0:a7:55:c3:d0:d5:
        cc:1c:46:0b:6e:1c:82:83:c4:9f:73:ac:e3:41:48:43
    Fingerprint (SHA-256):
        D0:06:38:8B:CF:CB:82:01:1E:19:27:17:C6:83:C6:90:CF:0F:91:B0:FC:01:5F:E5:E1:EF:87:7B:E0:69:95:8C
    Fingerprint (SHA1):
        76:0A:5B:04:93:1D:38:FE:D5:73:10:76:46:8B:7B:C7:3D:D9:80:62
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6629: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6630: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182745 (0x25714ed9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:26 2016
            Not After : Mon Jun 28 18:32:26 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:a5:3e:14:62:15:63:d6:4f:2b:a6:08:49:72:4e:b0:
                    c9:dc:05:03:f2:14:8c:4c:f0:d4:3a:ac:bd:7e:65:ac:
                    b6:bb:89:cf:02:2a:58:81:3b:82:92:6e:5b:49:16:d4:
                    bd:1c:27:84:de:6e:b4:b9:19:4d:3b:c0:34:b1:36:91:
                    96:97:50:c0:c6:ab:68:c2:0a:4a:12:7e:c9:13:9d:a6:
                    2e:46:1d:1e:78:f7:53:ed:80:bc:af:5a:26:46:77:46:
                    12:2f:1b:a6:61:c7:ff:65:96:ce:00:bd:7b:47:48:18:
                    bb:f2:d5:8f:bb:4a:a1:70:0c:3a:81:c9:59:94:75:ff:
                    ee:5b:63:45:24:f5:fe:5f:bb:69:52:e4:1e:65:e4:4c:
                    93:83:44:9f:ba:e8:25:e0:c9:fd:b9:d7:39:71:57:f2:
                    00:e4:2a:86:e1:e0:72:27:46:ab:cb:52:78:08:06:34:
                    7a:e4:c4:5f:ee:aa:74:9a:a3:fe:37:3c:70:06:aa:0f:
                    76:5c:2b:76:19:9b:b6:11:86:9d:c2:3e:28:b7:53:7c:
                    99:ab:6d:c8:c9:25:1e:b5:54:fe:73:0c:a0:5a:ae:4d:
                    d0:a0:5e:b5:65:6d:1e:f9:b4:4b:1c:c6:26:0c:04:d6:
                    fd:35:de:3d:b2:a2:d1:17:57:17:0f:33:0a:e5:4b:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        cb:55:28:f1:d4:d7:8f:c6:98:4c:ad:12:ef:0c:fc:14:
        b7:4d:8f:42:cb:9e:98:37:60:81:1c:03:0d:88:00:03:
        07:ba:f1:39:11:9a:69:db:e4:60:f5:21:73:8e:99:0f:
        a1:cb:c5:0a:cc:f7:4f:c6:d7:6a:44:7d:4d:7d:72:ad:
        da:31:63:29:2a:aa:ef:86:42:d7:c4:6a:f4:88:36:cb:
        ff:eb:8a:a4:46:e2:8e:df:98:f0:a8:73:db:e3:f1:c3:
        49:06:c8:91:2d:5a:54:90:bc:11:49:69:53:67:19:4d:
        94:63:7f:93:92:31:ca:9a:1c:29:da:68:bb:dc:6e:92:
        1a:e3:1a:96:ec:04:80:a5:9d:58:14:54:4a:8b:72:9a:
        42:37:18:ff:ea:2a:2d:97:da:eb:fc:7b:35:b2:de:d2:
        ec:f9:01:65:04:e3:0d:c3:32:23:29:93:62:50:47:23:
        76:08:47:9f:36:ae:10:4d:d3:0c:28:1a:86:4a:40:d5:
        ba:20:d2:d1:14:cd:99:f6:21:88:a1:ba:b0:5c:03:a4:
        66:3c:8a:78:90:80:25:46:a0:da:14:7b:51:d4:ec:6a:
        7d:fc:94:28:4d:90:f7:68:d6:5e:b5:12:92:2e:2c:f4:
        80:8d:9a:70:64:bf:da:3d:34:e4:6d:58:e9:44:1c:d8
    Fingerprint (SHA-256):
        AE:73:37:F9:8D:06:65:E1:3B:05:45:09:12:B6:5F:70:B2:F0:58:28:C4:3A:3B:56:8D:59:07:71:BE:9B:CA:B8
    Fingerprint (SHA1):
        A9:0F:C2:5C:15:46:E8:38:2A:4C:A5:32:E5:45:56:CC:62:35:47:93
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6631: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6632: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182746 (0x25714eda)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:35 2016
            Not After : Mon Jun 28 18:32:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:91:00:e6:03:64:6f:67:a0:b0:9a:1b:da:3d:16:35:
                    34:e3:d1:d4:30:40:2d:b6:80:31:30:c6:11:e2:e2:1a:
                    b8:2d:26:69:fb:2c:4f:47:15:4f:ff:a3:9c:7f:0a:02:
                    d1:ed:f0:2a:2a:0a:36:be:65:61:43:17:99:f9:45:2f:
                    bd:2d:2d:44:a4:5e:2a:74:f6:e2:7a:89:ae:53:7d:e8:
                    85:f4:cc:ef:ee:74:36:ee:8e:81:d0:53:76:f9:39:97:
                    c8:d1:8c:da:2d:cf:5c:db:14:76:08:19:db:4e:83:8e:
                    1e:da:b9:57:26:83:14:0a:a3:50:c3:6c:36:aa:86:88:
                    2b:f5:94:35:d6:22:5b:b5:14:0f:96:cf:6a:fe:c2:a1:
                    cf:53:5d:ec:d1:3a:3d:a1:eb:54:1c:8d:6e:b3:64:da:
                    50:2b:23:65:35:18:1e:6c:a2:b5:5f:4b:8f:e2:bf:fd:
                    a2:89:da:8d:5f:65:79:3a:02:31:d2:fe:aa:95:19:47:
                    0f:57:ed:5a:40:3e:2a:79:93:f6:b0:cd:43:94:ab:75:
                    db:cb:70:57:7a:0a:a9:2d:23:1c:4f:80:72:ef:da:8e:
                    a1:8d:e7:63:71:31:ca:2d:cd:40:b1:82:27:95:12:55:
                    3e:37:57:55:50:0c:b7:eb:0a:f8:a6:f8:a3:e6:79:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:81:18:2b:ff:d8:a6:8a:06:8b:0c:7b:12:d5:78:d8:
        3d:7a:96:34:05:0e:1a:21:a5:a5:c4:d8:bf:cc:83:56:
        4b:6c:4c:63:b0:d1:3d:d3:e9:23:74:90:c3:c2:09:9b:
        33:d2:e5:3f:1f:eb:b3:d7:40:f8:26:8c:cb:77:c5:e2:
        73:92:52:f6:f3:f1:d1:30:5d:f4:cd:69:73:b4:ef:dd:
        3f:63:ed:8d:5c:b6:3c:a1:e6:ab:ec:b0:56:56:e6:1c:
        12:f2:84:7a:24:f9:9f:bf:92:fd:e0:42:0e:dc:fc:5b:
        29:6a:f8:a4:ca:6a:fa:1a:3b:92:e3:75:7a:86:71:b2:
        00:4a:f0:d4:86:71:6b:1b:c7:94:d9:e7:1d:f9:30:32:
        2b:94:a2:9d:9e:fb:8e:b3:96:b9:32:cc:68:b2:27:3d:
        54:39:a0:4c:96:21:e4:d7:15:c7:c6:0d:98:6f:9f:73:
        18:a9:1f:53:1d:c1:2e:cc:81:53:9b:73:ec:2d:e2:3f:
        54:06:cc:8f:a6:fa:83:49:93:1f:bb:c5:06:4d:04:28:
        87:52:d9:f1:43:a0:34:de:58:b4:6f:1a:d0:09:0c:26:
        94:fa:23:82:b9:c4:e4:b7:48:58:af:3c:c1:b5:a0:16:
        88:7b:36:13:c9:91:db:d0:a1:7c:97:60:8d:44:e5:c7
    Fingerprint (SHA-256):
        53:7B:62:C9:8C:F9:7B:8D:00:14:73:1D:B9:25:34:6C:D5:2E:28:06:BE:54:01:EF:B1:E9:61:18:9D:66:75:B2
    Fingerprint (SHA1):
        77:E5:DF:49:B1:CF:93:9F:24:B7:89:73:C3:D7:89:B0:14:3D:F2:A7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6633: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6634: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182744 (0x25714ed8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:17 2016
            Not After : Mon Jun 28 18:32:17 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:8a:6b:d6:82:99:a9:03:e3:bb:87:54:3a:51:06:ad:
                    06:80:f7:c0:68:f0:c4:64:d5:a0:93:ad:60:66:0d:29:
                    05:a4:29:e9:33:96:05:4e:4d:7f:4e:59:f7:b8:10:c0:
                    2b:2d:8c:2b:00:23:8e:57:e3:9b:30:73:d3:63:4f:d9:
                    b1:25:e2:c3:74:30:29:40:d0:12:01:60:23:46:eb:c1:
                    7c:b1:51:3a:39:e9:ca:8a:02:d7:29:4d:a1:ce:4c:ea:
                    48:79:4e:e7:59:b3:02:1e:6a:3e:c0:31:b7:de:8d:8d:
                    f0:fe:d3:0c:f9:b4:ce:d8:ed:ef:cb:f9:d8:17:95:a3:
                    68:af:4e:6a:c3:41:dc:ed:1d:96:d4:6a:9e:8d:9a:36:
                    d0:3b:18:8f:42:72:9a:06:31:bf:46:22:27:54:9a:8c:
                    4d:4f:02:db:a3:8c:17:4a:d9:c7:a2:d6:cb:ef:60:d3:
                    a9:c0:df:fc:8c:6c:d9:4e:75:09:17:7a:e3:4c:6e:00:
                    aa:f3:41:69:8a:5b:7f:ba:8f:29:97:0d:d5:ca:20:84:
                    3e:3b:b9:73:b6:f5:da:cb:06:c8:56:bd:73:39:bf:85:
                    8b:b2:62:ea:ee:34:35:ce:be:db:3a:46:d6:cc:33:2f:
                    90:1a:b4:75:de:cf:42:57:a2:15:01:ff:85:b4:a3:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:75:a9:77:13:90:33:d4:6b:73:44:09:af:ae:61:71:
        29:03:6a:90:11:21:fb:43:d6:96:b6:6a:9b:73:ea:db:
        44:27:c0:54:7c:06:dd:45:20:58:bd:9c:30:60:da:1f:
        9f:9f:25:14:f7:66:93:5e:d4:b8:d5:19:63:7e:f8:cd:
        7c:37:34:50:45:cd:10:0b:bd:29:50:67:46:5f:d9:90:
        f9:c5:99:ae:08:19:b5:04:67:59:71:28:89:6a:85:d1:
        97:59:b2:51:5a:8a:63:96:0f:6e:f0:dc:a8:ca:eb:81:
        82:ec:d6:83:c0:7e:1b:60:aa:89:da:b4:3f:da:74:f1:
        23:5f:59:99:7b:f8:6e:ae:6a:89:e1:84:6a:ed:6f:b6:
        1b:85:19:da:d4:e8:1f:e3:a4:9d:21:52:6a:7c:db:43:
        f1:fd:f8:4f:ee:c7:a2:a4:a5:e3:a9:be:72:e8:ea:ec:
        ae:c2:42:01:9d:c4:a2:65:13:7d:d3:1c:cd:59:f0:d7:
        a1:4e:08:9f:9d:7e:67:08:e0:05:67:3c:b1:36:68:fa:
        26:da:18:ab:20:21:8a:5f:b3:e5:18:39:71:6f:c7:f5:
        f8:3f:ec:fa:ac:07:6f:b7:d4:0f:d0:a7:55:c3:d0:d5:
        cc:1c:46:0b:6e:1c:82:83:c4:9f:73:ac:e3:41:48:43
    Fingerprint (SHA-256):
        D0:06:38:8B:CF:CB:82:01:1E:19:27:17:C6:83:C6:90:CF:0F:91:B0:FC:01:5F:E5:E1:EF:87:7B:E0:69:95:8C
    Fingerprint (SHA1):
        76:0A:5B:04:93:1D:38:FE:D5:73:10:76:46:8B:7B:C7:3D:D9:80:62
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6635: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182744 (0x25714ed8)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:17 2016
            Not After : Mon Jun 28 18:32:17 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:8a:6b:d6:82:99:a9:03:e3:bb:87:54:3a:51:06:ad:
                    06:80:f7:c0:68:f0:c4:64:d5:a0:93:ad:60:66:0d:29:
                    05:a4:29:e9:33:96:05:4e:4d:7f:4e:59:f7:b8:10:c0:
                    2b:2d:8c:2b:00:23:8e:57:e3:9b:30:73:d3:63:4f:d9:
                    b1:25:e2:c3:74:30:29:40:d0:12:01:60:23:46:eb:c1:
                    7c:b1:51:3a:39:e9:ca:8a:02:d7:29:4d:a1:ce:4c:ea:
                    48:79:4e:e7:59:b3:02:1e:6a:3e:c0:31:b7:de:8d:8d:
                    f0:fe:d3:0c:f9:b4:ce:d8:ed:ef:cb:f9:d8:17:95:a3:
                    68:af:4e:6a:c3:41:dc:ed:1d:96:d4:6a:9e:8d:9a:36:
                    d0:3b:18:8f:42:72:9a:06:31:bf:46:22:27:54:9a:8c:
                    4d:4f:02:db:a3:8c:17:4a:d9:c7:a2:d6:cb:ef:60:d3:
                    a9:c0:df:fc:8c:6c:d9:4e:75:09:17:7a:e3:4c:6e:00:
                    aa:f3:41:69:8a:5b:7f:ba:8f:29:97:0d:d5:ca:20:84:
                    3e:3b:b9:73:b6:f5:da:cb:06:c8:56:bd:73:39:bf:85:
                    8b:b2:62:ea:ee:34:35:ce:be:db:3a:46:d6:cc:33:2f:
                    90:1a:b4:75:de:cf:42:57:a2:15:01:ff:85:b4:a3:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4e:75:a9:77:13:90:33:d4:6b:73:44:09:af:ae:61:71:
        29:03:6a:90:11:21:fb:43:d6:96:b6:6a:9b:73:ea:db:
        44:27:c0:54:7c:06:dd:45:20:58:bd:9c:30:60:da:1f:
        9f:9f:25:14:f7:66:93:5e:d4:b8:d5:19:63:7e:f8:cd:
        7c:37:34:50:45:cd:10:0b:bd:29:50:67:46:5f:d9:90:
        f9:c5:99:ae:08:19:b5:04:67:59:71:28:89:6a:85:d1:
        97:59:b2:51:5a:8a:63:96:0f:6e:f0:dc:a8:ca:eb:81:
        82:ec:d6:83:c0:7e:1b:60:aa:89:da:b4:3f:da:74:f1:
        23:5f:59:99:7b:f8:6e:ae:6a:89:e1:84:6a:ed:6f:b6:
        1b:85:19:da:d4:e8:1f:e3:a4:9d:21:52:6a:7c:db:43:
        f1:fd:f8:4f:ee:c7:a2:a4:a5:e3:a9:be:72:e8:ea:ec:
        ae:c2:42:01:9d:c4:a2:65:13:7d:d3:1c:cd:59:f0:d7:
        a1:4e:08:9f:9d:7e:67:08:e0:05:67:3c:b1:36:68:fa:
        26:da:18:ab:20:21:8a:5f:b3:e5:18:39:71:6f:c7:f5:
        f8:3f:ec:fa:ac:07:6f:b7:d4:0f:d0:a7:55:c3:d0:d5:
        cc:1c:46:0b:6e:1c:82:83:c4:9f:73:ac:e3:41:48:43
    Fingerprint (SHA-256):
        D0:06:38:8B:CF:CB:82:01:1E:19:27:17:C6:83:C6:90:CF:0F:91:B0:FC:01:5F:E5:E1:EF:87:7B:E0:69:95:8C
    Fingerprint (SHA1):
        76:0A:5B:04:93:1D:38:FE:D5:73:10:76:46:8B:7B:C7:3D:D9:80:62
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6636: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182745 (0x25714ed9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:26 2016
            Not After : Mon Jun 28 18:32:26 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:a5:3e:14:62:15:63:d6:4f:2b:a6:08:49:72:4e:b0:
                    c9:dc:05:03:f2:14:8c:4c:f0:d4:3a:ac:bd:7e:65:ac:
                    b6:bb:89:cf:02:2a:58:81:3b:82:92:6e:5b:49:16:d4:
                    bd:1c:27:84:de:6e:b4:b9:19:4d:3b:c0:34:b1:36:91:
                    96:97:50:c0:c6:ab:68:c2:0a:4a:12:7e:c9:13:9d:a6:
                    2e:46:1d:1e:78:f7:53:ed:80:bc:af:5a:26:46:77:46:
                    12:2f:1b:a6:61:c7:ff:65:96:ce:00:bd:7b:47:48:18:
                    bb:f2:d5:8f:bb:4a:a1:70:0c:3a:81:c9:59:94:75:ff:
                    ee:5b:63:45:24:f5:fe:5f:bb:69:52:e4:1e:65:e4:4c:
                    93:83:44:9f:ba:e8:25:e0:c9:fd:b9:d7:39:71:57:f2:
                    00:e4:2a:86:e1:e0:72:27:46:ab:cb:52:78:08:06:34:
                    7a:e4:c4:5f:ee:aa:74:9a:a3:fe:37:3c:70:06:aa:0f:
                    76:5c:2b:76:19:9b:b6:11:86:9d:c2:3e:28:b7:53:7c:
                    99:ab:6d:c8:c9:25:1e:b5:54:fe:73:0c:a0:5a:ae:4d:
                    d0:a0:5e:b5:65:6d:1e:f9:b4:4b:1c:c6:26:0c:04:d6:
                    fd:35:de:3d:b2:a2:d1:17:57:17:0f:33:0a:e5:4b:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        cb:55:28:f1:d4:d7:8f:c6:98:4c:ad:12:ef:0c:fc:14:
        b7:4d:8f:42:cb:9e:98:37:60:81:1c:03:0d:88:00:03:
        07:ba:f1:39:11:9a:69:db:e4:60:f5:21:73:8e:99:0f:
        a1:cb:c5:0a:cc:f7:4f:c6:d7:6a:44:7d:4d:7d:72:ad:
        da:31:63:29:2a:aa:ef:86:42:d7:c4:6a:f4:88:36:cb:
        ff:eb:8a:a4:46:e2:8e:df:98:f0:a8:73:db:e3:f1:c3:
        49:06:c8:91:2d:5a:54:90:bc:11:49:69:53:67:19:4d:
        94:63:7f:93:92:31:ca:9a:1c:29:da:68:bb:dc:6e:92:
        1a:e3:1a:96:ec:04:80:a5:9d:58:14:54:4a:8b:72:9a:
        42:37:18:ff:ea:2a:2d:97:da:eb:fc:7b:35:b2:de:d2:
        ec:f9:01:65:04:e3:0d:c3:32:23:29:93:62:50:47:23:
        76:08:47:9f:36:ae:10:4d:d3:0c:28:1a:86:4a:40:d5:
        ba:20:d2:d1:14:cd:99:f6:21:88:a1:ba:b0:5c:03:a4:
        66:3c:8a:78:90:80:25:46:a0:da:14:7b:51:d4:ec:6a:
        7d:fc:94:28:4d:90:f7:68:d6:5e:b5:12:92:2e:2c:f4:
        80:8d:9a:70:64:bf:da:3d:34:e4:6d:58:e9:44:1c:d8
    Fingerprint (SHA-256):
        AE:73:37:F9:8D:06:65:E1:3B:05:45:09:12:B6:5F:70:B2:F0:58:28:C4:3A:3B:56:8D:59:07:71:BE:9B:CA:B8
    Fingerprint (SHA1):
        A9:0F:C2:5C:15:46:E8:38:2A:4C:A5:32:E5:45:56:CC:62:35:47:93
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6637: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182745 (0x25714ed9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:26 2016
            Not After : Mon Jun 28 18:32:26 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e6:a5:3e:14:62:15:63:d6:4f:2b:a6:08:49:72:4e:b0:
                    c9:dc:05:03:f2:14:8c:4c:f0:d4:3a:ac:bd:7e:65:ac:
                    b6:bb:89:cf:02:2a:58:81:3b:82:92:6e:5b:49:16:d4:
                    bd:1c:27:84:de:6e:b4:b9:19:4d:3b:c0:34:b1:36:91:
                    96:97:50:c0:c6:ab:68:c2:0a:4a:12:7e:c9:13:9d:a6:
                    2e:46:1d:1e:78:f7:53:ed:80:bc:af:5a:26:46:77:46:
                    12:2f:1b:a6:61:c7:ff:65:96:ce:00:bd:7b:47:48:18:
                    bb:f2:d5:8f:bb:4a:a1:70:0c:3a:81:c9:59:94:75:ff:
                    ee:5b:63:45:24:f5:fe:5f:bb:69:52:e4:1e:65:e4:4c:
                    93:83:44:9f:ba:e8:25:e0:c9:fd:b9:d7:39:71:57:f2:
                    00:e4:2a:86:e1:e0:72:27:46:ab:cb:52:78:08:06:34:
                    7a:e4:c4:5f:ee:aa:74:9a:a3:fe:37:3c:70:06:aa:0f:
                    76:5c:2b:76:19:9b:b6:11:86:9d:c2:3e:28:b7:53:7c:
                    99:ab:6d:c8:c9:25:1e:b5:54:fe:73:0c:a0:5a:ae:4d:
                    d0:a0:5e:b5:65:6d:1e:f9:b4:4b:1c:c6:26:0c:04:d6:
                    fd:35:de:3d:b2:a2:d1:17:57:17:0f:33:0a:e5:4b:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        cb:55:28:f1:d4:d7:8f:c6:98:4c:ad:12:ef:0c:fc:14:
        b7:4d:8f:42:cb:9e:98:37:60:81:1c:03:0d:88:00:03:
        07:ba:f1:39:11:9a:69:db:e4:60:f5:21:73:8e:99:0f:
        a1:cb:c5:0a:cc:f7:4f:c6:d7:6a:44:7d:4d:7d:72:ad:
        da:31:63:29:2a:aa:ef:86:42:d7:c4:6a:f4:88:36:cb:
        ff:eb:8a:a4:46:e2:8e:df:98:f0:a8:73:db:e3:f1:c3:
        49:06:c8:91:2d:5a:54:90:bc:11:49:69:53:67:19:4d:
        94:63:7f:93:92:31:ca:9a:1c:29:da:68:bb:dc:6e:92:
        1a:e3:1a:96:ec:04:80:a5:9d:58:14:54:4a:8b:72:9a:
        42:37:18:ff:ea:2a:2d:97:da:eb:fc:7b:35:b2:de:d2:
        ec:f9:01:65:04:e3:0d:c3:32:23:29:93:62:50:47:23:
        76:08:47:9f:36:ae:10:4d:d3:0c:28:1a:86:4a:40:d5:
        ba:20:d2:d1:14:cd:99:f6:21:88:a1:ba:b0:5c:03:a4:
        66:3c:8a:78:90:80:25:46:a0:da:14:7b:51:d4:ec:6a:
        7d:fc:94:28:4d:90:f7:68:d6:5e:b5:12:92:2e:2c:f4:
        80:8d:9a:70:64:bf:da:3d:34:e4:6d:58:e9:44:1c:d8
    Fingerprint (SHA-256):
        AE:73:37:F9:8D:06:65:E1:3B:05:45:09:12:B6:5F:70:B2:F0:58:28:C4:3A:3B:56:8D:59:07:71:BE:9B:CA:B8
    Fingerprint (SHA1):
        A9:0F:C2:5C:15:46:E8:38:2A:4C:A5:32:E5:45:56:CC:62:35:47:93
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6638: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182746 (0x25714eda)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:35 2016
            Not After : Mon Jun 28 18:32:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:91:00:e6:03:64:6f:67:a0:b0:9a:1b:da:3d:16:35:
                    34:e3:d1:d4:30:40:2d:b6:80:31:30:c6:11:e2:e2:1a:
                    b8:2d:26:69:fb:2c:4f:47:15:4f:ff:a3:9c:7f:0a:02:
                    d1:ed:f0:2a:2a:0a:36:be:65:61:43:17:99:f9:45:2f:
                    bd:2d:2d:44:a4:5e:2a:74:f6:e2:7a:89:ae:53:7d:e8:
                    85:f4:cc:ef:ee:74:36:ee:8e:81:d0:53:76:f9:39:97:
                    c8:d1:8c:da:2d:cf:5c:db:14:76:08:19:db:4e:83:8e:
                    1e:da:b9:57:26:83:14:0a:a3:50:c3:6c:36:aa:86:88:
                    2b:f5:94:35:d6:22:5b:b5:14:0f:96:cf:6a:fe:c2:a1:
                    cf:53:5d:ec:d1:3a:3d:a1:eb:54:1c:8d:6e:b3:64:da:
                    50:2b:23:65:35:18:1e:6c:a2:b5:5f:4b:8f:e2:bf:fd:
                    a2:89:da:8d:5f:65:79:3a:02:31:d2:fe:aa:95:19:47:
                    0f:57:ed:5a:40:3e:2a:79:93:f6:b0:cd:43:94:ab:75:
                    db:cb:70:57:7a:0a:a9:2d:23:1c:4f:80:72:ef:da:8e:
                    a1:8d:e7:63:71:31:ca:2d:cd:40:b1:82:27:95:12:55:
                    3e:37:57:55:50:0c:b7:eb:0a:f8:a6:f8:a3:e6:79:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:81:18:2b:ff:d8:a6:8a:06:8b:0c:7b:12:d5:78:d8:
        3d:7a:96:34:05:0e:1a:21:a5:a5:c4:d8:bf:cc:83:56:
        4b:6c:4c:63:b0:d1:3d:d3:e9:23:74:90:c3:c2:09:9b:
        33:d2:e5:3f:1f:eb:b3:d7:40:f8:26:8c:cb:77:c5:e2:
        73:92:52:f6:f3:f1:d1:30:5d:f4:cd:69:73:b4:ef:dd:
        3f:63:ed:8d:5c:b6:3c:a1:e6:ab:ec:b0:56:56:e6:1c:
        12:f2:84:7a:24:f9:9f:bf:92:fd:e0:42:0e:dc:fc:5b:
        29:6a:f8:a4:ca:6a:fa:1a:3b:92:e3:75:7a:86:71:b2:
        00:4a:f0:d4:86:71:6b:1b:c7:94:d9:e7:1d:f9:30:32:
        2b:94:a2:9d:9e:fb:8e:b3:96:b9:32:cc:68:b2:27:3d:
        54:39:a0:4c:96:21:e4:d7:15:c7:c6:0d:98:6f:9f:73:
        18:a9:1f:53:1d:c1:2e:cc:81:53:9b:73:ec:2d:e2:3f:
        54:06:cc:8f:a6:fa:83:49:93:1f:bb:c5:06:4d:04:28:
        87:52:d9:f1:43:a0:34:de:58:b4:6f:1a:d0:09:0c:26:
        94:fa:23:82:b9:c4:e4:b7:48:58:af:3c:c1:b5:a0:16:
        88:7b:36:13:c9:91:db:d0:a1:7c:97:60:8d:44:e5:c7
    Fingerprint (SHA-256):
        53:7B:62:C9:8C:F9:7B:8D:00:14:73:1D:B9:25:34:6C:D5:2E:28:06:BE:54:01:EF:B1:E9:61:18:9D:66:75:B2
    Fingerprint (SHA1):
        77:E5:DF:49:B1:CF:93:9F:24:B7:89:73:C3:D7:89:B0:14:3D:F2:A7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6639: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182746 (0x25714eda)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:32:35 2016
            Not After : Mon Jun 28 18:32:35 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:91:00:e6:03:64:6f:67:a0:b0:9a:1b:da:3d:16:35:
                    34:e3:d1:d4:30:40:2d:b6:80:31:30:c6:11:e2:e2:1a:
                    b8:2d:26:69:fb:2c:4f:47:15:4f:ff:a3:9c:7f:0a:02:
                    d1:ed:f0:2a:2a:0a:36:be:65:61:43:17:99:f9:45:2f:
                    bd:2d:2d:44:a4:5e:2a:74:f6:e2:7a:89:ae:53:7d:e8:
                    85:f4:cc:ef:ee:74:36:ee:8e:81:d0:53:76:f9:39:97:
                    c8:d1:8c:da:2d:cf:5c:db:14:76:08:19:db:4e:83:8e:
                    1e:da:b9:57:26:83:14:0a:a3:50:c3:6c:36:aa:86:88:
                    2b:f5:94:35:d6:22:5b:b5:14:0f:96:cf:6a:fe:c2:a1:
                    cf:53:5d:ec:d1:3a:3d:a1:eb:54:1c:8d:6e:b3:64:da:
                    50:2b:23:65:35:18:1e:6c:a2:b5:5f:4b:8f:e2:bf:fd:
                    a2:89:da:8d:5f:65:79:3a:02:31:d2:fe:aa:95:19:47:
                    0f:57:ed:5a:40:3e:2a:79:93:f6:b0:cd:43:94:ab:75:
                    db:cb:70:57:7a:0a:a9:2d:23:1c:4f:80:72:ef:da:8e:
                    a1:8d:e7:63:71:31:ca:2d:cd:40:b1:82:27:95:12:55:
                    3e:37:57:55:50:0c:b7:eb:0a:f8:a6:f8:a3:e6:79:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6f:81:18:2b:ff:d8:a6:8a:06:8b:0c:7b:12:d5:78:d8:
        3d:7a:96:34:05:0e:1a:21:a5:a5:c4:d8:bf:cc:83:56:
        4b:6c:4c:63:b0:d1:3d:d3:e9:23:74:90:c3:c2:09:9b:
        33:d2:e5:3f:1f:eb:b3:d7:40:f8:26:8c:cb:77:c5:e2:
        73:92:52:f6:f3:f1:d1:30:5d:f4:cd:69:73:b4:ef:dd:
        3f:63:ed:8d:5c:b6:3c:a1:e6:ab:ec:b0:56:56:e6:1c:
        12:f2:84:7a:24:f9:9f:bf:92:fd:e0:42:0e:dc:fc:5b:
        29:6a:f8:a4:ca:6a:fa:1a:3b:92:e3:75:7a:86:71:b2:
        00:4a:f0:d4:86:71:6b:1b:c7:94:d9:e7:1d:f9:30:32:
        2b:94:a2:9d:9e:fb:8e:b3:96:b9:32:cc:68:b2:27:3d:
        54:39:a0:4c:96:21:e4:d7:15:c7:c6:0d:98:6f:9f:73:
        18:a9:1f:53:1d:c1:2e:cc:81:53:9b:73:ec:2d:e2:3f:
        54:06:cc:8f:a6:fa:83:49:93:1f:bb:c5:06:4d:04:28:
        87:52:d9:f1:43:a0:34:de:58:b4:6f:1a:d0:09:0c:26:
        94:fa:23:82:b9:c4:e4:b7:48:58:af:3c:c1:b5:a0:16:
        88:7b:36:13:c9:91:db:d0:a1:7c:97:60:8d:44:e5:c7
    Fingerprint (SHA-256):
        53:7B:62:C9:8C:F9:7B:8D:00:14:73:1D:B9:25:34:6C:D5:2E:28:06:BE:54:01:EF:B1:E9:61:18:9D:66:75:B2
    Fingerprint (SHA1):
        77:E5:DF:49:B1:CF:93:9F:24:B7:89:73:C3:D7:89:B0:14:3D:F2:A7
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6640: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #6641: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182749 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6642: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #6643: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6644: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6645: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182750   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6646: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6647: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6648: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6649: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182751   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #6650: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6651: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #6652: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6653: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628182752   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6654: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6655: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #6656: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6657: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628182753   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6658: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6659: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #6660: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6661: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628182754   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6662: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6663: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #6664: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6665: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628182755   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6666: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6667: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6668: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #6669: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #6670: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #6671: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #6672: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182749 (0x25714edd)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:07 2016
            Not After : Mon Jun 28 18:33:07 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    92:cd:e0:b2:3b:67:46:f2:62:ab:bc:ba:f9:f8:bb:27:
                    63:dd:94:b7:dd:f2:35:e2:5e:da:f8:fa:01:31:52:00:
                    e0:db:90:99:1d:64:49:ac:c0:fb:6a:41:6d:2d:5b:79:
                    f6:a2:22:65:24:62:f4:3d:0b:52:4b:b7:c7:ba:79:66:
                    6e:44:50:c6:3b:a4:33:e3:b2:2f:c7:ed:93:f5:da:81:
                    58:37:46:e0:2d:bd:4f:26:99:e3:bb:cc:98:d1:ec:41:
                    1f:a2:8e:5c:63:90:6f:22:1a:d2:dd:3a:fd:3d:d1:27:
                    3b:02:2d:2f:7b:58:ff:a3:e3:3a:d6:f9:8d:f9:a1:fd:
                    ec:04:28:f6:60:77:c0:c4:a6:b3:05:e1:63:8c:6d:27:
                    4d:e8:d8:01:e1:b2:45:33:d0:11:e0:01:e9:0c:d0:46:
                    74:01:a7:f1:04:9f:7f:37:5a:69:4a:41:54:b7:fd:3e:
                    51:fd:81:2e:f5:1d:85:1d:98:71:bf:5a:6c:a9:5e:51:
                    25:fe:02:a7:f3:eb:69:2b:e7:67:b6:53:6b:23:1b:d0:
                    e3:eb:89:2e:26:97:a1:3f:c7:4f:be:9f:f8:9e:2c:24:
                    97:e0:27:23:3b:53:71:55:b6:65:8a:d0:88:68:f2:27:
                    45:ab:85:66:2b:c2:00:52:2c:3a:16:dc:af:91:19:23
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:e2:25:0a:45:a3:35:ed:30:60:4a:ee:77:a2:bd:ad:
        65:d0:3c:d0:15:d1:ff:d5:2b:95:99:1c:72:5f:84:da:
        17:9e:0b:d4:29:43:92:d3:d4:99:26:6f:44:a9:40:1f:
        37:0b:38:3f:a7:55:99:ff:b2:53:bb:43:65:3c:4a:dd:
        55:4d:d0:2d:80:50:51:e5:0e:46:0a:15:b3:9d:b4:17:
        f1:74:51:ab:02:96:88:35:12:6d:42:b9:a0:27:a2:47:
        97:88:36:73:64:11:9f:6a:32:17:11:e4:0b:37:70:03:
        d3:79:6b:fa:86:16:ef:63:ad:87:06:ab:59:21:c6:3f:
        98:a2:3c:9b:3d:28:3d:75:f0:9d:7d:e7:0a:92:c1:b9:
        d6:38:07:11:a0:c2:b9:5f:b1:f3:cb:d1:7a:8d:6e:1c:
        c9:55:58:58:75:e1:39:c3:2b:77:64:cb:e7:f1:cb:c4:
        83:ea:3c:76:8d:7f:b1:e1:32:01:0e:5f:27:79:57:fd:
        47:3c:b6:c5:75:6e:0b:d4:59:8f:c1:88:e9:c7:bc:aa:
        e0:09:6f:a0:9a:c4:e6:fe:c0:67:89:19:dc:11:1c:d4:
        27:38:2f:00:68:49:d1:62:71:1c:6a:73:03:32:a5:c5:
        77:ab:07:78:f1:ea:8c:1f:6c:91:03:7e:33:9a:23:ed
    Fingerprint (SHA-256):
        FC:9B:D3:89:B6:2E:14:42:11:6B:93:21:02:8A:69:D7:DD:F8:DB:95:DE:E5:ED:30:EF:F2:AF:21:F5:0A:D3:DA
    Fingerprint (SHA1):
        4B:32:59:EB:07:81:CA:D1:8E:1A:9E:F0:B4:37:22:76:91:9C:DB:35
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6673: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6674: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6675: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6676: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182749 (0x25714edd)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:07 2016
            Not After : Mon Jun 28 18:33:07 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    92:cd:e0:b2:3b:67:46:f2:62:ab:bc:ba:f9:f8:bb:27:
                    63:dd:94:b7:dd:f2:35:e2:5e:da:f8:fa:01:31:52:00:
                    e0:db:90:99:1d:64:49:ac:c0:fb:6a:41:6d:2d:5b:79:
                    f6:a2:22:65:24:62:f4:3d:0b:52:4b:b7:c7:ba:79:66:
                    6e:44:50:c6:3b:a4:33:e3:b2:2f:c7:ed:93:f5:da:81:
                    58:37:46:e0:2d:bd:4f:26:99:e3:bb:cc:98:d1:ec:41:
                    1f:a2:8e:5c:63:90:6f:22:1a:d2:dd:3a:fd:3d:d1:27:
                    3b:02:2d:2f:7b:58:ff:a3:e3:3a:d6:f9:8d:f9:a1:fd:
                    ec:04:28:f6:60:77:c0:c4:a6:b3:05:e1:63:8c:6d:27:
                    4d:e8:d8:01:e1:b2:45:33:d0:11:e0:01:e9:0c:d0:46:
                    74:01:a7:f1:04:9f:7f:37:5a:69:4a:41:54:b7:fd:3e:
                    51:fd:81:2e:f5:1d:85:1d:98:71:bf:5a:6c:a9:5e:51:
                    25:fe:02:a7:f3:eb:69:2b:e7:67:b6:53:6b:23:1b:d0:
                    e3:eb:89:2e:26:97:a1:3f:c7:4f:be:9f:f8:9e:2c:24:
                    97:e0:27:23:3b:53:71:55:b6:65:8a:d0:88:68:f2:27:
                    45:ab:85:66:2b:c2:00:52:2c:3a:16:dc:af:91:19:23
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8b:e2:25:0a:45:a3:35:ed:30:60:4a:ee:77:a2:bd:ad:
        65:d0:3c:d0:15:d1:ff:d5:2b:95:99:1c:72:5f:84:da:
        17:9e:0b:d4:29:43:92:d3:d4:99:26:6f:44:a9:40:1f:
        37:0b:38:3f:a7:55:99:ff:b2:53:bb:43:65:3c:4a:dd:
        55:4d:d0:2d:80:50:51:e5:0e:46:0a:15:b3:9d:b4:17:
        f1:74:51:ab:02:96:88:35:12:6d:42:b9:a0:27:a2:47:
        97:88:36:73:64:11:9f:6a:32:17:11:e4:0b:37:70:03:
        d3:79:6b:fa:86:16:ef:63:ad:87:06:ab:59:21:c6:3f:
        98:a2:3c:9b:3d:28:3d:75:f0:9d:7d:e7:0a:92:c1:b9:
        d6:38:07:11:a0:c2:b9:5f:b1:f3:cb:d1:7a:8d:6e:1c:
        c9:55:58:58:75:e1:39:c3:2b:77:64:cb:e7:f1:cb:c4:
        83:ea:3c:76:8d:7f:b1:e1:32:01:0e:5f:27:79:57:fd:
        47:3c:b6:c5:75:6e:0b:d4:59:8f:c1:88:e9:c7:bc:aa:
        e0:09:6f:a0:9a:c4:e6:fe:c0:67:89:19:dc:11:1c:d4:
        27:38:2f:00:68:49:d1:62:71:1c:6a:73:03:32:a5:c5:
        77:ab:07:78:f1:ea:8c:1f:6c:91:03:7e:33:9a:23:ed
    Fingerprint (SHA-256):
        FC:9B:D3:89:B6:2E:14:42:11:6B:93:21:02:8A:69:D7:DD:F8:DB:95:DE:E5:ED:30:EF:F2:AF:21:F5:0A:D3:DA
    Fingerprint (SHA1):
        4B:32:59:EB:07:81:CA:D1:8E:1A:9E:F0:B4:37:22:76:91:9C:DB:35
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6677: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6678: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #6679: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182756 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6680: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #6681: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6682: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6683: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182757   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #6684: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6685: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #6686: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6687: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628182758   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6688: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6689: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #6690: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6691: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628182759   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6692: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6693: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #6694: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6695: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628182760   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6696: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6697: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #6698: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6699: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628182761   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6700: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6701: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #6702: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6703: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628182762   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6704: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6705: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #6706: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6707: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628182763   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6708: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6709: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #6710: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6711: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628182764   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #6712: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6713: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #6714: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6715: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628182765   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6716: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6717: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #6718: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6719: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628182766   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6720: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6721: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #6722: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6723: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628182767   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6724: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6725: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #6726: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6727: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628182768   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6728: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6729: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #6730: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6731: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628182769   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6732: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6733: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #6734: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6735: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628182770   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6736: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6737: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #6738: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6739: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628182771   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6740: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6741: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #6742: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6743: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628182772   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6744: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6745: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #6746: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6747: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628182773   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #6748: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6749: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #6750: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6751: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628182774   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6752: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6753: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #6754: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6755: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628182775   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6756: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6757: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #6758: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6759: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628182776   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6760: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6761: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #6762: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6763: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628182777   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6764: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6765: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #6766: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6767: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628182778   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6768: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6769: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #6770: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6771: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628182779   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6772: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6773: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #6774: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6775: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628182780   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6776: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6777: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #6778: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6779: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628182781   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6780: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6781: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #6782: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6783: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628182782   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6784: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6785: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #6786: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6787: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628182783   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6788: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6789: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #6790: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6791: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628182784   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6792: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6793: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #6794: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6795: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628182785   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6796: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6797: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6798: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6799: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6800: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6801: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6802: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6803: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6804: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6805: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6806: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6807: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6808: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6809: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6810: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6811: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6812: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6813: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6814: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6815: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6816: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #6817: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #6818: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #6819: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #6820: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182756 (0x25714ee4)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:33:50 2016
            Not After : Mon Jun 28 18:33:50 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:3d:e5:73:8b:ef:7c:ff:28:cd:58:98:8b:d8:1d:44:
                    b7:c6:e7:46:be:c1:9f:e7:7c:5f:67:6b:dc:80:68:7e:
                    bd:92:86:20:f0:37:6a:5e:f1:6e:40:72:62:dd:c6:a9:
                    61:4d:e2:c2:12:35:0d:73:a8:d5:37:90:82:da:be:a1:
                    d9:ca:fb:64:f7:bc:52:5d:50:fd:91:ee:f9:05:32:57:
                    9d:bd:b8:21:b6:51:39:7d:90:34:c6:a8:62:57:9b:ec:
                    f8:90:ac:40:f8:81:67:8b:e8:1e:e3:bd:67:50:ae:37:
                    57:8e:7d:2a:ad:ec:b1:e1:63:47:3d:42:ab:ed:db:f2:
                    25:4e:ba:cb:eb:b2:71:a4:37:ca:56:2b:83:a0:d3:70:
                    79:fd:6a:95:ce:63:32:c8:20:9f:fe:d7:48:c2:49:85:
                    a0:75:97:ed:c2:e9:44:b0:44:41:d0:47:a7:a5:5b:19:
                    31:a2:2e:19:c5:45:b5:bb:50:87:89:2c:08:a5:2e:df:
                    e2:b2:1c:24:69:2d:55:dd:85:f7:ea:6b:be:f6:33:e7:
                    c6:21:29:f2:4e:cf:01:dd:e7:0b:03:b6:8d:21:c4:ff:
                    63:50:08:2c:9e:a7:87:75:51:d7:7d:30:36:f5:27:3b:
                    b2:77:12:fa:a5:72:54:4e:62:e9:25:49:f3:08:c7:4d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        57:ce:d3:cd:db:9a:08:be:bb:6b:74:15:73:23:c9:29:
        da:f6:bc:7b:4d:8c:f2:e1:a6:25:b0:52:39:32:37:84:
        bc:84:48:ad:ac:ec:f0:7b:78:c4:b0:52:12:bc:f5:6c:
        5f:de:3d:fd:a4:cc:05:a1:f6:61:0f:94:99:95:a1:ce:
        75:f3:2b:a2:08:43:c1:8c:4c:f2:8c:74:db:58:91:d5:
        68:df:ba:10:96:34:b0:3b:65:1b:30:ec:2b:79:23:9e:
        79:ce:d0:62:90:c8:58:b8:27:ac:49:3e:42:f8:c2:49:
        28:72:a0:54:42:69:2c:07:8e:6f:60:a3:87:1d:d0:a3:
        a7:8a:f1:d6:4f:a0:77:88:dc:8b:ad:51:10:7e:f5:af:
        cc:d4:ad:9d:f1:83:b2:80:db:4b:91:98:5b:20:54:c9:
        7e:f2:04:bd:dc:7a:81:35:50:9a:1e:cb:06:44:24:4d:
        c1:bc:9b:18:7e:2f:86:7c:1c:21:ee:40:df:f8:90:1b:
        4f:6d:2d:0e:26:c3:99:d3:82:0f:60:c5:75:1b:e8:9b:
        ee:b7:df:cb:79:65:1e:89:39:1f:84:c4:05:d6:00:14:
        3f:01:65:96:10:f7:c4:9d:51:14:28:2f:5b:58:38:1e:
        cf:6c:43:c3:ea:99:d6:8f:90:f4:0e:7d:6f:ed:c0:c5
    Fingerprint (SHA-256):
        C3:DD:8F:91:DA:0E:1F:AA:56:A6:C8:3C:DD:49:7C:04:84:E1:1C:3B:9B:19:95:BB:99:3E:06:10:F8:42:58:FE
    Fingerprint (SHA1):
        38:3C:61:16:D7:A4:8D:13:51:AA:CE:94:4A:CF:FA:61:34:E3:E5:E2
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #6821: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6822: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6823: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182786 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6824: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6825: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #6826: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6827: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628182787   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6828: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6829: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #6830: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6831: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628182788   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6832: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6833: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #6834: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6835: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628182789   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6836: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6837: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #6838: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6839: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628182790   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6840: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6841: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #6842: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6843: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628182791   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6844: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6845: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #6846: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6847: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628182792   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6848: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6849: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6850: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182786 (0x25714f02)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:37:47 2016
            Not After : Mon Jun 28 18:37:47 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ea:46:e3:ef:59:ad:7f:e5:d1:28:bb:e1:76:08:24:65:
                    36:9f:32:dc:51:2d:16:ad:bc:76:a9:e3:88:b4:fb:e8:
                    b5:ca:b4:a7:3b:0c:c9:46:8c:4f:80:d4:b0:e4:0b:a6:
                    48:95:b2:7c:d5:c7:56:90:94:3a:31:09:61:eb:38:f8:
                    7f:75:a5:c7:ef:37:92:2b:45:09:41:67:d1:1d:77:2b:
                    74:52:8b:d1:b3:d4:a8:91:a1:2e:cb:c1:6c:d0:f8:cc:
                    ea:d3:7f:56:1c:e6:01:de:61:4c:22:b3:15:8d:e4:4d:
                    35:f0:8c:b1:38:55:e2:d8:71:3b:4b:99:40:77:6a:0b:
                    a5:be:e6:03:f2:82:09:ee:24:eb:38:f4:c7:51:1c:09:
                    bf:ee:04:e8:0c:56:f4:b0:4c:2c:cc:e3:8b:2a:3e:c2:
                    c1:f9:ce:92:7d:71:27:93:e1:7d:ef:2d:e9:63:96:bd:
                    13:86:c5:f7:74:12:c8:96:c8:f7:33:a2:ed:14:a3:62:
                    17:e0:9b:39:15:21:75:62:c2:34:54:bf:bd:a4:68:78:
                    34:d5:ba:bb:ea:a4:2b:c7:04:79:ab:6c:9c:51:46:a3:
                    12:ce:bd:b3:f6:a1:4d:c6:35:85:25:55:f1:4f:40:ad:
                    4f:48:a7:10:3b:92:9b:e5:0e:66:e2:4d:82:a0:f3:8d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        26:b4:65:7e:30:a1:0e:17:ec:09:48:96:1d:85:83:aa:
        64:e2:1a:f7:4f:ae:0a:7c:0d:00:c6:7f:30:de:d0:c5:
        da:02:b5:a5:c6:02:64:84:1d:ef:9f:70:bf:ff:28:66:
        77:60:2a:5f:70:7a:55:42:b5:1a:66:3a:42:2c:ef:9d:
        e4:d2:10:e3:e5:e6:b0:d5:b3:74:e4:0f:0f:ac:5c:b0:
        49:82:ae:75:50:90:42:c1:cb:27:a7:93:df:41:b9:f6:
        c8:d7:1f:fa:d0:f5:bf:88:c6:aa:2a:bf:ab:2b:62:6e:
        8e:8a:74:02:db:dc:f3:19:fd:c6:8f:01:79:fb:f3:06:
        30:bd:a8:5b:00:1a:b3:00:a0:24:bf:94:82:1d:7c:b0:
        9a:2b:e6:98:57:e3:e1:a2:9c:37:a4:67:6b:20:10:3f:
        81:fb:39:82:4c:d4:2a:ab:ae:e9:1c:1e:8c:ff:e3:9a:
        b7:e3:57:87:c5:ba:bf:3f:00:f7:4b:b9:8b:a1:86:3d:
        b0:bd:18:0c:67:03:13:70:66:92:31:a0:4e:34:7f:7d:
        2e:e2:52:be:c0:cc:73:dc:28:2a:ef:64:f3:95:56:2f:
        9a:e3:78:36:13:ed:9e:fb:36:b2:6d:15:7c:2c:cd:a6:
        e0:7c:ba:d4:a4:14:bb:85:28:f2:20:60:30:56:94:67
    Fingerprint (SHA-256):
        68:E6:D2:BE:0B:59:66:09:5F:E5:1F:39:11:87:66:D1:2A:2A:C1:6D:70:B5:73:DF:63:66:23:72:98:69:D9:00
    Fingerprint (SHA1):
        49:4D:10:75:27:9E:D6:E4:E7:BB:CF:1A:78:E7:59:60:DB:C4:03:0E
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #6851: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6852: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6853: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #6854: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182786 (0x25714f02)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:37:47 2016
            Not After : Mon Jun 28 18:37:47 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ea:46:e3:ef:59:ad:7f:e5:d1:28:bb:e1:76:08:24:65:
                    36:9f:32:dc:51:2d:16:ad:bc:76:a9:e3:88:b4:fb:e8:
                    b5:ca:b4:a7:3b:0c:c9:46:8c:4f:80:d4:b0:e4:0b:a6:
                    48:95:b2:7c:d5:c7:56:90:94:3a:31:09:61:eb:38:f8:
                    7f:75:a5:c7:ef:37:92:2b:45:09:41:67:d1:1d:77:2b:
                    74:52:8b:d1:b3:d4:a8:91:a1:2e:cb:c1:6c:d0:f8:cc:
                    ea:d3:7f:56:1c:e6:01:de:61:4c:22:b3:15:8d:e4:4d:
                    35:f0:8c:b1:38:55:e2:d8:71:3b:4b:99:40:77:6a:0b:
                    a5:be:e6:03:f2:82:09:ee:24:eb:38:f4:c7:51:1c:09:
                    bf:ee:04:e8:0c:56:f4:b0:4c:2c:cc:e3:8b:2a:3e:c2:
                    c1:f9:ce:92:7d:71:27:93:e1:7d:ef:2d:e9:63:96:bd:
                    13:86:c5:f7:74:12:c8:96:c8:f7:33:a2:ed:14:a3:62:
                    17:e0:9b:39:15:21:75:62:c2:34:54:bf:bd:a4:68:78:
                    34:d5:ba:bb:ea:a4:2b:c7:04:79:ab:6c:9c:51:46:a3:
                    12:ce:bd:b3:f6:a1:4d:c6:35:85:25:55:f1:4f:40:ad:
                    4f:48:a7:10:3b:92:9b:e5:0e:66:e2:4d:82:a0:f3:8d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        26:b4:65:7e:30:a1:0e:17:ec:09:48:96:1d:85:83:aa:
        64:e2:1a:f7:4f:ae:0a:7c:0d:00:c6:7f:30:de:d0:c5:
        da:02:b5:a5:c6:02:64:84:1d:ef:9f:70:bf:ff:28:66:
        77:60:2a:5f:70:7a:55:42:b5:1a:66:3a:42:2c:ef:9d:
        e4:d2:10:e3:e5:e6:b0:d5:b3:74:e4:0f:0f:ac:5c:b0:
        49:82:ae:75:50:90:42:c1:cb:27:a7:93:df:41:b9:f6:
        c8:d7:1f:fa:d0:f5:bf:88:c6:aa:2a:bf:ab:2b:62:6e:
        8e:8a:74:02:db:dc:f3:19:fd:c6:8f:01:79:fb:f3:06:
        30:bd:a8:5b:00:1a:b3:00:a0:24:bf:94:82:1d:7c:b0:
        9a:2b:e6:98:57:e3:e1:a2:9c:37:a4:67:6b:20:10:3f:
        81:fb:39:82:4c:d4:2a:ab:ae:e9:1c:1e:8c:ff:e3:9a:
        b7:e3:57:87:c5:ba:bf:3f:00:f7:4b:b9:8b:a1:86:3d:
        b0:bd:18:0c:67:03:13:70:66:92:31:a0:4e:34:7f:7d:
        2e:e2:52:be:c0:cc:73:dc:28:2a:ef:64:f3:95:56:2f:
        9a:e3:78:36:13:ed:9e:fb:36:b2:6d:15:7c:2c:cd:a6:
        e0:7c:ba:d4:a4:14:bb:85:28:f2:20:60:30:56:94:67
    Fingerprint (SHA-256):
        68:E6:D2:BE:0B:59:66:09:5F:E5:1F:39:11:87:66:D1:2A:2A:C1:6D:70:B5:73:DF:63:66:23:72:98:69:D9:00
    Fingerprint (SHA1):
        49:4D:10:75:27:9E:D6:E4:E7:BB:CF:1A:78:E7:59:60:DB:C4:03:0E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #6855: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6856: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6857: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6858: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182793 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6859: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6860: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6861: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6862: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182794   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #6863: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6864: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6865: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6866: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182795   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6867: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6868: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #6869: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6870: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182796   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6871: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6872: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6873: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #6874: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #6875: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #6876: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182793 (0x25714f09)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:00 2016
            Not After : Mon Jun 28 18:39:00 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f9:72:aa:3b:e2:8e:db:ce:a4:eb:ee:84:42:5e:53:5b:
                    3c:6f:75:0c:00:d1:35:fe:1c:5d:27:1d:6d:38:ee:0d:
                    56:fe:7f:6f:d1:30:78:71:b4:76:d1:72:7c:45:72:d8:
                    84:b4:15:e4:3c:40:b2:bf:c0:19:9c:84:50:05:7e:ff:
                    de:72:10:3d:ee:e6:7b:67:2a:25:85:0e:db:8d:77:96:
                    5a:cc:7d:d1:0c:e7:89:66:71:c2:da:29:3f:70:67:2b:
                    f8:36:3c:2c:0a:29:97:64:40:8a:78:61:9e:ba:37:15:
                    50:76:39:4d:53:60:11:ab:82:8a:5f:2f:33:c5:3a:86:
                    32:6f:46:42:29:0d:f6:21:16:bd:8e:81:ef:67:e7:86:
                    6d:25:6e:f8:16:72:b6:cc:d8:45:bd:b6:1f:fb:2f:c1:
                    a8:dc:42:94:c0:0b:58:c8:b2:bd:6b:f4:eb:7c:87:01:
                    22:aa:89:00:a7:f2:5e:76:52:d0:ed:44:42:f2:45:a9:
                    47:32:1d:31:d6:c4:86:5f:6c:15:e3:df:49:d2:90:22:
                    be:84:7a:f5:13:1a:e9:44:de:20:d5:e1:33:29:7e:9f:
                    64:47:47:ae:38:ca:cd:c7:db:5b:f6:23:15:00:58:80:
                    0f:12:41:a4:ec:5d:8f:03:9a:4c:9a:19:16:93:92:6d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        89:2b:ea:ee:09:5d:5e:d5:a3:6b:db:40:8a:9d:ae:be:
        c7:56:dc:bc:19:ef:93:7f:19:aa:7d:d6:40:cd:2e:f3:
        1c:6f:8d:1e:85:dd:2d:70:3d:37:86:97:f8:02:77:9a:
        eb:0a:a9:21:63:e4:76:eb:eb:45:d3:92:6f:94:dd:6b:
        33:4e:28:bb:04:e1:82:64:e8:0a:8b:a2:3b:ff:d8:b8:
        2c:fd:3f:77:53:a9:af:73:7c:7a:36:0a:d4:d8:aa:f9:
        ca:4a:bc:89:94:cc:a6:82:c5:24:a8:b4:a9:d7:7d:ae:
        d2:f4:7b:68:57:42:4f:95:6b:58:23:f6:94:2b:c2:ae:
        72:73:ed:e4:9f:fc:96:00:dc:a9:48:9f:d4:d2:85:2d:
        1d:4c:88:84:6d:3e:d9:f6:39:59:e7:8d:d1:05:ca:f2:
        42:ae:6b:bd:32:56:3b:1d:57:59:9f:09:7c:fc:12:38:
        5e:12:2c:20:63:94:d5:64:ef:ce:d4:6c:ce:b9:49:e9:
        29:44:c2:30:ca:6c:7e:47:46:c3:56:86:6e:b3:9e:a5:
        39:a8:2d:d9:61:5d:21:88:71:5f:be:18:a6:a6:69:7c:
        eb:73:86:79:7c:74:ae:85:10:d7:3d:c5:4b:57:b7:5e:
        ce:77:b6:88:00:f4:e3:1d:b7:2f:2c:46:5e:a1:ae:7b
    Fingerprint (SHA-256):
        95:34:8A:DE:42:63:8B:71:BE:E7:21:B7:CF:19:51:A2:2E:37:17:17:C7:E3:59:50:84:93:94:BF:95:0B:37:56
    Fingerprint (SHA1):
        31:F0:17:90:CB:F1:95:38:B1:CE:74:BA:9F:EA:92:AC:3E:48:57:28
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6877: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6878: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6879: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182794 (0x25714f0a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:05 2016
            Not After : Mon Jun 28 18:39:05 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d2:9d:15:af:77:4b:dd:40:94:80:72:cf:14:71:73:b6:
                    0e:6f:c0:8f:72:8d:5c:b6:97:ec:dd:ed:cb:86:6a:02:
                    0b:01:cd:e1:83:22:14:35:29:00:32:fc:e7:f1:b8:5a:
                    13:79:fc:98:65:d7:2e:c3:ac:c2:e7:0c:d7:8f:82:99:
                    b5:d4:86:9a:6b:c9:fd:aa:1a:ba:98:ef:c6:84:85:49:
                    1e:63:2b:06:6d:ff:62:c7:77:02:fc:55:0e:46:f4:40:
                    a6:b9:71:27:8b:77:04:a5:67:4a:77:72:1c:e7:f5:01:
                    a8:a7:47:57:a7:88:5a:0b:6a:16:f4:0c:31:d2:a8:eb:
                    42:20:8a:6c:f1:5a:48:5c:08:0d:2a:c7:41:c9:1e:d3:
                    58:55:05:d3:5d:07:15:39:ce:7b:74:96:62:d7:c1:91:
                    d1:c0:74:de:9b:32:6d:ab:ee:80:25:a0:5c:bc:76:c9:
                    66:cd:2b:09:f5:30:d8:3a:b6:16:b5:cc:cc:b2:f5:0a:
                    ec:d7:bc:d6:88:c2:98:43:51:e8:2b:14:c1:63:28:e2:
                    f8:4f:f9:de:db:ea:c1:eb:98:29:21:04:d9:26:ba:af:
                    f2:53:52:ec:14:fa:16:a7:66:72:b0:46:d1:30:76:a8:
                    b2:1f:c5:b2:26:61:a9:a2:fa:ec:33:1b:af:1c:d7:09
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:13:34:21:62:87:58:fc:a5:b5:20:1c:bb:02:3e:ae:
        d4:5b:b8:11:ad:b0:d4:6e:eb:1a:4e:43:94:48:0a:f2:
        7b:1b:2a:82:fd:2f:33:d9:25:80:03:dc:4c:2e:5e:21:
        a8:99:17:bc:a8:fb:36:0f:4e:5a:2c:c4:85:e8:cc:05:
        19:fb:50:2e:65:cd:e0:01:0b:fd:28:f2:ff:60:36:70:
        ee:d1:8a:f4:d4:38:de:b4:87:02:c8:50:fb:0f:76:24:
        ab:f2:35:97:68:d4:43:bc:71:fd:18:3c:59:22:0c:37:
        c6:b5:9c:cb:b4:16:72:a6:fa:36:b0:bf:17:71:ea:98:
        e5:e0:71:a3:11:1b:c3:e6:2f:c2:ae:f9:dd:30:16:30:
        bc:ea:42:09:0a:ac:4e:45:23:8b:0f:b7:a6:08:88:ff:
        7e:d6:2e:21:16:10:44:cf:f1:75:97:cc:24:93:ab:69:
        84:f9:89:b2:ef:a4:48:00:53:7d:81:fe:5d:43:92:e8:
        fd:ec:3e:62:97:ee:89:67:86:19:49:75:91:0d:87:4e:
        6a:6a:e1:0d:b2:42:3a:58:35:9c:40:fa:c5:1f:92:0b:
        ec:3c:c9:b5:fa:b3:c1:54:cd:34:c2:a5:ec:db:23:80:
        8e:4d:7c:f5:81:7b:80:3a:2f:25:5f:f9:32:42:92:e6
    Fingerprint (SHA-256):
        40:F9:A7:FD:85:7A:B9:04:3F:6F:54:50:7E:36:55:7B:FE:65:03:67:73:A0:BD:6A:A4:5C:BF:79:F4:89:89:F0
    Fingerprint (SHA1):
        45:92:C2:9C:9F:AD:DC:D7:B1:17:1A:43:84:2C:8C:DC:44:06:B5:E8
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6880: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6881: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182795 (0x25714f0b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:11 2016
            Not After : Mon Jun 28 18:39:11 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cc:df:b9:64:39:41:16:ac:b2:98:09:e4:98:80:b2:95:
                    b4:82:c9:de:c8:dc:6f:6f:84:d4:99:3e:24:fa:19:b6:
                    72:20:05:43:92:aa:25:16:72:67:0e:37:25:0a:86:79:
                    84:c8:3d:a7:19:bb:78:8d:c1:ef:16:ec:e8:4a:39:b9:
                    9d:6d:49:93:71:46:b6:93:c3:a5:fb:83:ed:22:f1:17:
                    7e:2b:36:f8:c4:eb:7d:c1:ec:fc:ba:b5:da:e9:d1:be:
                    06:b3:91:15:0f:c7:aa:60:a6:4c:0c:d8:ab:3b:32:45:
                    92:81:71:f5:b0:c7:fa:1d:f3:d2:6d:56:fe:68:e5:f3:
                    10:a5:23:d8:95:79:fa:da:4f:32:64:dd:01:ea:cd:24:
                    a4:53:09:e1:ac:41:51:90:bb:84:54:48:e3:ce:eb:39:
                    35:74:e7:b3:94:c1:cf:a2:b3:f9:55:8c:b8:62:cd:86:
                    b8:1a:76:85:ce:1f:aa:19:44:aa:d4:b6:9b:eb:8e:95:
                    13:25:cc:34:ca:b9:53:09:d5:f5:0d:14:2d:48:1c:2f:
                    86:d6:0b:1e:ed:f7:89:5f:7c:61:5d:f0:1b:7e:c4:76:
                    7b:0d:ad:86:0f:87:61:d1:57:89:7f:ea:e9:24:ab:8e:
                    89:58:58:3c:05:10:66:1e:6c:e5:79:7a:73:ba:14:bf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        76:c0:2e:1c:e8:ec:fd:f3:19:c0:20:e2:73:57:dc:a7:
        e9:28:36:a7:4e:74:2d:fa:4f:a3:25:e8:0f:b5:5c:e7:
        28:e6:bc:b2:8c:86:83:e0:f3:53:68:dd:df:0f:5c:51:
        0c:f5:e7:b9:30:ce:e8:ef:1a:15:c9:7d:69:00:2d:79:
        37:53:4b:91:d4:88:f2:29:8d:99:a9:15:5f:6f:7e:86:
        f7:95:4d:eb:37:6b:40:60:b8:19:30:d4:3d:89:b5:d8:
        a9:0f:b7:65:01:27:2d:f5:ef:cd:ba:69:b5:24:cd:7f:
        6a:9e:89:b0:02:db:48:36:3a:08:f5:56:bf:a3:06:9c:
        7f:d2:0a:e8:e2:66:2c:4e:af:5d:ab:df:c3:14:7d:d3:
        34:4f:a8:7e:15:c9:cf:67:5f:03:6d:98:82:ee:7f:bd:
        17:c5:01:43:ed:a8:f9:8b:fd:13:77:35:cc:df:8f:85:
        b5:0b:81:79:8e:07:18:14:d0:54:a5:6c:f9:be:e1:9d:
        c2:b4:bc:33:d2:a5:f9:fb:bb:b1:92:e0:76:51:1b:80:
        f2:8f:cb:33:7b:4f:9c:29:b2:d9:ca:62:fa:4e:13:29:
        ad:4a:a0:0a:d7:79:a2:1e:2e:41:0a:7d:b0:ce:f3:d9:
        7c:b2:39:11:35:0f:e4:7c:a8:41:d1:54:55:83:1b:6f
    Fingerprint (SHA-256):
        63:A1:63:FB:73:B0:9E:C9:2C:2B:E0:F9:CB:0B:4C:FF:9B:77:4F:DF:80:2A:BD:58:B4:6B:B7:A4:C0:4C:F2:80
    Fingerprint (SHA1):
        FA:94:D7:11:ED:7D:E4:27:42:71:42:EE:BC:2B:45:C5:C4:C3:8A:6F
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #6882: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6883: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182797 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6884: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6885: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6886: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6887: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182798   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6888: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6889: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6890: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6891: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182799   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #6892: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6893: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #6894: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6895: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628182800   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6896: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6897: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #6898: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6899: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628182801   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #6900: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6901: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #6902: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #6903: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #6904: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #6905: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #6906: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182797 (0x25714f0d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:29 2016
            Not After : Mon Jun 28 18:39:29 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:8f:6c:6d:5d:fc:1a:f2:80:4a:a3:6f:f2:38:16:a6:
                    00:c5:f3:cd:72:ca:81:33:ed:27:8c:c4:16:4d:b2:af:
                    5f:fb:b0:c2:ca:b4:2b:98:43:4d:2d:59:dd:c2:25:47:
                    b5:f3:42:3b:24:8a:1b:c3:bf:89:c0:5b:e4:f8:ed:b9:
                    08:0b:44:be:59:cb:2e:3f:56:6e:b6:4a:f9:ee:ca:90:
                    81:78:43:19:ef:d6:83:96:c2:ab:3d:4e:9d:9b:d9:af:
                    f2:e4:5f:03:11:3e:45:90:04:1f:29:2e:a3:53:ed:69:
                    ff:be:e3:5d:80:a9:5d:3a:8b:f4:74:6f:9c:a6:5c:52:
                    a5:f9:ef:0c:3e:97:d9:85:34:72:4b:c3:12:20:a8:68:
                    20:a3:a0:9e:0f:f7:b7:33:3a:af:51:51:6c:44:75:26:
                    1f:1f:92:d6:f0:3a:5c:53:57:c5:ee:1d:26:b9:c4:a7:
                    50:2b:4d:da:7a:fa:9f:d3:69:6f:4b:c9:7a:3d:59:f5:
                    48:59:f3:f5:ca:dc:9e:9f:6a:95:28:d3:e4:6d:0d:ae:
                    cf:a9:89:7e:89:55:b0:f6:e9:f5:91:0f:b3:ea:2c:af:
                    f1:01:ba:75:ab:eb:07:7b:9e:ad:77:cf:9a:3a:ec:5f:
                    e2:a7:ff:7d:0d:14:72:6a:69:6c:3d:44:38:cf:a4:0d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        68:25:b7:b6:6c:ed:74:39:a9:c9:62:5d:23:14:61:d9:
        58:4c:e7:46:42:10:cc:30:21:d9:48:a2:ed:ea:84:4e:
        f0:4f:e4:8a:a9:81:28:7c:3a:ad:4f:3f:91:4b:49:e4:
        6c:6d:3b:b0:4a:0c:f9:18:a8:82:d0:02:18:d8:99:3c:
        48:13:2f:ef:58:e9:09:e3:18:e6:52:68:3f:04:e0:9c:
        23:b5:e5:1c:08:56:fe:a0:c3:08:2b:91:fb:15:39:6a:
        d8:b8:c0:14:89:a6:05:1a:d0:54:c4:aa:c7:42:ba:af:
        d8:4e:b8:a6:2c:e9:b6:47:64:7c:fd:e1:7e:16:a5:a7:
        1c:6d:ea:c3:f2:73:d3:99:f2:2e:9b:f0:22:85:ab:46:
        48:2c:a3:d1:ef:1a:1c:36:52:36:45:0d:cd:82:f1:b9:
        4f:10:ac:1d:69:e4:ff:e1:9f:e4:cd:25:f5:b1:8b:aa:
        e6:05:34:9f:dd:20:ed:c0:b8:2a:b9:a8:52:f0:44:c3:
        d1:5f:01:4f:ee:2d:89:1e:80:84:57:ae:10:90:2e:bf:
        56:3e:93:5c:a0:fc:e2:3c:b0:6a:06:ff:6f:43:76:54:
        ac:6c:2e:09:9c:50:32:52:33:13:ff:a5:03:ef:ee:98:
        75:e0:c1:db:00:9a:00:5e:73:43:cd:00:d2:da:21:36
    Fingerprint (SHA-256):
        49:90:95:4B:E3:71:31:72:AC:7C:54:B7:A9:36:E7:DF:68:64:B0:E2:C1:B4:1E:5C:72:86:82:15:DE:0A:95:4B
    Fingerprint (SHA1):
        2F:F2:6D:F7:26:3D:94:3A:06:02:15:04:45:05:C9:EA:28:2D:66:6F
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6907: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6908: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182798 (0x25714f0e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:36 2016
            Not After : Mon Jun 28 18:39:36 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:13:1f:76:d0:1f:0a:d5:cd:d5:47:c7:55:fc:cb:e4:
                    50:b3:84:b3:2d:2f:12:8c:a6:c0:e1:6e:49:8c:f9:11:
                    4e:e5:4d:99:af:66:6a:4e:f6:44:c7:32:c7:91:53:fa:
                    cb:17:48:f4:28:8f:04:2b:42:60:e1:99:8f:31:c7:79:
                    85:30:8c:c1:13:06:6a:d9:f3:a3:45:69:ac:f6:9d:39:
                    73:87:7a:d5:a9:57:54:91:54:b9:46:06:74:a8:8a:28:
                    52:e8:b1:2e:16:c1:bc:29:2c:50:be:f5:fe:6b:c8:7f:
                    3c:dd:b6:a4:b7:67:ab:06:ca:ec:e0:21:05:31:0e:62:
                    51:8f:06:7e:85:d6:bb:48:d8:e0:bc:43:81:fa:87:a7:
                    eb:fe:af:4e:34:50:2b:b2:4e:af:86:03:60:6a:f3:d0:
                    69:74:ef:46:4f:33:2c:5a:af:1a:f0:c1:aa:4a:e7:b6:
                    d0:c5:19:2e:0e:f4:b0:09:9a:11:6d:6b:05:05:40:98:
                    89:cb:15:51:f8:b4:a2:30:20:98:9b:01:c3:b5:b5:30:
                    26:e0:d5:b8:4a:c3:7a:07:36:6b:74:d5:d8:93:c4:38:
                    93:74:94:37:65:ef:b0:c8:96:e5:2c:a1:fd:6b:f8:6a:
                    02:1c:ed:c4:09:89:5e:01:21:f2:8e:81:42:34:c4:43
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0d:f4:e6:57:b2:f6:22:ee:8d:dd:d4:43:de:36:1c:ca:
        9e:be:6e:c4:c9:1f:9b:60:f0:22:69:41:b3:fc:f6:ab:
        99:4d:66:12:2a:df:8f:8c:46:72:b9:09:26:38:20:55:
        20:4b:9c:1f:c0:67:c6:91:80:88:35:75:c7:1f:58:f3:
        a9:88:7a:3d:ad:b6:a6:25:5a:80:81:21:ee:29:3b:e1:
        48:84:5c:4f:48:00:87:d2:e9:f7:da:0c:3c:ca:64:ca:
        f8:83:32:1c:da:bf:bf:be:64:c5:35:56:b9:8e:54:83:
        c5:b2:d8:df:a5:65:38:26:3d:fc:c6:ae:28:8d:13:f2:
        14:ab:ba:09:2e:f9:cf:a8:d4:22:2f:65:16:27:a1:4b:
        66:c0:a8:e9:d8:30:6a:d9:f5:40:55:3a:eb:68:e2:ba:
        e0:2d:b0:4f:4a:5c:26:a4:a1:ed:08:7f:b1:94:34:30:
        09:bc:d9:10:89:01:a8:75:73:34:fa:83:b9:d4:33:73:
        93:b1:7e:dd:0d:34:7b:d2:5d:5c:6b:1f:de:21:18:f0:
        33:98:72:b2:e1:ed:e9:28:fb:a4:44:20:71:be:ee:4a:
        7e:1b:6d:47:ed:45:43:31:b0:5d:38:d7:63:ba:8a:97:
        0a:23:3a:79:72:ba:63:5e:d4:cd:06:9b:28:48:a0:fa
    Fingerprint (SHA-256):
        D8:FC:37:81:5B:AD:BF:C6:C7:09:8A:D1:F9:DB:D6:58:00:9E:1B:FE:09:91:63:E3:29:33:72:29:96:3F:CE:33
    Fingerprint (SHA1):
        62:9F:10:41:D5:F2:E7:7A:43:A7:03:4D:C1:33:8A:76:71:BA:33:57
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #6909: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6910: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #6911: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182799 (0x25714f0f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:39:45 2016
            Not After : Mon Jun 28 18:39:45 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b4:e9:64:ca:c4:4f:1f:3c:05:64:ca:07:25:2f:eb:9e:
                    56:50:16:69:38:0d:76:04:05:b9:ad:df:67:be:ed:d5:
                    31:33:d1:34:7e:20:d5:46:4d:c9:08:b8:2b:69:bb:7b:
                    9b:7b:5e:22:b9:d1:64:ec:c2:08:e2:b2:1c:6e:99:a7:
                    f8:1b:5a:39:4a:7c:fc:80:82:bc:99:b2:68:27:8c:71:
                    68:a1:36:96:06:19:54:21:73:91:88:b3:cd:f2:b6:59:
                    8b:f2:3c:83:aa:b9:02:b3:b0:18:0b:b3:cb:0e:73:b4:
                    56:5f:ba:f5:25:13:d1:09:7e:12:e5:fc:00:65:36:e1:
                    9c:d8:c3:64:8e:cb:a4:e4:a4:28:1f:d3:e8:ef:17:ae:
                    39:46:b7:74:a1:dd:ff:bd:b4:2e:09:50:04:8e:10:d3:
                    96:b0:85:a4:95:1f:6c:05:63:d1:5f:71:da:4f:15:2a:
                    dd:31:99:ad:33:25:3e:24:1b:c2:4c:64:65:0f:3b:1e:
                    2b:26:a3:2a:e1:a6:35:2f:06:9d:7c:ec:04:bc:9f:f8:
                    25:99:53:85:94:25:05:05:51:0e:f9:c5:85:ed:ef:aa:
                    6e:d7:a9:c0:d7:3a:87:f4:1a:e1:40:19:6f:84:1a:02:
                    ba:0e:37:43:f4:f6:1b:48:0d:22:55:f6:cc:f2:c5:e1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        d4:74:1a:a7:32:0f:42:7e:4c:41:17:f7:82:af:ee:20:
        d4:4d:ba:84:d5:73:56:2d:88:cd:88:d2:e6:a8:5c:a4:
        94:b2:65:0b:e4:05:9d:07:41:3d:ab:94:11:79:22:1f:
        55:0d:f0:8d:90:ba:74:87:8d:d9:57:21:5c:04:88:20:
        43:d6:e2:e4:34:66:3c:14:92:43:5e:cf:cf:c0:9c:74:
        60:8a:3a:9b:43:2f:ec:82:62:91:39:3f:21:16:ef:7d:
        07:43:73:a7:03:f5:6e:bf:41:86:6d:a7:bb:04:82:e6:
        47:b4:65:12:4e:43:27:5c:c9:a1:0d:08:ad:f0:35:0a:
        31:d1:31:07:fd:e8:d3:ab:20:62:b3:26:32:ee:29:b5:
        3a:38:2f:c1:bf:88:69:8c:b3:43:f2:c8:4b:39:54:0d:
        dc:9e:b5:f8:52:23:bf:fe:87:09:64:1a:40:4e:9a:fd:
        b2:96:a3:0e:bb:e0:d2:a1:6a:68:50:25:fe:ab:60:8f:
        77:0e:8e:bd:50:de:f3:3d:cd:ca:69:ca:b3:84:5b:57:
        1c:44:b1:3f:9f:cb:a4:c8:78:2c:52:74:44:1c:30:89:
        46:62:bc:b1:b0:c2:b9:0d:40:59:51:78:bd:7e:a4:eb:
        51:55:2d:cd:55:50:22:fd:72:1a:07:bc:2e:cb:bc:2f
    Fingerprint (SHA-256):
        64:B5:A5:12:EF:E8:6B:AE:F8:ED:FF:4B:8A:C2:A4:DA:A9:12:04:DC:8D:42:6D:FB:00:8D:C6:67:ED:5F:4C:89
    Fingerprint (SHA1):
        1C:C3:B2:97:E9:A8:25:AF:46:EA:A8:65:F3:51:52:EA:21:01:3D:67
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #6912: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #6913: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182802 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6914: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #6915: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6916: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6917: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182803   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6918: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6919: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6920: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6921: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182804   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628182711.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6922: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6923: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #6924: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6925: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182805   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6926: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6927: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #6928: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182802 (0x25714f12)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:40:11 2016
            Not After : Mon Jun 28 18:40:11 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ac:4b:bd:19:7e:44:47:1f:5f:9d:f5:4f:75:89:06:ab:
                    d4:ad:93:ad:52:d2:a8:a7:8a:96:55:ce:d9:f1:da:fc:
                    a7:19:59:08:db:18:ac:d1:95:c1:ad:10:4a:e3:d3:83:
                    c1:23:4a:82:86:9b:2d:50:0f:95:ee:e5:3a:a4:58:67:
                    59:03:08:fd:65:65:6f:ad:2b:ad:ab:67:47:70:92:54:
                    f1:e2:c0:82:dc:63:3c:fd:46:98:ac:42:8c:7e:5c:09:
                    8b:8d:d4:b1:ad:96:0b:9a:8b:89:9e:1f:83:17:0d:57:
                    c7:a5:eb:97:ba:ac:83:93:7a:02:78:02:cb:16:94:be:
                    f5:77:59:09:eb:e9:85:c9:29:4e:60:ba:0d:17:33:c1:
                    e5:c9:b2:dc:7a:e8:cf:18:19:bc:bf:91:97:06:e5:fd:
                    78:d6:9d:ef:e6:67:33:42:83:d2:46:df:49:d0:7e:07:
                    1a:84:e8:ce:ba:9b:03:0d:71:d6:4d:5a:b5:70:1b:79:
                    27:f9:ed:41:44:e5:99:a2:91:60:dc:a3:f8:5e:d2:8e:
                    40:53:9d:cf:82:ca:1f:e1:19:dd:f3:6a:58:fb:70:b2:
                    0a:e4:d2:79:82:c3:1e:b1:1a:13:9e:4f:74:cb:8b:4a:
                    ab:81:17:fb:67:db:43:1d:7b:63:4c:d8:e7:23:f8:99
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:3a:a5:37:af:a1:2f:79:9b:8b:fb:5b:b7:b9:29:76:
        c7:d3:3d:08:5c:19:af:b5:6a:ec:cd:83:e4:c4:ed:38:
        68:14:4e:30:37:82:8a:8b:35:39:d8:1f:ae:b6:c3:c8:
        3a:d2:8a:f3:d2:56:db:4f:93:c4:ab:1e:85:33:98:ce:
        f9:66:d1:d8:88:a0:a3:a5:be:79:26:97:27:cc:1a:80:
        93:6b:ca:8e:a1:d0:6c:0f:f3:9c:6a:95:3b:22:12:d7:
        79:55:9a:17:bf:0c:49:72:3f:88:81:da:1b:9f:6b:b8:
        cc:92:46:86:ab:81:50:a8:5a:47:49:86:b6:eb:79:22:
        35:57:7f:4c:f2:e0:40:4b:77:d4:82:c5:01:1b:61:f3:
        4e:07:e3:0a:d8:d3:18:95:2f:5a:da:67:22:b1:5c:c6:
        31:15:ca:e6:6a:f8:a5:4d:72:56:5d:a2:10:15:2d:ad:
        87:78:0d:23:a5:b4:25:22:78:aa:1c:45:44:98:da:49:
        f4:2c:f8:e4:d7:00:d5:1c:b3:92:2c:6e:5b:d7:8c:3d:
        47:38:4a:57:cc:99:81:46:e9:2e:fc:42:f3:09:8e:6a:
        a5:5d:65:52:08:2e:c3:a7:65:bc:aa:e8:f2:30:78:9d:
        67:a0:b2:84:f3:90:cb:e5:55:d8:9a:fa:22:ac:2a:7f
    Fingerprint (SHA-256):
        E8:28:22:5D:A9:BE:DC:FF:C1:A3:47:3A:B9:37:AA:B0:74:CA:05:10:29:CC:CC:8F:42:15:53:70:B4:94:09:7A
    Fingerprint (SHA1):
        27:AD:2E:92:4B:52:CF:0F:E5:E2:96:B6:CC:85:D4:B5:B3:7A:80:1E
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #6929: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #6930: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182806 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6931: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #6932: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #6933: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182807 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6934: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #6935: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #6936: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6937: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182808 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6938: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6939: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182809 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6940: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6941: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #6942: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6943: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6944: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182810   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628182712.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6945: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6946: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #6947: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6948: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182811   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6949: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6950: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #6951: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182806 (0x25714f16)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:40:50 2016
            Not After : Mon Jun 28 18:40:50 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9a:1e:56:42:d0:f2:18:92:7f:8d:b1:82:17:b2:84:85:
                    eb:45:a2:42:bb:54:12:a3:a2:4b:3f:1c:a6:48:b6:ed:
                    b2:26:c8:93:ee:fb:4d:39:cc:4f:a0:35:69:60:b3:51:
                    25:99:5d:ce:2f:db:6e:e4:53:a1:7d:74:6a:51:d3:38:
                    c9:16:5a:ef:aa:ee:81:4c:b0:80:93:55:27:6f:4d:1e:
                    22:16:87:25:03:bc:16:bf:99:a7:cc:c2:d7:58:77:24:
                    9d:6d:3b:ed:31:22:58:bc:5d:58:f0:52:c5:d1:99:42:
                    ac:73:70:09:7a:bf:c3:27:66:44:13:b8:29:f8:b6:68:
                    66:58:2c:78:66:aa:22:c3:a3:b6:1d:23:c9:b0:01:f6:
                    b1:dd:02:00:74:57:05:d3:20:12:15:b5:01:3c:5a:f8:
                    de:40:c3:5f:25:db:1f:12:a2:12:b8:71:cb:37:fd:d6:
                    5b:09:c6:72:77:34:41:49:58:b1:97:dc:59:af:68:02:
                    e6:6c:77:a7:ef:07:1e:b2:32:51:8e:71:4c:dd:1e:f4:
                    61:78:fb:ed:a5:52:d3:1f:56:3d:f1:eb:0d:83:88:6f:
                    65:99:89:8c:12:aa:5f:b7:e7:fb:2a:84:f7:2f:70:f4:
                    16:de:e7:dc:2c:99:0f:cb:eb:79:1e:7e:f7:85:28:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        96:91:f9:cc:04:ff:85:aa:50:86:d3:03:f1:15:c6:a0:
        ee:2e:bd:bb:41:19:dd:73:26:fb:65:87:db:c2:7e:8c:
        26:f7:8a:e9:9a:c9:4b:ce:b6:b1:d7:ce:62:04:5f:0a:
        f7:0c:8f:3a:e5:ef:d0:a2:ca:ea:30:b5:74:6a:c8:b8:
        f8:ad:9c:eb:f3:02:0b:3e:be:e2:d6:14:87:b9:f1:d8:
        93:ae:41:a3:2f:9b:48:f4:cc:52:33:a1:b0:4c:54:1d:
        76:3a:9a:fa:d9:78:18:09:5f:03:ca:98:a7:96:68:cb:
        11:46:e0:59:13:66:ca:b8:51:78:97:11:a9:1f:68:97:
        79:39:1c:85:f6:2e:a9:26:1d:8a:0c:49:4b:83:79:37:
        3c:b8:c5:40:0c:2e:04:2a:e0:ff:46:24:87:d0:98:5e:
        03:b3:91:26:60:b1:4b:21:fc:12:13:cd:96:74:78:8a:
        bd:a2:fa:b5:fd:ce:9e:d7:59:e9:3f:73:fa:30:d2:09:
        37:10:af:b1:e8:5d:ea:bf:e7:2f:95:41:1e:f4:1b:67:
        0a:12:f4:f3:17:5e:e2:4b:de:8b:5b:5d:39:3c:66:0b:
        6b:2a:33:f2:cd:6b:ec:fd:c0:62:3f:5e:a1:7f:9c:7c:
        e3:95:98:f8:b8:43:19:9a:b4:e6:70:f1:fc:00:dd:81
    Fingerprint (SHA-256):
        85:63:D7:49:FB:88:BC:2E:F2:4A:06:93:B0:83:78:6E:7B:F3:88:C6:B7:F0:C0:B8:38:3F:8D:08:0F:0B:0D:39
    Fingerprint (SHA1):
        6C:59:1E:FD:C5:AF:75:6C:07:15:9E:96:37:BE:C7:31:26:5D:3F:41
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6952: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182807 (0x25714f17)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:00 2016
            Not After : Mon Jun 28 18:41:00 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:bf:b1:83:17:9a:b4:c3:a4:82:93:79:75:89:23:52:
                    1f:fa:0b:28:98:54:b4:65:22:7d:8b:89:bc:c6:a9:e7:
                    03:5b:17:14:f4:52:7e:aa:d7:84:de:84:19:49:15:f0:
                    7e:00:ec:3e:47:46:82:2e:4a:63:b2:98:1f:57:8a:33:
                    7d:ca:85:b3:f7:40:2e:bc:f0:0b:7f:c9:b4:85:e6:d5:
                    43:3f:f6:35:7e:b4:9f:37:9a:e2:7f:98:a9:cd:37:d0:
                    f4:58:e1:12:4c:2f:75:c8:c5:44:ed:5b:d1:9e:a1:49:
                    a3:07:09:68:22:21:80:51:54:df:5a:08:25:51:ec:23:
                    40:c6:9e:2f:0d:e9:31:12:20:a5:a3:1f:1a:2f:9c:09:
                    27:75:8b:73:a4:69:a4:74:47:b9:e2:47:b7:c9:cd:62:
                    a6:f7:0c:cd:49:1d:48:7f:29:77:b5:48:1c:43:50:bc:
                    32:cd:c1:70:57:a9:81:62:1b:5f:da:4a:07:1b:13:5f:
                    87:cd:8b:ff:ba:cf:4c:a5:c1:7b:10:9b:0f:dd:c3:cd:
                    79:a1:91:f5:e8:0f:d1:13:58:ba:2a:48:c7:c7:eb:5a:
                    bc:2c:1f:12:25:48:a3:4f:cc:6e:60:bf:ef:e7:99:86:
                    e6:82:51:99:46:36:22:17:85:ac:ff:90:d6:86:86:7d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5f:4d:25:0f:b9:03:42:6c:15:62:88:3d:35:5d:fb:12:
        02:09:02:a7:4f:06:0d:c9:47:b8:13:73:0a:38:b5:3a:
        59:0f:f0:01:77:e6:ce:7a:17:56:85:64:26:b2:3c:c3:
        e9:e9:74:1e:50:eb:2a:f8:f3:9c:3d:ae:df:05:0a:8f:
        45:61:87:08:3d:b2:85:47:12:45:eb:14:5e:8c:de:89:
        65:7c:5b:49:89:d9:ad:f5:e5:56:6b:a4:04:1b:41:f0:
        63:55:6b:7e:11:be:24:5a:77:b0:f9:bb:36:c0:cf:78:
        a5:cd:57:9a:e2:9c:bd:8a:78:8d:cb:77:34:88:3c:ae:
        e6:66:09:40:7e:6b:51:12:6e:ea:ad:67:ab:21:4c:3a:
        6a:e1:a9:a7:53:46:a8:14:58:23:40:aa:53:ce:0a:20:
        45:8f:c5:c3:75:8b:a0:84:20:bb:8b:37:c4:97:46:ef:
        fe:b5:a1:23:e1:4d:7f:45:0c:6f:9f:b8:39:62:ab:e5:
        e4:d1:f3:b9:ed:f9:ce:b1:23:f4:18:35:be:e4:dd:2e:
        ab:3f:47:05:54:b4:c1:4a:ac:24:32:6c:3d:25:3d:dd:
        96:e8:d5:9e:c7:d4:c3:8a:51:2b:e0:8a:8d:3f:79:c7:
        92:d0:b5:4c:6e:e3:81:f6:4a:5e:19:83:f6:12:d2:12
    Fingerprint (SHA-256):
        49:9F:81:4B:2A:C5:4A:44:EB:96:0B:6A:2E:5E:17:9D:43:03:CB:2B:C6:5E:C5:E5:96:48:BD:6F:32:70:42:2F
    Fingerprint (SHA1):
        AD:43:55:AB:97:30:E4:81:55:E0:33:AA:01:2A:49:E6:0B:98:50:5C
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6953: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182807 (0x25714f17)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:00 2016
            Not After : Mon Jun 28 18:41:00 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    db:bf:b1:83:17:9a:b4:c3:a4:82:93:79:75:89:23:52:
                    1f:fa:0b:28:98:54:b4:65:22:7d:8b:89:bc:c6:a9:e7:
                    03:5b:17:14:f4:52:7e:aa:d7:84:de:84:19:49:15:f0:
                    7e:00:ec:3e:47:46:82:2e:4a:63:b2:98:1f:57:8a:33:
                    7d:ca:85:b3:f7:40:2e:bc:f0:0b:7f:c9:b4:85:e6:d5:
                    43:3f:f6:35:7e:b4:9f:37:9a:e2:7f:98:a9:cd:37:d0:
                    f4:58:e1:12:4c:2f:75:c8:c5:44:ed:5b:d1:9e:a1:49:
                    a3:07:09:68:22:21:80:51:54:df:5a:08:25:51:ec:23:
                    40:c6:9e:2f:0d:e9:31:12:20:a5:a3:1f:1a:2f:9c:09:
                    27:75:8b:73:a4:69:a4:74:47:b9:e2:47:b7:c9:cd:62:
                    a6:f7:0c:cd:49:1d:48:7f:29:77:b5:48:1c:43:50:bc:
                    32:cd:c1:70:57:a9:81:62:1b:5f:da:4a:07:1b:13:5f:
                    87:cd:8b:ff:ba:cf:4c:a5:c1:7b:10:9b:0f:dd:c3:cd:
                    79:a1:91:f5:e8:0f:d1:13:58:ba:2a:48:c7:c7:eb:5a:
                    bc:2c:1f:12:25:48:a3:4f:cc:6e:60:bf:ef:e7:99:86:
                    e6:82:51:99:46:36:22:17:85:ac:ff:90:d6:86:86:7d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5f:4d:25:0f:b9:03:42:6c:15:62:88:3d:35:5d:fb:12:
        02:09:02:a7:4f:06:0d:c9:47:b8:13:73:0a:38:b5:3a:
        59:0f:f0:01:77:e6:ce:7a:17:56:85:64:26:b2:3c:c3:
        e9:e9:74:1e:50:eb:2a:f8:f3:9c:3d:ae:df:05:0a:8f:
        45:61:87:08:3d:b2:85:47:12:45:eb:14:5e:8c:de:89:
        65:7c:5b:49:89:d9:ad:f5:e5:56:6b:a4:04:1b:41:f0:
        63:55:6b:7e:11:be:24:5a:77:b0:f9:bb:36:c0:cf:78:
        a5:cd:57:9a:e2:9c:bd:8a:78:8d:cb:77:34:88:3c:ae:
        e6:66:09:40:7e:6b:51:12:6e:ea:ad:67:ab:21:4c:3a:
        6a:e1:a9:a7:53:46:a8:14:58:23:40:aa:53:ce:0a:20:
        45:8f:c5:c3:75:8b:a0:84:20:bb:8b:37:c4:97:46:ef:
        fe:b5:a1:23:e1:4d:7f:45:0c:6f:9f:b8:39:62:ab:e5:
        e4:d1:f3:b9:ed:f9:ce:b1:23:f4:18:35:be:e4:dd:2e:
        ab:3f:47:05:54:b4:c1:4a:ac:24:32:6c:3d:25:3d:dd:
        96:e8:d5:9e:c7:d4:c3:8a:51:2b:e0:8a:8d:3f:79:c7:
        92:d0:b5:4c:6e:e3:81:f6:4a:5e:19:83:f6:12:d2:12
    Fingerprint (SHA-256):
        49:9F:81:4B:2A:C5:4A:44:EB:96:0B:6A:2E:5E:17:9D:43:03:CB:2B:C6:5E:C5:E5:96:48:BD:6F:32:70:42:2F
    Fingerprint (SHA1):
        AD:43:55:AB:97:30:E4:81:55:E0:33:AA:01:2A:49:E6:0B:98:50:5C
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6954: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #6955: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182812 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6956: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #6957: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #6958: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182813 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6959: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #6960: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #6961: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6962: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182814 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6963: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6964: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182815 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6965: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6966: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #6967: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #6968: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6969: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182816   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628182713.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6970: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6971: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #6972: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6973: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182817   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6974: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6975: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #6976: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6977: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628182818   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628182714.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #6978: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6979: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #6980: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #6981: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182819   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #6982: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #6983: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #6984: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182812 (0x25714f1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:53 2016
            Not After : Mon Jun 28 18:41:53 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:c0:cb:ca:7f:65:66:78:83:03:1e:1f:04:61:11:97:
                    66:32:3b:6a:22:b4:3f:16:a9:1d:f7:f0:26:e7:3a:e4:
                    30:64:e9:6c:2d:e5:53:be:e2:a9:61:71:6b:43:5f:6f:
                    5e:15:a1:0a:93:13:70:72:9d:6f:77:08:d3:ce:30:c5:
                    e1:25:ac:6a:9f:9d:b7:12:84:76:75:1d:23:ea:c6:5d:
                    e3:15:8c:e8:41:f1:7e:73:a5:61:ca:da:72:0c:dd:c1:
                    8d:4f:1e:e7:e2:8b:3e:c2:61:6c:7f:42:43:b5:36:f2:
                    8d:23:28:03:30:b1:f3:53:f1:0f:9e:dc:62:fc:2b:16:
                    6b:dc:5f:f6:c5:3e:e9:4e:8e:71:67:d7:11:1e:3f:1d:
                    0e:02:6c:31:8c:b0:87:cb:c6:37:b1:04:62:09:35:5f:
                    28:3e:62:9d:6f:c6:af:fc:9b:5d:28:60:b6:41:7f:55:
                    97:72:ac:d6:39:34:ab:5e:df:c6:ec:6f:e1:27:12:91:
                    d8:5a:fa:a6:87:29:57:20:14:93:5c:a2:a6:d9:d8:26:
                    e1:2c:4b:de:4a:c7:be:39:a7:ee:d5:8a:96:d1:f8:c6:
                    16:a7:f0:99:4d:ca:20:45:01:3f:3c:8a:b9:6a:e2:be:
                    80:e9:69:b7:6c:60:27:a3:27:3e:08:f5:ff:d0:2b:e9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8f:aa:73:9e:bf:9b:b5:89:f7:ca:22:4a:77:ad:d4:b7:
        e2:fc:8c:31:98:83:33:65:f7:16:db:71:28:4d:6a:31:
        21:82:77:fe:58:72:96:77:74:87:79:ce:c0:65:ee:2e:
        c8:8b:6c:72:1e:44:83:66:06:aa:30:6e:7a:e7:c7:f7:
        a3:c8:48:64:c9:35:ed:c0:34:54:78:b6:b2:49:6a:28:
        e5:77:1b:c1:85:96:2b:cc:bc:3e:86:bd:1e:4c:de:fc:
        09:ac:95:ed:6e:24:c1:89:ea:08:0b:61:30:60:fb:6d:
        f9:84:6e:e1:e1:47:c8:f6:f9:9a:c9:ad:b8:6a:27:e4:
        fa:99:9d:49:02:f8:b2:8e:39:18:cb:92:3e:32:ee:51:
        69:ab:d2:c0:3a:5e:2c:25:32:22:9c:ac:c4:ad:99:9d:
        81:da:2c:ea:73:0b:b2:1d:0c:66:15:56:c4:4e:61:3e:
        89:49:5c:15:40:8d:7a:77:37:ab:95:33:74:42:35:c4:
        a5:11:41:41:11:1d:25:df:a0:7a:47:63:77:fe:6b:01:
        13:27:05:63:74:a5:47:ec:39:70:f6:7b:ae:dd:5c:de:
        ff:3d:74:be:a3:11:e7:a6:30:d9:35:de:b6:38:2c:25:
        85:46:e2:47:37:03:4a:0e:c9:83:36:2b:a1:dc:06:dc
    Fingerprint (SHA-256):
        AF:61:7E:46:42:94:4F:B2:75:95:09:90:40:2A:94:09:F3:99:98:51:EE:B0:76:8A:54:A6:3A:58:F7:95:FD:D4
    Fingerprint (SHA1):
        8E:A0:B3:6B:FB:C5:2E:14:A8:81:3F:28:C0:ED:F0:DA:EA:99:10:88
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6985: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182813 (0x25714f1d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:59 2016
            Not After : Mon Jun 28 18:41:59 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:05:b8:5f:02:d5:fa:aa:56:ec:8d:65:e3:9c:0c:99:
                    09:49:3f:9a:90:0f:ba:92:00:3a:fa:f0:45:fe:99:1c:
                    71:d7:47:c6:1f:b6:37:06:9d:05:18:ac:da:74:ba:d5:
                    f2:07:43:ac:1c:22:99:c6:34:5c:b5:4d:98:5e:94:8f:
                    78:36:70:95:15:e4:b8:ad:3e:3d:f3:9a:7d:a6:35:b8:
                    e6:5d:08:91:34:e6:27:91:15:99:04:2f:84:b3:28:f9:
                    68:2e:22:2e:72:d2:09:8b:e7:b0:3c:c9:28:69:ac:be:
                    af:b8:45:6e:43:2c:a6:8e:b0:95:d5:ab:2d:fa:c8:50:
                    24:ef:dd:69:13:07:2e:1c:32:5f:3d:f3:5b:e4:29:8c:
                    6a:4c:5c:3d:d8:2e:51:ee:a8:66:04:4a:73:26:2f:67:
                    b7:03:f9:fb:11:65:5f:af:ca:e8:d1:60:da:80:f0:1b:
                    a2:69:fb:81:4f:59:a0:27:00:3a:b4:29:ae:5e:19:43:
                    4a:33:ed:2f:67:5d:9f:65:b8:a4:da:dd:78:6e:35:30:
                    69:6d:c6:72:9f:75:25:4f:55:62:8a:1d:ee:a4:5b:e7:
                    65:23:d7:94:8a:2f:b8:5b:48:2c:55:68:41:30:c7:2f:
                    b7:cb:ad:b6:be:b1:ef:84:e1:5e:db:15:4a:4d:4a:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:d5:2b:96:ed:ef:61:22:24:2e:f4:20:b1:f4:94:ac:
        9b:0b:b1:3e:2e:e2:dd:45:5b:53:66:04:d9:5b:f4:4b:
        a3:bb:03:4f:7a:8b:09:c2:94:61:26:a2:48:e9:46:0a:
        59:8d:a9:6f:4c:76:9e:80:1d:48:56:d6:c0:fb:ba:6e:
        59:8e:32:4b:c1:a6:b1:e3:ff:3f:ad:b2:2e:88:fc:3c:
        7e:91:02:3f:b2:b0:87:4d:59:1f:97:a0:8e:06:21:af:
        53:58:33:45:11:5a:73:b0:a4:a7:e5:80:53:f5:f3:c1:
        5a:0b:a2:f6:c8:42:48:bd:bb:1e:ac:84:c7:f5:a4:cc:
        46:e0:50:49:25:20:e7:07:89:70:91:3d:df:3d:fd:5f:
        f1:62:93:7d:e2:10:84:d1:e9:dd:25:09:04:06:16:f1:
        22:d8:5b:95:52:b4:09:1d:c2:f8:7d:89:3b:a7:e5:af:
        9e:74:cc:33:f7:13:79:08:5e:89:04:25:51:0c:b7:42:
        e7:ed:42:d6:f0:2f:a8:80:e1:a9:2d:d5:53:99:ba:68:
        36:2a:4c:40:28:64:61:ed:b3:05:fe:97:97:3b:9a:5f:
        cc:bc:40:2c:05:a7:b4:36:05:87:48:dc:7e:d4:ad:ad:
        71:c7:68:e3:d7:76:78:0c:7e:5d:15:e0:db:25:b5:d9
    Fingerprint (SHA-256):
        5E:5C:B3:1E:A7:B2:92:D2:34:D3:34:B7:1F:A1:0A:61:C9:A4:89:B5:A4:49:38:BC:BA:40:BF:64:29:39:FC:C1
    Fingerprint (SHA1):
        F1:7C:52:47:3B:48:D5:E5:43:C0:E3:39:16:0D:30:2C:A4:53:1E:44
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6986: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182813 (0x25714f1d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:59 2016
            Not After : Mon Jun 28 18:41:59 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:05:b8:5f:02:d5:fa:aa:56:ec:8d:65:e3:9c:0c:99:
                    09:49:3f:9a:90:0f:ba:92:00:3a:fa:f0:45:fe:99:1c:
                    71:d7:47:c6:1f:b6:37:06:9d:05:18:ac:da:74:ba:d5:
                    f2:07:43:ac:1c:22:99:c6:34:5c:b5:4d:98:5e:94:8f:
                    78:36:70:95:15:e4:b8:ad:3e:3d:f3:9a:7d:a6:35:b8:
                    e6:5d:08:91:34:e6:27:91:15:99:04:2f:84:b3:28:f9:
                    68:2e:22:2e:72:d2:09:8b:e7:b0:3c:c9:28:69:ac:be:
                    af:b8:45:6e:43:2c:a6:8e:b0:95:d5:ab:2d:fa:c8:50:
                    24:ef:dd:69:13:07:2e:1c:32:5f:3d:f3:5b:e4:29:8c:
                    6a:4c:5c:3d:d8:2e:51:ee:a8:66:04:4a:73:26:2f:67:
                    b7:03:f9:fb:11:65:5f:af:ca:e8:d1:60:da:80:f0:1b:
                    a2:69:fb:81:4f:59:a0:27:00:3a:b4:29:ae:5e:19:43:
                    4a:33:ed:2f:67:5d:9f:65:b8:a4:da:dd:78:6e:35:30:
                    69:6d:c6:72:9f:75:25:4f:55:62:8a:1d:ee:a4:5b:e7:
                    65:23:d7:94:8a:2f:b8:5b:48:2c:55:68:41:30:c7:2f:
                    b7:cb:ad:b6:be:b1:ef:84:e1:5e:db:15:4a:4d:4a:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:d5:2b:96:ed:ef:61:22:24:2e:f4:20:b1:f4:94:ac:
        9b:0b:b1:3e:2e:e2:dd:45:5b:53:66:04:d9:5b:f4:4b:
        a3:bb:03:4f:7a:8b:09:c2:94:61:26:a2:48:e9:46:0a:
        59:8d:a9:6f:4c:76:9e:80:1d:48:56:d6:c0:fb:ba:6e:
        59:8e:32:4b:c1:a6:b1:e3:ff:3f:ad:b2:2e:88:fc:3c:
        7e:91:02:3f:b2:b0:87:4d:59:1f:97:a0:8e:06:21:af:
        53:58:33:45:11:5a:73:b0:a4:a7:e5:80:53:f5:f3:c1:
        5a:0b:a2:f6:c8:42:48:bd:bb:1e:ac:84:c7:f5:a4:cc:
        46:e0:50:49:25:20:e7:07:89:70:91:3d:df:3d:fd:5f:
        f1:62:93:7d:e2:10:84:d1:e9:dd:25:09:04:06:16:f1:
        22:d8:5b:95:52:b4:09:1d:c2:f8:7d:89:3b:a7:e5:af:
        9e:74:cc:33:f7:13:79:08:5e:89:04:25:51:0c:b7:42:
        e7:ed:42:d6:f0:2f:a8:80:e1:a9:2d:d5:53:99:ba:68:
        36:2a:4c:40:28:64:61:ed:b3:05:fe:97:97:3b:9a:5f:
        cc:bc:40:2c:05:a7:b4:36:05:87:48:dc:7e:d4:ad:ad:
        71:c7:68:e3:d7:76:78:0c:7e:5d:15:e0:db:25:b5:d9
    Fingerprint (SHA-256):
        5E:5C:B3:1E:A7:B2:92:D2:34:D3:34:B7:1F:A1:0A:61:C9:A4:89:B5:A4:49:38:BC:BA:40:BF:64:29:39:FC:C1
    Fingerprint (SHA1):
        F1:7C:52:47:3B:48:D5:E5:43:C0:E3:39:16:0D:30:2C:A4:53:1E:44
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6987: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #6988: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182812 (0x25714f1c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:53 2016
            Not After : Mon Jun 28 18:41:53 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c3:c0:cb:ca:7f:65:66:78:83:03:1e:1f:04:61:11:97:
                    66:32:3b:6a:22:b4:3f:16:a9:1d:f7:f0:26:e7:3a:e4:
                    30:64:e9:6c:2d:e5:53:be:e2:a9:61:71:6b:43:5f:6f:
                    5e:15:a1:0a:93:13:70:72:9d:6f:77:08:d3:ce:30:c5:
                    e1:25:ac:6a:9f:9d:b7:12:84:76:75:1d:23:ea:c6:5d:
                    e3:15:8c:e8:41:f1:7e:73:a5:61:ca:da:72:0c:dd:c1:
                    8d:4f:1e:e7:e2:8b:3e:c2:61:6c:7f:42:43:b5:36:f2:
                    8d:23:28:03:30:b1:f3:53:f1:0f:9e:dc:62:fc:2b:16:
                    6b:dc:5f:f6:c5:3e:e9:4e:8e:71:67:d7:11:1e:3f:1d:
                    0e:02:6c:31:8c:b0:87:cb:c6:37:b1:04:62:09:35:5f:
                    28:3e:62:9d:6f:c6:af:fc:9b:5d:28:60:b6:41:7f:55:
                    97:72:ac:d6:39:34:ab:5e:df:c6:ec:6f:e1:27:12:91:
                    d8:5a:fa:a6:87:29:57:20:14:93:5c:a2:a6:d9:d8:26:
                    e1:2c:4b:de:4a:c7:be:39:a7:ee:d5:8a:96:d1:f8:c6:
                    16:a7:f0:99:4d:ca:20:45:01:3f:3c:8a:b9:6a:e2:be:
                    80:e9:69:b7:6c:60:27:a3:27:3e:08:f5:ff:d0:2b:e9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        8f:aa:73:9e:bf:9b:b5:89:f7:ca:22:4a:77:ad:d4:b7:
        e2:fc:8c:31:98:83:33:65:f7:16:db:71:28:4d:6a:31:
        21:82:77:fe:58:72:96:77:74:87:79:ce:c0:65:ee:2e:
        c8:8b:6c:72:1e:44:83:66:06:aa:30:6e:7a:e7:c7:f7:
        a3:c8:48:64:c9:35:ed:c0:34:54:78:b6:b2:49:6a:28:
        e5:77:1b:c1:85:96:2b:cc:bc:3e:86:bd:1e:4c:de:fc:
        09:ac:95:ed:6e:24:c1:89:ea:08:0b:61:30:60:fb:6d:
        f9:84:6e:e1:e1:47:c8:f6:f9:9a:c9:ad:b8:6a:27:e4:
        fa:99:9d:49:02:f8:b2:8e:39:18:cb:92:3e:32:ee:51:
        69:ab:d2:c0:3a:5e:2c:25:32:22:9c:ac:c4:ad:99:9d:
        81:da:2c:ea:73:0b:b2:1d:0c:66:15:56:c4:4e:61:3e:
        89:49:5c:15:40:8d:7a:77:37:ab:95:33:74:42:35:c4:
        a5:11:41:41:11:1d:25:df:a0:7a:47:63:77:fe:6b:01:
        13:27:05:63:74:a5:47:ec:39:70:f6:7b:ae:dd:5c:de:
        ff:3d:74:be:a3:11:e7:a6:30:d9:35:de:b6:38:2c:25:
        85:46:e2:47:37:03:4a:0e:c9:83:36:2b:a1:dc:06:dc
    Fingerprint (SHA-256):
        AF:61:7E:46:42:94:4F:B2:75:95:09:90:40:2A:94:09:F3:99:98:51:EE:B0:76:8A:54:A6:3A:58:F7:95:FD:D4
    Fingerprint (SHA1):
        8E:A0:B3:6B:FB:C5:2E:14:A8:81:3F:28:C0:ED:F0:DA:EA:99:10:88
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6989: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182813 (0x25714f1d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:59 2016
            Not After : Mon Jun 28 18:41:59 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:05:b8:5f:02:d5:fa:aa:56:ec:8d:65:e3:9c:0c:99:
                    09:49:3f:9a:90:0f:ba:92:00:3a:fa:f0:45:fe:99:1c:
                    71:d7:47:c6:1f:b6:37:06:9d:05:18:ac:da:74:ba:d5:
                    f2:07:43:ac:1c:22:99:c6:34:5c:b5:4d:98:5e:94:8f:
                    78:36:70:95:15:e4:b8:ad:3e:3d:f3:9a:7d:a6:35:b8:
                    e6:5d:08:91:34:e6:27:91:15:99:04:2f:84:b3:28:f9:
                    68:2e:22:2e:72:d2:09:8b:e7:b0:3c:c9:28:69:ac:be:
                    af:b8:45:6e:43:2c:a6:8e:b0:95:d5:ab:2d:fa:c8:50:
                    24:ef:dd:69:13:07:2e:1c:32:5f:3d:f3:5b:e4:29:8c:
                    6a:4c:5c:3d:d8:2e:51:ee:a8:66:04:4a:73:26:2f:67:
                    b7:03:f9:fb:11:65:5f:af:ca:e8:d1:60:da:80:f0:1b:
                    a2:69:fb:81:4f:59:a0:27:00:3a:b4:29:ae:5e:19:43:
                    4a:33:ed:2f:67:5d:9f:65:b8:a4:da:dd:78:6e:35:30:
                    69:6d:c6:72:9f:75:25:4f:55:62:8a:1d:ee:a4:5b:e7:
                    65:23:d7:94:8a:2f:b8:5b:48:2c:55:68:41:30:c7:2f:
                    b7:cb:ad:b6:be:b1:ef:84:e1:5e:db:15:4a:4d:4a:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:d5:2b:96:ed:ef:61:22:24:2e:f4:20:b1:f4:94:ac:
        9b:0b:b1:3e:2e:e2:dd:45:5b:53:66:04:d9:5b:f4:4b:
        a3:bb:03:4f:7a:8b:09:c2:94:61:26:a2:48:e9:46:0a:
        59:8d:a9:6f:4c:76:9e:80:1d:48:56:d6:c0:fb:ba:6e:
        59:8e:32:4b:c1:a6:b1:e3:ff:3f:ad:b2:2e:88:fc:3c:
        7e:91:02:3f:b2:b0:87:4d:59:1f:97:a0:8e:06:21:af:
        53:58:33:45:11:5a:73:b0:a4:a7:e5:80:53:f5:f3:c1:
        5a:0b:a2:f6:c8:42:48:bd:bb:1e:ac:84:c7:f5:a4:cc:
        46:e0:50:49:25:20:e7:07:89:70:91:3d:df:3d:fd:5f:
        f1:62:93:7d:e2:10:84:d1:e9:dd:25:09:04:06:16:f1:
        22:d8:5b:95:52:b4:09:1d:c2:f8:7d:89:3b:a7:e5:af:
        9e:74:cc:33:f7:13:79:08:5e:89:04:25:51:0c:b7:42:
        e7:ed:42:d6:f0:2f:a8:80:e1:a9:2d:d5:53:99:ba:68:
        36:2a:4c:40:28:64:61:ed:b3:05:fe:97:97:3b:9a:5f:
        cc:bc:40:2c:05:a7:b4:36:05:87:48:dc:7e:d4:ad:ad:
        71:c7:68:e3:d7:76:78:0c:7e:5d:15:e0:db:25:b5:d9
    Fingerprint (SHA-256):
        5E:5C:B3:1E:A7:B2:92:D2:34:D3:34:B7:1F:A1:0A:61:C9:A4:89:B5:A4:49:38:BC:BA:40:BF:64:29:39:FC:C1
    Fingerprint (SHA1):
        F1:7C:52:47:3B:48:D5:E5:43:C0:E3:39:16:0D:30:2C:A4:53:1E:44
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6990: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182813 (0x25714f1d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:41:59 2016
            Not After : Mon Jun 28 18:41:59 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d1:05:b8:5f:02:d5:fa:aa:56:ec:8d:65:e3:9c:0c:99:
                    09:49:3f:9a:90:0f:ba:92:00:3a:fa:f0:45:fe:99:1c:
                    71:d7:47:c6:1f:b6:37:06:9d:05:18:ac:da:74:ba:d5:
                    f2:07:43:ac:1c:22:99:c6:34:5c:b5:4d:98:5e:94:8f:
                    78:36:70:95:15:e4:b8:ad:3e:3d:f3:9a:7d:a6:35:b8:
                    e6:5d:08:91:34:e6:27:91:15:99:04:2f:84:b3:28:f9:
                    68:2e:22:2e:72:d2:09:8b:e7:b0:3c:c9:28:69:ac:be:
                    af:b8:45:6e:43:2c:a6:8e:b0:95:d5:ab:2d:fa:c8:50:
                    24:ef:dd:69:13:07:2e:1c:32:5f:3d:f3:5b:e4:29:8c:
                    6a:4c:5c:3d:d8:2e:51:ee:a8:66:04:4a:73:26:2f:67:
                    b7:03:f9:fb:11:65:5f:af:ca:e8:d1:60:da:80:f0:1b:
                    a2:69:fb:81:4f:59:a0:27:00:3a:b4:29:ae:5e:19:43:
                    4a:33:ed:2f:67:5d:9f:65:b8:a4:da:dd:78:6e:35:30:
                    69:6d:c6:72:9f:75:25:4f:55:62:8a:1d:ee:a4:5b:e7:
                    65:23:d7:94:8a:2f:b8:5b:48:2c:55:68:41:30:c7:2f:
                    b7:cb:ad:b6:be:b1:ef:84:e1:5e:db:15:4a:4d:4a:9d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        69:d5:2b:96:ed:ef:61:22:24:2e:f4:20:b1:f4:94:ac:
        9b:0b:b1:3e:2e:e2:dd:45:5b:53:66:04:d9:5b:f4:4b:
        a3:bb:03:4f:7a:8b:09:c2:94:61:26:a2:48:e9:46:0a:
        59:8d:a9:6f:4c:76:9e:80:1d:48:56:d6:c0:fb:ba:6e:
        59:8e:32:4b:c1:a6:b1:e3:ff:3f:ad:b2:2e:88:fc:3c:
        7e:91:02:3f:b2:b0:87:4d:59:1f:97:a0:8e:06:21:af:
        53:58:33:45:11:5a:73:b0:a4:a7:e5:80:53:f5:f3:c1:
        5a:0b:a2:f6:c8:42:48:bd:bb:1e:ac:84:c7:f5:a4:cc:
        46:e0:50:49:25:20:e7:07:89:70:91:3d:df:3d:fd:5f:
        f1:62:93:7d:e2:10:84:d1:e9:dd:25:09:04:06:16:f1:
        22:d8:5b:95:52:b4:09:1d:c2:f8:7d:89:3b:a7:e5:af:
        9e:74:cc:33:f7:13:79:08:5e:89:04:25:51:0c:b7:42:
        e7:ed:42:d6:f0:2f:a8:80:e1:a9:2d:d5:53:99:ba:68:
        36:2a:4c:40:28:64:61:ed:b3:05:fe:97:97:3b:9a:5f:
        cc:bc:40:2c:05:a7:b4:36:05:87:48:dc:7e:d4:ad:ad:
        71:c7:68:e3:d7:76:78:0c:7e:5d:15:e0:db:25:b5:d9
    Fingerprint (SHA-256):
        5E:5C:B3:1E:A7:B2:92:D2:34:D3:34:B7:1F:A1:0A:61:C9:A4:89:B5:A4:49:38:BC:BA:40:BF:64:29:39:FC:C1
    Fingerprint (SHA1):
        F1:7C:52:47:3B:48:D5:E5:43:C0:E3:39:16:0D:30:2C:A4:53:1E:44
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #6991: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #6992: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182820 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6993: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #6994: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #6995: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182821 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #6996: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #6997: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #6998: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #6999: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628182822   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7000: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7001: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #7002: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7003: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628182823   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7004: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7005: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #7006: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7007: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628182824 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7008: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7009: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628182825 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7010: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7011: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #7012: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7013: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7014: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182826   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7015: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7016: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7017: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7018: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628182827   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7019: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7020: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7021: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7022: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182828   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7023: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7024: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7025: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7026: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182829   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7027: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7028: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7029: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182820 (0x25714f24)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:42:38 2016
            Not After : Mon Jun 28 18:42:38 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:3b:60:4a:50:3b:69:be:57:e1:20:e4:56:77:32:02:
                    4e:4f:f1:37:69:a8:4c:34:ba:87:8f:57:48:70:58:fd:
                    e7:bd:5b:bd:ce:26:60:1a:93:4b:4e:1a:d2:7a:0d:5c:
                    f4:0e:60:26:95:00:a9:66:4e:03:f9:ee:ba:44:0a:99:
                    dc:4c:d4:df:99:5c:69:bb:4a:89:29:c1:95:23:5c:a2:
                    eb:71:49:f2:85:71:8c:1e:af:19:e2:69:21:36:9f:6f:
                    11:b0:e5:4e:21:10:75:a3:b7:3a:79:e3:25:f1:43:bd:
                    a0:cd:4c:0d:70:c5:f1:d9:c8:bd:8f:57:66:0b:ce:f8:
                    b9:c9:2f:f1:17:3d:ec:b1:c8:4e:14:72:41:a0:e1:d2:
                    dc:b2:5e:ff:9a:c4:ff:59:f8:8c:4e:ef:64:4b:55:45:
                    7c:9a:f6:56:4c:5a:df:1e:87:1e:44:62:fc:62:d2:db:
                    a1:a0:ac:4b:7c:0a:68:0e:79:61:23:dd:ee:d3:e5:c5:
                    b3:3c:2b:12:58:ed:6a:a4:3d:64:ce:e2:2b:4a:e2:83:
                    fc:86:5b:01:dd:4b:0d:ca:0a:57:d3:25:ef:71:ae:c1:
                    06:1a:9e:af:db:8f:ca:f9:cc:e5:f7:d0:92:a3:3e:98:
                    37:79:6f:ac:b0:0d:b4:2b:a1:38:80:c1:f5:e1:40:eb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        3a:ea:7b:16:f5:87:97:bc:f2:b9:be:c5:6b:e5:35:3f:
        ae:d5:25:78:17:dc:7b:8e:1c:d5:8d:c8:84:ca:5c:09:
        b4:26:88:a3:dd:26:dd:05:ea:09:e1:58:52:f0:31:3b:
        d9:58:45:3b:72:98:3d:7b:5a:ff:5f:7d:0f:cb:59:17:
        29:5e:81:36:50:a2:26:7e:fe:d4:c4:a1:79:0f:3a:67:
        73:c0:e0:bc:99:ab:03:06:b3:a2:52:7d:ec:cd:bc:72:
        90:ff:9b:0d:f6:1f:aa:4c:16:36:89:d7:83:2f:ae:57:
        24:41:55:5b:fb:87:24:af:27:bb:0c:a8:dd:16:e0:1d:
        eb:e5:82:c7:0d:a7:86:81:36:86:e7:9d:9a:ff:76:23:
        43:e9:82:0e:fa:b0:c3:2f:e6:27:58:56:0a:b8:31:af:
        22:22:b6:cc:92:c0:12:48:0e:7c:4e:cd:a4:8c:6e:96:
        35:53:bb:74:de:48:ca:7a:e6:fb:50:99:e1:65:ee:95:
        0f:fa:c4:ad:ee:f6:fa:62:80:94:82:38:30:aa:3a:d3:
        20:47:30:26:cd:91:3a:d7:57:7b:5d:8c:67:9b:04:05:
        90:3b:30:d5:a4:fc:b5:bf:74:8b:d5:64:f7:4f:73:d3:
        b1:38:38:1e:b6:48:dd:e4:77:20:71:32:dd:7f:4a:97
    Fingerprint (SHA-256):
        79:E8:8D:43:E5:8C:97:B3:A2:A6:CE:6C:7F:9F:F1:89:E1:CB:0B:E1:E3:31:2E:E1:86:4B:B6:EA:50:78:CB:11
    Fingerprint (SHA1):
        5D:3C:39:4E:05:DD:96:44:0E:E2:50:7B:92:88:AE:1A:9B:F7:B1:14
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #7030: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7031: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7032: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7033: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7034: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7035: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7036: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7037: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7038: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182821 (0x25714f25)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:42:42 2016
            Not After : Mon Jun 28 18:42:42 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b5:ee:d5:93:46:2f:76:1f:8e:0d:84:55:93:c9:ce:49:
                    e5:0c:42:4b:e0:7d:ec:01:3b:77:f2:73:71:56:fa:e5:
                    02:1a:5e:42:41:55:79:8b:f8:8d:04:56:5a:89:9c:78:
                    a6:8d:8c:f7:9e:4c:d7:5b:41:ba:27:23:0a:c9:b7:86:
                    51:1c:e1:53:9e:1e:bb:a4:b4:0a:4e:89:78:1b:ea:e9:
                    8c:ad:f9:8a:62:5c:38:37:b7:32:6d:e0:1c:c1:e3:aa:
                    2d:e5:15:e0:a5:4b:a9:ad:3d:e0:12:f6:4d:4f:fa:35:
                    c0:ea:96:5f:ff:4f:0d:0b:27:d3:c8:40:aa:a0:33:ea:
                    ac:37:5a:9f:d2:36:f3:d3:76:9b:51:58:62:4a:9d:83:
                    fb:d4:dc:54:cd:9d:d8:d4:e3:44:29:08:aa:44:b0:fd:
                    1b:18:fe:70:33:06:41:e5:e9:1c:c4:ce:0c:4b:18:70:
                    33:cd:3b:56:4c:5c:96:90:1a:12:48:f2:32:5d:b7:d5:
                    8a:cd:c4:5d:df:19:b3:56:4b:61:e0:cf:c6:e0:3a:8e:
                    c4:c8:67:85:be:bc:31:c9:84:64:18:31:2f:db:8a:67:
                    99:0b:19:3c:22:8a:38:be:fa:c7:5b:19:2b:aa:ee:cc:
                    51:19:f3:00:8f:12:e0:52:57:11:04:a7:2c:4a:cc:17
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        47:0b:13:5d:b4:31:1b:27:35:6d:3f:f3:7f:90:55:80:
        bd:68:72:c0:e5:12:5f:ed:3e:46:8a:e6:0e:5e:91:27:
        55:5d:8a:c3:5a:4e:7a:18:18:91:ce:87:78:0b:0c:c0:
        c0:6b:b8:15:86:32:f2:75:d6:a5:ae:f6:ec:c9:0f:9c:
        3e:71:51:4b:c6:01:51:ed:57:32:4a:12:11:d8:65:84:
        85:23:05:6a:da:a1:23:68:2a:a5:b3:fd:31:51:23:2e:
        2f:ab:89:01:30:9a:aa:c0:86:ff:29:dc:8a:45:46:fe:
        be:1e:c0:04:f8:8c:22:2b:15:f3:40:34:3a:91:fe:48:
        c0:d2:f3:1c:df:57:ac:b4:72:fe:18:e8:be:0e:09:bc:
        b1:ab:75:3e:1e:f9:d4:e3:93:3d:38:59:a1:72:b5:d3:
        0e:9a:29:15:8d:94:11:56:d6:c3:be:14:0c:5d:45:37:
        58:68:e4:d1:be:56:55:4b:67:9b:7f:24:7a:b4:a3:51:
        0d:05:87:e9:a5:5c:3a:8e:ab:13:a7:3a:aa:99:0a:16:
        bd:46:59:3a:76:c4:9e:28:2d:00:6d:29:2b:c6:58:ba:
        13:74:1d:e8:73:12:8a:c7:6c:cc:e1:b7:60:2c:8f:19:
        2b:44:b8:58:70:84:18:d8:27:34:33:23:da:57:3f:ec
    Fingerprint (SHA-256):
        26:BB:73:29:CE:0E:68:13:78:96:C3:3A:6F:E5:CA:98:A9:29:53:F0:FD:AA:8D:D4:8D:6B:E6:16:53:CC:98:C8
    Fingerprint (SHA1):
        37:84:7B:7E:4F:D1:74:EB:9D:BF:C5:17:0D:C1:4B:94:80:1A:29:C3
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #7039: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7040: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7041: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7042: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7043: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7044: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7045: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #7046: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #7047: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #7048: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #7049: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #7050: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #7051: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #7052: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7053: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7054: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #7055: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #7056: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7057: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182830 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7058: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7059: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7060: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7061: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182831   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7062: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7063: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7064: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7065: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182832   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7066: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7067: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7068: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7069: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628182833   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7070: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7071: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7072: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7073: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182834   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7074: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7075: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #7076: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7077: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628182835   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7078: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7079: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #7080: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7081: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628182836   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7082: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7083: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #7084: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7085: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628182837   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7086: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7087: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #7088: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7089: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628182838   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7090: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7091: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7092: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182830 (0x25714f2e)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:43:41 2016
            Not After : Mon Jun 28 18:43:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    82:b8:76:a8:6b:98:c7:ce:45:80:34:f0:e2:78:b7:e5:
                    f1:37:ab:cb:55:f7:af:fd:a5:33:db:2b:23:6e:06:52:
                    cb:77:a0:64:7f:0d:d0:4e:68:af:74:8a:12:22:84:17:
                    ab:68:0e:66:48:50:5e:13:62:ab:d8:1a:e1:8b:67:42:
                    08:07:0b:72:ab:52:14:9f:54:2d:5a:0f:6a:4f:e5:44:
                    f4:b7:5e:07:0c:71:7f:8e:56:93:ee:ac:da:86:0f:b2:
                    48:40:27:91:4c:4f:d8:96:86:71:b3:ce:66:7b:ac:00:
                    ee:74:e7:ce:dd:6e:cf:76:18:0b:e6:97:2b:40:3a:18:
                    fe:b8:52:8d:ce:63:c9:b9:a1:ed:57:b0:4f:8c:2e:b7:
                    eb:15:27:93:62:77:d2:1a:75:9c:4c:89:14:79:b9:f0:
                    fc:bc:94:de:e4:b6:6d:da:83:73:08:03:80:a2:1d:58:
                    c4:a4:b6:8f:fb:2f:ea:ea:ab:ae:46:5c:3c:d0:11:8d:
                    83:5c:46:d0:c8:29:fe:cd:6a:9f:df:79:1c:18:a4:30:
                    d7:02:ff:ca:88:06:f8:e5:7e:e9:80:ee:ce:5c:55:97:
                    38:98:92:8a:16:68:c9:26:a3:ce:78:a7:9e:b4:17:ec:
                    27:30:6b:8f:4d:03:5c:ff:90:f2:36:0a:f1:c2:3e:7a
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3e:02:1d:00:bf:fa:c9:3f:28:c5:9d:da:d4:e7:cc:
        82:d1:4e:3a:c3:0e:61:ed:ec:5a:48:b1:9f:8b:a9:a1:
        9d:02:1d:00:c2:23:3b:ef:d7:41:c4:17:fd:68:2e:6e:
        66:83:2b:58:79:ad:b2:bf:2d:09:d3:b7:a1:08:78:2a
    Fingerprint (SHA-256):
        BF:B0:77:07:53:80:B7:CE:7B:E3:D5:D8:18:0C:23:DF:77:37:C9:54:C7:9B:8D:3E:37:E1:5A:EA:63:05:11:9C
    Fingerprint (SHA1):
        A4:54:6C:46:56:60:D7:F3:8B:67:E6:3E:7E:E1:BF:3E:52:20:BF:AF
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7093: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182830 (0x25714f2e)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:43:41 2016
            Not After : Mon Jun 28 18:43:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    82:b8:76:a8:6b:98:c7:ce:45:80:34:f0:e2:78:b7:e5:
                    f1:37:ab:cb:55:f7:af:fd:a5:33:db:2b:23:6e:06:52:
                    cb:77:a0:64:7f:0d:d0:4e:68:af:74:8a:12:22:84:17:
                    ab:68:0e:66:48:50:5e:13:62:ab:d8:1a:e1:8b:67:42:
                    08:07:0b:72:ab:52:14:9f:54:2d:5a:0f:6a:4f:e5:44:
                    f4:b7:5e:07:0c:71:7f:8e:56:93:ee:ac:da:86:0f:b2:
                    48:40:27:91:4c:4f:d8:96:86:71:b3:ce:66:7b:ac:00:
                    ee:74:e7:ce:dd:6e:cf:76:18:0b:e6:97:2b:40:3a:18:
                    fe:b8:52:8d:ce:63:c9:b9:a1:ed:57:b0:4f:8c:2e:b7:
                    eb:15:27:93:62:77:d2:1a:75:9c:4c:89:14:79:b9:f0:
                    fc:bc:94:de:e4:b6:6d:da:83:73:08:03:80:a2:1d:58:
                    c4:a4:b6:8f:fb:2f:ea:ea:ab:ae:46:5c:3c:d0:11:8d:
                    83:5c:46:d0:c8:29:fe:cd:6a:9f:df:79:1c:18:a4:30:
                    d7:02:ff:ca:88:06:f8:e5:7e:e9:80:ee:ce:5c:55:97:
                    38:98:92:8a:16:68:c9:26:a3:ce:78:a7:9e:b4:17:ec:
                    27:30:6b:8f:4d:03:5c:ff:90:f2:36:0a:f1:c2:3e:7a
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3e:02:1d:00:bf:fa:c9:3f:28:c5:9d:da:d4:e7:cc:
        82:d1:4e:3a:c3:0e:61:ed:ec:5a:48:b1:9f:8b:a9:a1:
        9d:02:1d:00:c2:23:3b:ef:d7:41:c4:17:fd:68:2e:6e:
        66:83:2b:58:79:ad:b2:bf:2d:09:d3:b7:a1:08:78:2a
    Fingerprint (SHA-256):
        BF:B0:77:07:53:80:B7:CE:7B:E3:D5:D8:18:0C:23:DF:77:37:C9:54:C7:9B:8D:3E:37:E1:5A:EA:63:05:11:9C
    Fingerprint (SHA1):
        A4:54:6C:46:56:60:D7:F3:8B:67:E6:3E:7E:E1:BF:3E:52:20:BF:AF
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7094: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182830 (0x25714f2e)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:43:41 2016
            Not After : Mon Jun 28 18:43:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    82:b8:76:a8:6b:98:c7:ce:45:80:34:f0:e2:78:b7:e5:
                    f1:37:ab:cb:55:f7:af:fd:a5:33:db:2b:23:6e:06:52:
                    cb:77:a0:64:7f:0d:d0:4e:68:af:74:8a:12:22:84:17:
                    ab:68:0e:66:48:50:5e:13:62:ab:d8:1a:e1:8b:67:42:
                    08:07:0b:72:ab:52:14:9f:54:2d:5a:0f:6a:4f:e5:44:
                    f4:b7:5e:07:0c:71:7f:8e:56:93:ee:ac:da:86:0f:b2:
                    48:40:27:91:4c:4f:d8:96:86:71:b3:ce:66:7b:ac:00:
                    ee:74:e7:ce:dd:6e:cf:76:18:0b:e6:97:2b:40:3a:18:
                    fe:b8:52:8d:ce:63:c9:b9:a1:ed:57:b0:4f:8c:2e:b7:
                    eb:15:27:93:62:77:d2:1a:75:9c:4c:89:14:79:b9:f0:
                    fc:bc:94:de:e4:b6:6d:da:83:73:08:03:80:a2:1d:58:
                    c4:a4:b6:8f:fb:2f:ea:ea:ab:ae:46:5c:3c:d0:11:8d:
                    83:5c:46:d0:c8:29:fe:cd:6a:9f:df:79:1c:18:a4:30:
                    d7:02:ff:ca:88:06:f8:e5:7e:e9:80:ee:ce:5c:55:97:
                    38:98:92:8a:16:68:c9:26:a3:ce:78:a7:9e:b4:17:ec:
                    27:30:6b:8f:4d:03:5c:ff:90:f2:36:0a:f1:c2:3e:7a
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3e:02:1d:00:bf:fa:c9:3f:28:c5:9d:da:d4:e7:cc:
        82:d1:4e:3a:c3:0e:61:ed:ec:5a:48:b1:9f:8b:a9:a1:
        9d:02:1d:00:c2:23:3b:ef:d7:41:c4:17:fd:68:2e:6e:
        66:83:2b:58:79:ad:b2:bf:2d:09:d3:b7:a1:08:78:2a
    Fingerprint (SHA-256):
        BF:B0:77:07:53:80:B7:CE:7B:E3:D5:D8:18:0C:23:DF:77:37:C9:54:C7:9B:8D:3E:37:E1:5A:EA:63:05:11:9C
    Fingerprint (SHA1):
        A4:54:6C:46:56:60:D7:F3:8B:67:E6:3E:7E:E1:BF:3E:52:20:BF:AF
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #7095: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182830 (0x25714f2e)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:43:41 2016
            Not After : Mon Jun 28 18:43:41 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    82:b8:76:a8:6b:98:c7:ce:45:80:34:f0:e2:78:b7:e5:
                    f1:37:ab:cb:55:f7:af:fd:a5:33:db:2b:23:6e:06:52:
                    cb:77:a0:64:7f:0d:d0:4e:68:af:74:8a:12:22:84:17:
                    ab:68:0e:66:48:50:5e:13:62:ab:d8:1a:e1:8b:67:42:
                    08:07:0b:72:ab:52:14:9f:54:2d:5a:0f:6a:4f:e5:44:
                    f4:b7:5e:07:0c:71:7f:8e:56:93:ee:ac:da:86:0f:b2:
                    48:40:27:91:4c:4f:d8:96:86:71:b3:ce:66:7b:ac:00:
                    ee:74:e7:ce:dd:6e:cf:76:18:0b:e6:97:2b:40:3a:18:
                    fe:b8:52:8d:ce:63:c9:b9:a1:ed:57:b0:4f:8c:2e:b7:
                    eb:15:27:93:62:77:d2:1a:75:9c:4c:89:14:79:b9:f0:
                    fc:bc:94:de:e4:b6:6d:da:83:73:08:03:80:a2:1d:58:
                    c4:a4:b6:8f:fb:2f:ea:ea:ab:ae:46:5c:3c:d0:11:8d:
                    83:5c:46:d0:c8:29:fe:cd:6a:9f:df:79:1c:18:a4:30:
                    d7:02:ff:ca:88:06:f8:e5:7e:e9:80:ee:ce:5c:55:97:
                    38:98:92:8a:16:68:c9:26:a3:ce:78:a7:9e:b4:17:ec:
                    27:30:6b:8f:4d:03:5c:ff:90:f2:36:0a:f1:c2:3e:7a
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3e:02:1d:00:bf:fa:c9:3f:28:c5:9d:da:d4:e7:cc:
        82:d1:4e:3a:c3:0e:61:ed:ec:5a:48:b1:9f:8b:a9:a1:
        9d:02:1d:00:c2:23:3b:ef:d7:41:c4:17:fd:68:2e:6e:
        66:83:2b:58:79:ad:b2:bf:2d:09:d3:b7:a1:08:78:2a
    Fingerprint (SHA-256):
        BF:B0:77:07:53:80:B7:CE:7B:E3:D5:D8:18:0C:23:DF:77:37:C9:54:C7:9B:8D:3E:37:E1:5A:EA:63:05:11:9C
    Fingerprint (SHA1):
        A4:54:6C:46:56:60:D7:F3:8B:67:E6:3E:7E:E1:BF:3E:52:20:BF:AF
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #7096: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7097: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7098: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7099: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #7100: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7101: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7102: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7103: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7104: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7105: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7106: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7107: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #7108: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7109: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7110: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7111: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #7112: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7113: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7114: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7115: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7116: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7117: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7118: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7119: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #7120: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7121: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7122: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7123: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628184516Z
nextupdate=20170628184516Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 18:45:16 2016
    Next Update: Wed Jun 28 18:45:16 2017
    CRL Extensions:
chains.sh: #7124: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628184517Z
nextupdate=20170628184517Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:45:17 2016
    Next Update: Wed Jun 28 18:45:17 2017
    CRL Extensions:
chains.sh: #7125: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628184517Z
nextupdate=20170628184517Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:45:17 2016
    Next Update: Wed Jun 28 18:45:17 2017
    CRL Extensions:
chains.sh: #7126: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628184518Z
nextupdate=20170628184518Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 18:45:18 2016
    Next Update: Wed Jun 28 18:45:18 2017
    CRL Extensions:
chains.sh: #7127: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628184519Z
addcert 14 20160628184519Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:45:19 2016
    Next Update: Wed Jun 28 18:45:17 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 18:45:19 2016
    CRL Extensions:
chains.sh: #7128: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628184520Z
addcert 15 20160628184520Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:45:20 2016
    Next Update: Wed Jun 28 18:45:17 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 18:45:20 2016
    CRL Extensions:
chains.sh: #7129: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7130: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7131: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #7132: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #7133: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #7134: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #7135: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #7136: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #7137: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #7138: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:44:36 2016
            Not After : Mon Jun 28 18:44:36 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:e1:f5:1f:da:2f:b8:20:bf:a3:26:61:13:3e:d3:99:
                    fb:f9:12:63:b9:3d:dc:64:02:37:36:42:82:82:9b:72:
                    eb:6e:47:9b:3e:ee:4b:36:74:64:8d:ad:1f:cf:f7:5d:
                    11:a2:f1:83:2b:57:ab:d3:d2:a1:0e:ce:ef:d0:65:28:
                    1d:5c:cf:57:29:ac:05:3d:c3:74:22:5d:9b:5a:8e:ec:
                    9e:06:91:af:e4:6d:c7:05:c5:22:ac:ed:1b:5a:b5:4f:
                    30:e1:09:c2:31:6b:ea:e0:45:8b:b3:f2:e3:b1:db:31:
                    77:24:a6:68:c6:09:dd:b1:87:93:9c:03:8d:4e:b1:b0:
                    52:32:d4:4a:66:9b:e3:fb:5f:96:21:a5:a7:9a:8f:b9:
                    c5:41:ef:3f:81:83:f9:03:23:87:10:ad:75:15:51:af:
                    f7:c3:f9:6d:b2:aa:64:72:52:cc:db:c0:22:96:7c:33:
                    04:4e:8d:62:a5:5f:ed:64:80:29:58:cc:b3:f1:b5:d5:
                    a3:8e:2b:ab:59:92:d3:80:16:8b:40:db:4e:d2:7f:f3:
                    1b:a1:f9:fd:3d:ad:98:84:30:1b:98:8e:96:72:2b:7b:
                    08:6b:19:29:94:2b:70:cc:70:7d:13:d2:27:f2:3f:ea:
                    3f:bf:31:32:ae:c3:32:ff:bd:4e:51:2c:2c:2d:a1:b3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a3:f8:a4:55:1d:e4:7f:28:9d:a9:74:2b:7f:e1:96:59:
        3e:0d:d8:4f:95:ce:01:1a:47:61:f2:c9:5a:34:81:73:
        c5:0b:ac:49:f9:9e:cd:e2:b2:9c:d5:37:f6:03:11:0d:
        08:6d:b4:a5:23:e2:69:20:5b:6b:93:87:27:5a:57:39:
        16:b6:c0:a1:10:b0:11:56:36:f5:ed:55:ae:93:21:f9:
        68:7e:8e:4d:a8:15:f8:1b:c8:f0:b4:dd:d3:30:e2:7d:
        fc:5e:b8:05:cb:04:fe:ac:66:84:bb:8a:19:5c:a7:2e:
        45:e7:9c:37:b8:14:c4:7c:a0:c7:37:f8:35:0d:c5:24:
        01:a2:74:8b:c0:ad:b8:c6:ef:53:bf:d2:dd:8e:02:7b:
        55:98:11:8d:9c:3c:8f:1c:44:cc:e4:c7:39:cb:c3:21:
        76:7f:30:cf:66:b5:19:3b:21:eb:d0:5b:70:b5:2d:70:
        58:0b:a2:fa:bc:c6:f8:2d:fb:02:0a:ae:a4:b3:16:16:
        6a:6f:b6:68:56:60:ca:44:5c:5a:a3:09:77:9a:d0:54:
        8f:1b:c2:8f:85:59:99:80:7e:28:96:f2:81:fa:99:a5:
        cb:53:a2:98:ad:e3:38:ed:fc:78:9f:f1:75:47:16:c6:
        75:97:c1:69:76:3b:83:7e:6a:0c:d4:03:4a:c1:ac:e8
    Fingerprint (SHA-256):
        D6:60:E4:0F:E2:FF:44:01:22:5C:D9:DB:1E:DF:99:FA:82:2A:24:F5:F0:E4:4E:8C:43:15:9D:89:52:63:6D:AC
    Fingerprint (SHA1):
        1A:A9:47:9B:4E:EF:ED:1E:91:4D:28:E1:F0:40:69:40:55:32:A9:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7139: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7140: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:44:36 2016
            Not After : Mon Jun 28 18:44:36 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:e1:f5:1f:da:2f:b8:20:bf:a3:26:61:13:3e:d3:99:
                    fb:f9:12:63:b9:3d:dc:64:02:37:36:42:82:82:9b:72:
                    eb:6e:47:9b:3e:ee:4b:36:74:64:8d:ad:1f:cf:f7:5d:
                    11:a2:f1:83:2b:57:ab:d3:d2:a1:0e:ce:ef:d0:65:28:
                    1d:5c:cf:57:29:ac:05:3d:c3:74:22:5d:9b:5a:8e:ec:
                    9e:06:91:af:e4:6d:c7:05:c5:22:ac:ed:1b:5a:b5:4f:
                    30:e1:09:c2:31:6b:ea:e0:45:8b:b3:f2:e3:b1:db:31:
                    77:24:a6:68:c6:09:dd:b1:87:93:9c:03:8d:4e:b1:b0:
                    52:32:d4:4a:66:9b:e3:fb:5f:96:21:a5:a7:9a:8f:b9:
                    c5:41:ef:3f:81:83:f9:03:23:87:10:ad:75:15:51:af:
                    f7:c3:f9:6d:b2:aa:64:72:52:cc:db:c0:22:96:7c:33:
                    04:4e:8d:62:a5:5f:ed:64:80:29:58:cc:b3:f1:b5:d5:
                    a3:8e:2b:ab:59:92:d3:80:16:8b:40:db:4e:d2:7f:f3:
                    1b:a1:f9:fd:3d:ad:98:84:30:1b:98:8e:96:72:2b:7b:
                    08:6b:19:29:94:2b:70:cc:70:7d:13:d2:27:f2:3f:ea:
                    3f:bf:31:32:ae:c3:32:ff:bd:4e:51:2c:2c:2d:a1:b3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a3:f8:a4:55:1d:e4:7f:28:9d:a9:74:2b:7f:e1:96:59:
        3e:0d:d8:4f:95:ce:01:1a:47:61:f2:c9:5a:34:81:73:
        c5:0b:ac:49:f9:9e:cd:e2:b2:9c:d5:37:f6:03:11:0d:
        08:6d:b4:a5:23:e2:69:20:5b:6b:93:87:27:5a:57:39:
        16:b6:c0:a1:10:b0:11:56:36:f5:ed:55:ae:93:21:f9:
        68:7e:8e:4d:a8:15:f8:1b:c8:f0:b4:dd:d3:30:e2:7d:
        fc:5e:b8:05:cb:04:fe:ac:66:84:bb:8a:19:5c:a7:2e:
        45:e7:9c:37:b8:14:c4:7c:a0:c7:37:f8:35:0d:c5:24:
        01:a2:74:8b:c0:ad:b8:c6:ef:53:bf:d2:dd:8e:02:7b:
        55:98:11:8d:9c:3c:8f:1c:44:cc:e4:c7:39:cb:c3:21:
        76:7f:30:cf:66:b5:19:3b:21:eb:d0:5b:70:b5:2d:70:
        58:0b:a2:fa:bc:c6:f8:2d:fb:02:0a:ae:a4:b3:16:16:
        6a:6f:b6:68:56:60:ca:44:5c:5a:a3:09:77:9a:d0:54:
        8f:1b:c2:8f:85:59:99:80:7e:28:96:f2:81:fa:99:a5:
        cb:53:a2:98:ad:e3:38:ed:fc:78:9f:f1:75:47:16:c6:
        75:97:c1:69:76:3b:83:7e:6a:0c:d4:03:4a:c1:ac:e8
    Fingerprint (SHA-256):
        D6:60:E4:0F:E2:FF:44:01:22:5C:D9:DB:1E:DF:99:FA:82:2A:24:F5:F0:E4:4E:8C:43:15:9D:89:52:63:6D:AC
    Fingerprint (SHA1):
        1A:A9:47:9B:4E:EF:ED:1E:91:4D:28:E1:F0:40:69:40:55:32:A9:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7141: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7142: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7143: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182839 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7144: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7145: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #7146: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7147: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628182840   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7148: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7149: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7150: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182730.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7151: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182715.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7152: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7153: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #7154: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182730.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7155: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628182841   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7156: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7157: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7158: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182730.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7159: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182716.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7160: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7161: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #7162: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7163: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628182842   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7164: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7165: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7166: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182730.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7167: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182717.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7168: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7169: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7170: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182730.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7171: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182718.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7172: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7173: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628184627Z
nextupdate=20170628184627Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 18:46:27 2016
    Next Update: Wed Jun 28 18:46:27 2017
    CRL Extensions:
chains.sh: #7174: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628184628Z
nextupdate=20170628184628Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:46:28 2016
    Next Update: Wed Jun 28 18:46:28 2017
    CRL Extensions:
chains.sh: #7175: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628184628Z
nextupdate=20170628184628Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 18:46:28 2016
    Next Update: Wed Jun 28 18:46:28 2017
    CRL Extensions:
chains.sh: #7176: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628184629Z
nextupdate=20170628184629Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 18:46:29 2016
    Next Update: Wed Jun 28 18:46:29 2017
    CRL Extensions:
chains.sh: #7177: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628184630Z
addcert 20 20160628184630Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:46:30 2016
    Next Update: Wed Jun 28 18:46:28 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 18:46:30 2016
    CRL Extensions:
chains.sh: #7178: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628184631Z
addcert 40 20160628184631Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 18:46:31 2016
    Next Update: Wed Jun 28 18:46:28 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 18:46:30 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 18:46:31 2016
    CRL Extensions:
chains.sh: #7179: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7180: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7181: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #7182: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182839 (0x25714f37)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:45:28 2016
            Not After : Mon Jun 28 18:45:28 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e5:a7:87:36:29:97:94:67:be:b9:6a:e5:34:14:1a:ef:
                    2e:88:02:81:0b:f0:f5:18:48:8b:2a:6c:81:1f:45:34:
                    55:e0:a2:07:1c:22:97:cd:21:7c:21:9e:59:48:43:49:
                    97:d4:b3:2e:76:ec:96:63:b1:87:6c:08:92:fb:1d:ad:
                    5b:7e:d3:b1:68:35:8c:e9:2e:73:f1:6a:c8:28:53:48:
                    b8:b3:4e:a8:79:1c:bf:26:36:c2:59:bd:ad:0f:f7:a1:
                    03:78:78:02:67:f3:35:cb:ba:80:e2:8a:fb:06:09:75:
                    c6:0c:a9:c9:a9:36:41:d3:14:60:c9:ab:8a:3b:ff:7b:
                    7b:c5:20:cb:67:15:71:99:9f:2b:04:e8:34:50:11:bb:
                    2f:80:f0:08:8a:61:c1:4a:b5:4e:f8:fd:9a:11:9d:ac:
                    64:9b:3c:ed:e9:55:18:c5:ef:26:59:62:f3:76:7a:d9:
                    16:85:d2:b3:c3:5c:c4:78:01:f7:a2:78:13:dc:55:80:
                    ff:86:d7:22:55:a3:91:c0:b7:32:da:e5:0b:59:0a:b7:
                    05:ce:bd:b6:fe:6a:65:d9:8b:b3:4b:6c:09:d7:e9:60:
                    ea:b8:95:1f:59:67:c4:82:0b:88:6a:72:3e:b5:86:29:
                    13:0a:d5:16:0d:1e:95:ab:63:39:b4:e4:a4:ab:f0:49
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c5:61:8a:55:e1:6d:e1:df:72:1f:f8:87:f2:e1:4f:81:
        77:60:4d:fb:b1:46:e9:56:60:68:ef:bc:cc:85:31:8c:
        4b:47:98:88:85:35:fe:09:cd:50:40:3d:72:11:7e:6f:
        73:58:eb:23:7f:a9:58:06:5d:e0:b8:bf:dc:99:65:74:
        fa:eb:94:34:f5:86:f7:4b:56:af:67:f1:82:f8:32:f9:
        e7:84:b4:6b:ec:d9:94:29:bf:8e:74:c8:d9:00:2f:e4:
        e3:df:5d:75:25:f4:c6:eb:4f:22:c4:3a:1a:3d:e6:61:
        f0:d3:26:b9:a6:f4:8d:f8:7d:fc:4b:58:17:d5:f9:1e:
        98:21:19:a6:dd:b4:0b:4f:50:f6:d5:ce:73:d2:17:20:
        2d:a9:0b:79:fd:09:1c:e5:cf:31:18:ff:cd:26:76:4b:
        d3:c7:da:83:10:31:82:92:ef:1f:8a:f3:0a:23:13:af:
        8b:6a:21:52:6c:f9:7b:14:1e:0b:71:40:e8:4d:5c:10:
        fa:39:1f:83:1d:20:3f:25:6f:c5:4b:c4:84:73:ca:f2:
        a1:36:bf:0c:db:14:0f:9e:ff:76:26:68:cc:f7:71:50:
        8d:3b:4d:6d:ac:8f:d8:fd:e9:89:25:4c:be:ac:79:e5:
        ef:ea:57:b6:1e:36:c1:af:6b:a9:07:c2:3c:20:87:40
    Fingerprint (SHA-256):
        33:BD:C5:79:EB:2C:32:9E:95:7F:E4:53:5E:36:A5:92:8C:DA:16:B1:83:D3:96:CE:F8:8C:7A:30:FD:B3:25:0D
    Fingerprint (SHA1):
        19:47:F0:8E:B9:58:C3:4B:09:89:04:D3:46:0C:ED:1D:D9:71:EA:5E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7183: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7184: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182839 (0x25714f37)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:45:28 2016
            Not After : Mon Jun 28 18:45:28 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e5:a7:87:36:29:97:94:67:be:b9:6a:e5:34:14:1a:ef:
                    2e:88:02:81:0b:f0:f5:18:48:8b:2a:6c:81:1f:45:34:
                    55:e0:a2:07:1c:22:97:cd:21:7c:21:9e:59:48:43:49:
                    97:d4:b3:2e:76:ec:96:63:b1:87:6c:08:92:fb:1d:ad:
                    5b:7e:d3:b1:68:35:8c:e9:2e:73:f1:6a:c8:28:53:48:
                    b8:b3:4e:a8:79:1c:bf:26:36:c2:59:bd:ad:0f:f7:a1:
                    03:78:78:02:67:f3:35:cb:ba:80:e2:8a:fb:06:09:75:
                    c6:0c:a9:c9:a9:36:41:d3:14:60:c9:ab:8a:3b:ff:7b:
                    7b:c5:20:cb:67:15:71:99:9f:2b:04:e8:34:50:11:bb:
                    2f:80:f0:08:8a:61:c1:4a:b5:4e:f8:fd:9a:11:9d:ac:
                    64:9b:3c:ed:e9:55:18:c5:ef:26:59:62:f3:76:7a:d9:
                    16:85:d2:b3:c3:5c:c4:78:01:f7:a2:78:13:dc:55:80:
                    ff:86:d7:22:55:a3:91:c0:b7:32:da:e5:0b:59:0a:b7:
                    05:ce:bd:b6:fe:6a:65:d9:8b:b3:4b:6c:09:d7:e9:60:
                    ea:b8:95:1f:59:67:c4:82:0b:88:6a:72:3e:b5:86:29:
                    13:0a:d5:16:0d:1e:95:ab:63:39:b4:e4:a4:ab:f0:49
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        c5:61:8a:55:e1:6d:e1:df:72:1f:f8:87:f2:e1:4f:81:
        77:60:4d:fb:b1:46:e9:56:60:68:ef:bc:cc:85:31:8c:
        4b:47:98:88:85:35:fe:09:cd:50:40:3d:72:11:7e:6f:
        73:58:eb:23:7f:a9:58:06:5d:e0:b8:bf:dc:99:65:74:
        fa:eb:94:34:f5:86:f7:4b:56:af:67:f1:82:f8:32:f9:
        e7:84:b4:6b:ec:d9:94:29:bf:8e:74:c8:d9:00:2f:e4:
        e3:df:5d:75:25:f4:c6:eb:4f:22:c4:3a:1a:3d:e6:61:
        f0:d3:26:b9:a6:f4:8d:f8:7d:fc:4b:58:17:d5:f9:1e:
        98:21:19:a6:dd:b4:0b:4f:50:f6:d5:ce:73:d2:17:20:
        2d:a9:0b:79:fd:09:1c:e5:cf:31:18:ff:cd:26:76:4b:
        d3:c7:da:83:10:31:82:92:ef:1f:8a:f3:0a:23:13:af:
        8b:6a:21:52:6c:f9:7b:14:1e:0b:71:40:e8:4d:5c:10:
        fa:39:1f:83:1d:20:3f:25:6f:c5:4b:c4:84:73:ca:f2:
        a1:36:bf:0c:db:14:0f:9e:ff:76:26:68:cc:f7:71:50:
        8d:3b:4d:6d:ac:8f:d8:fd:e9:89:25:4c:be:ac:79:e5:
        ef:ea:57:b6:1e:36:c1:af:6b:a9:07:c2:3c:20:87:40
    Fingerprint (SHA-256):
        33:BD:C5:79:EB:2C:32:9E:95:7F:E4:53:5E:36:A5:92:8C:DA:16:B1:83:D3:96:CE:F8:8C:7A:30:FD:B3:25:0D
    Fingerprint (SHA1):
        19:47:F0:8E:B9:58:C3:4B:09:89:04:D3:46:0C:ED:1D:D9:71:EA:5E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7185: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7186: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #7187: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182843 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7188: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #7189: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7190: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7191: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182844   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7192: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7193: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7194: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7195: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182845   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7196: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7197: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7198: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7199: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628182846   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7200: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7201: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #7202: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182847 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7203: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #7204: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #7205: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7206: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628182848   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7207: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7208: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7209: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7210: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628182849   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7211: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7212: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #7213: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #7214: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #7215: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182843 (0x25714f3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:46:43 2016
            Not After : Mon Jun 28 18:46:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:17:0e:dd:30:0f:f5:24:56:da:10:0d:09:c4:af:45:
                    44:66:3b:ad:a8:14:08:a2:b3:1f:a4:86:cf:28:cc:83:
                    dd:45:27:37:a0:1d:16:e6:04:18:f5:0e:0f:5d:dc:93:
                    5b:cc:5d:35:b0:ee:94:da:b9:79:05:0f:11:27:27:36:
                    7d:cf:af:95:db:ab:c4:2f:52:84:9c:48:f7:9c:d8:7c:
                    17:ac:97:a5:82:04:f7:a8:e7:cc:01:96:a7:0a:61:8c:
                    f6:93:9d:fc:6e:b3:ed:4e:82:78:43:1e:03:79:2f:93:
                    75:01:f4:46:5d:e4:25:0c:cf:4a:d0:ef:f0:7a:66:f9:
                    9c:58:e9:2e:7e:74:3e:eb:0b:9d:6a:4d:e3:c7:99:f8:
                    cf:05:5a:07:5b:55:a8:9b:03:db:f4:5d:4b:80:9e:fb:
                    4d:34:e1:7f:61:4b:06:a3:cd:2c:d9:ad:32:f1:ac:1f:
                    be:d7:a0:3e:f4:18:f3:f9:40:7c:d1:ad:a4:70:da:ed:
                    58:e3:15:2e:e8:d9:a7:6c:e7:37:74:93:01:e4:18:67:
                    a8:c6:35:ff:c6:3b:b3:8d:64:ea:48:9b:48:6b:3d:19:
                    7c:a9:34:11:29:65:72:95:7a:5e:20:00:b4:13:bc:49:
                    ce:f6:23:3c:d8:1e:af:69:bf:83:a5:6c:c4:72:63:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:90:87:9e:86:38:8d:a1:85:52:61:c4:40:b4:a7:64:
        91:01:d2:59:b7:6a:70:54:99:9a:84:c0:cd:8a:fe:d4:
        58:01:fe:2b:06:cc:49:37:3a:e6:92:40:7b:5b:4b:cf:
        50:b2:c8:c6:c7:14:df:e5:cd:d9:d4:99:cc:65:1c:41:
        49:0f:00:0e:89:61:59:2c:4a:cd:67:86:22:55:a5:4c:
        35:d9:73:8e:89:c0:ab:f1:ab:98:8a:75:c9:9b:d7:54:
        60:a4:97:80:a7:c2:84:9b:2d:1e:a9:16:2a:d9:74:8b:
        28:e8:3d:9a:75:12:4d:de:84:d4:c4:3d:e4:b0:48:2d:
        1e:20:19:b0:99:a6:67:1e:8e:05:d0:63:b1:38:d3:65:
        3f:d6:d6:6c:45:be:f8:47:24:4a:72:46:21:c7:ef:23:
        27:10:06:9c:29:9d:4e:d8:62:af:cd:2a:8c:c3:cc:93:
        66:67:df:bd:09:54:8e:29:1b:a7:15:e8:d7:1a:9b:1b:
        3d:5e:7b:20:c8:32:75:2f:68:7d:ea:51:bd:37:b2:b3:
        71:4f:83:00:02:91:00:e1:59:3e:f7:68:03:56:1c:43:
        5b:61:4f:8a:dc:ff:d5:35:b7:a9:56:c6:58:97:e8:69:
        97:fe:e8:8c:13:0e:07:7b:34:3a:21:89:db:21:2f:a5
    Fingerprint (SHA-256):
        AE:1B:FB:CE:07:89:97:8D:62:AF:ED:98:EF:C8:F9:5F:F3:44:CF:29:E2:E1:08:5D:BA:3C:2B:F4:89:C7:C5:5F
    Fingerprint (SHA1):
        41:7F:02:96:35:9E:BB:99:62:4B:3B:CA:48:D5:C9:73:8B:A2:F0:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7216: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182845 (0x25714f3d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:00 2016
            Not After : Mon Jun 28 18:47:00 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e7:48:07:57:e9:d4:53:7b:f8:1f:ae:46:23:87:48:6e:
                    a3:52:b4:e0:a3:ca:38:e7:28:f6:4e:07:d4:b9:cb:a1:
                    eb:4a:2d:a8:53:c0:93:f2:ec:9c:8b:40:e7:77:81:71:
                    cd:21:89:e6:90:06:cf:a0:37:77:95:7f:d5:11:54:4d:
                    bf:86:9d:2c:f8:31:99:64:65:de:02:8d:09:c5:6a:60:
                    49:a7:f8:a2:42:71:93:e9:fc:4e:34:68:c4:fc:75:80:
                    9b:7d:b3:1e:87:c0:d0:99:4d:33:90:6a:ee:da:d8:9d:
                    78:00:03:6f:f0:2f:de:ad:62:16:58:a8:fd:fe:29:8e:
                    12:c0:7e:5a:8c:3b:bc:af:e5:c4:a3:8d:fe:25:14:81:
                    f0:8d:b8:21:cc:0c:f9:6e:69:23:ec:c1:88:b9:40:fb:
                    28:a4:ff:81:40:a1:ee:99:6e:c0:f9:0a:9d:92:e2:0c:
                    ce:17:08:fe:37:99:b3:36:0e:00:53:6d:6b:1c:aa:fb:
                    3d:7f:cd:bb:ed:78:fc:4f:df:76:95:90:f6:f0:8a:80:
                    d3:01:6b:79:94:23:7d:b2:79:ea:57:fc:5c:33:e5:af:
                    92:ca:bf:fa:f1:66:70:0b:35:00:b0:ba:a8:cd:4b:c4:
                    db:e4:bf:be:7a:f2:39:cf:4c:8b:38:95:40:3c:53:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        31:58:fd:1c:34:da:fa:bd:3c:42:39:c1:91:58:91:a1:
        65:64:03:73:39:2e:43:f8:24:c8:90:7e:84:e0:06:09:
        33:69:c5:4c:d7:67:2f:7b:30:ac:fc:fa:4e:52:0b:80:
        73:6d:d0:25:a6:57:1f:81:54:89:7f:79:7b:cf:c7:e2:
        4f:0c:db:1f:3b:96:4b:45:9c:fc:57:95:0d:ba:6f:92:
        73:56:b7:bb:4a:5b:c6:a8:e3:a6:c0:ae:30:31:42:f4:
        07:57:3c:1b:05:6f:60:a6:77:88:98:51:4d:e3:13:ce:
        66:de:d8:2d:c2:2e:01:ce:cb:d4:0f:79:4a:99:8d:db:
        68:5c:8a:8b:af:8f:07:5b:42:9d:35:e3:27:7c:cc:56:
        0c:34:24:af:bc:43:4e:53:28:b9:86:fa:78:83:b3:ec:
        1c:17:86:f8:c1:bb:e2:09:fb:aa:77:d0:75:0e:dc:4d:
        58:64:f6:8e:a6:98:ea:16:4e:fb:d1:e9:81:68:24:d4:
        9a:fd:54:55:59:58:d4:e2:53:6f:a8:49:c0:79:12:89:
        60:80:77:8e:e9:53:35:af:c3:97:d1:49:04:03:7e:17:
        9d:79:d7:4b:0b:f5:62:ae:85:8e:0f:47:4e:a2:6b:46:
        0f:73:a4:49:10:26:5a:63:91:25:f9:57:90:43:17:90
    Fingerprint (SHA-256):
        67:AD:C8:9B:5D:ED:A3:8D:D9:BD:6C:34:3A:D3:7A:8A:CE:82:24:D2:8B:93:89:F9:C0:AD:93:58:7E:41:58:DC
    Fingerprint (SHA1):
        07:11:C4:33:CF:00:F2:C5:F0:40:94:F0:7C:9A:D6:2C:FF:EC:A2:06
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7217: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182843 (0x25714f3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:46:43 2016
            Not After : Mon Jun 28 18:46:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:17:0e:dd:30:0f:f5:24:56:da:10:0d:09:c4:af:45:
                    44:66:3b:ad:a8:14:08:a2:b3:1f:a4:86:cf:28:cc:83:
                    dd:45:27:37:a0:1d:16:e6:04:18:f5:0e:0f:5d:dc:93:
                    5b:cc:5d:35:b0:ee:94:da:b9:79:05:0f:11:27:27:36:
                    7d:cf:af:95:db:ab:c4:2f:52:84:9c:48:f7:9c:d8:7c:
                    17:ac:97:a5:82:04:f7:a8:e7:cc:01:96:a7:0a:61:8c:
                    f6:93:9d:fc:6e:b3:ed:4e:82:78:43:1e:03:79:2f:93:
                    75:01:f4:46:5d:e4:25:0c:cf:4a:d0:ef:f0:7a:66:f9:
                    9c:58:e9:2e:7e:74:3e:eb:0b:9d:6a:4d:e3:c7:99:f8:
                    cf:05:5a:07:5b:55:a8:9b:03:db:f4:5d:4b:80:9e:fb:
                    4d:34:e1:7f:61:4b:06:a3:cd:2c:d9:ad:32:f1:ac:1f:
                    be:d7:a0:3e:f4:18:f3:f9:40:7c:d1:ad:a4:70:da:ed:
                    58:e3:15:2e:e8:d9:a7:6c:e7:37:74:93:01:e4:18:67:
                    a8:c6:35:ff:c6:3b:b3:8d:64:ea:48:9b:48:6b:3d:19:
                    7c:a9:34:11:29:65:72:95:7a:5e:20:00:b4:13:bc:49:
                    ce:f6:23:3c:d8:1e:af:69:bf:83:a5:6c:c4:72:63:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:90:87:9e:86:38:8d:a1:85:52:61:c4:40:b4:a7:64:
        91:01:d2:59:b7:6a:70:54:99:9a:84:c0:cd:8a:fe:d4:
        58:01:fe:2b:06:cc:49:37:3a:e6:92:40:7b:5b:4b:cf:
        50:b2:c8:c6:c7:14:df:e5:cd:d9:d4:99:cc:65:1c:41:
        49:0f:00:0e:89:61:59:2c:4a:cd:67:86:22:55:a5:4c:
        35:d9:73:8e:89:c0:ab:f1:ab:98:8a:75:c9:9b:d7:54:
        60:a4:97:80:a7:c2:84:9b:2d:1e:a9:16:2a:d9:74:8b:
        28:e8:3d:9a:75:12:4d:de:84:d4:c4:3d:e4:b0:48:2d:
        1e:20:19:b0:99:a6:67:1e:8e:05:d0:63:b1:38:d3:65:
        3f:d6:d6:6c:45:be:f8:47:24:4a:72:46:21:c7:ef:23:
        27:10:06:9c:29:9d:4e:d8:62:af:cd:2a:8c:c3:cc:93:
        66:67:df:bd:09:54:8e:29:1b:a7:15:e8:d7:1a:9b:1b:
        3d:5e:7b:20:c8:32:75:2f:68:7d:ea:51:bd:37:b2:b3:
        71:4f:83:00:02:91:00:e1:59:3e:f7:68:03:56:1c:43:
        5b:61:4f:8a:dc:ff:d5:35:b7:a9:56:c6:58:97:e8:69:
        97:fe:e8:8c:13:0e:07:7b:34:3a:21:89:db:21:2f:a5
    Fingerprint (SHA-256):
        AE:1B:FB:CE:07:89:97:8D:62:AF:ED:98:EF:C8:F9:5F:F3:44:CF:29:E2:E1:08:5D:BA:3C:2B:F4:89:C7:C5:5F
    Fingerprint (SHA1):
        41:7F:02:96:35:9E:BB:99:62:4B:3B:CA:48:D5:C9:73:8B:A2:F0:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7218: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #7219: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182843 (0x25714f3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:46:43 2016
            Not After : Mon Jun 28 18:46:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:17:0e:dd:30:0f:f5:24:56:da:10:0d:09:c4:af:45:
                    44:66:3b:ad:a8:14:08:a2:b3:1f:a4:86:cf:28:cc:83:
                    dd:45:27:37:a0:1d:16:e6:04:18:f5:0e:0f:5d:dc:93:
                    5b:cc:5d:35:b0:ee:94:da:b9:79:05:0f:11:27:27:36:
                    7d:cf:af:95:db:ab:c4:2f:52:84:9c:48:f7:9c:d8:7c:
                    17:ac:97:a5:82:04:f7:a8:e7:cc:01:96:a7:0a:61:8c:
                    f6:93:9d:fc:6e:b3:ed:4e:82:78:43:1e:03:79:2f:93:
                    75:01:f4:46:5d:e4:25:0c:cf:4a:d0:ef:f0:7a:66:f9:
                    9c:58:e9:2e:7e:74:3e:eb:0b:9d:6a:4d:e3:c7:99:f8:
                    cf:05:5a:07:5b:55:a8:9b:03:db:f4:5d:4b:80:9e:fb:
                    4d:34:e1:7f:61:4b:06:a3:cd:2c:d9:ad:32:f1:ac:1f:
                    be:d7:a0:3e:f4:18:f3:f9:40:7c:d1:ad:a4:70:da:ed:
                    58:e3:15:2e:e8:d9:a7:6c:e7:37:74:93:01:e4:18:67:
                    a8:c6:35:ff:c6:3b:b3:8d:64:ea:48:9b:48:6b:3d:19:
                    7c:a9:34:11:29:65:72:95:7a:5e:20:00:b4:13:bc:49:
                    ce:f6:23:3c:d8:1e:af:69:bf:83:a5:6c:c4:72:63:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:90:87:9e:86:38:8d:a1:85:52:61:c4:40:b4:a7:64:
        91:01:d2:59:b7:6a:70:54:99:9a:84:c0:cd:8a:fe:d4:
        58:01:fe:2b:06:cc:49:37:3a:e6:92:40:7b:5b:4b:cf:
        50:b2:c8:c6:c7:14:df:e5:cd:d9:d4:99:cc:65:1c:41:
        49:0f:00:0e:89:61:59:2c:4a:cd:67:86:22:55:a5:4c:
        35:d9:73:8e:89:c0:ab:f1:ab:98:8a:75:c9:9b:d7:54:
        60:a4:97:80:a7:c2:84:9b:2d:1e:a9:16:2a:d9:74:8b:
        28:e8:3d:9a:75:12:4d:de:84:d4:c4:3d:e4:b0:48:2d:
        1e:20:19:b0:99:a6:67:1e:8e:05:d0:63:b1:38:d3:65:
        3f:d6:d6:6c:45:be:f8:47:24:4a:72:46:21:c7:ef:23:
        27:10:06:9c:29:9d:4e:d8:62:af:cd:2a:8c:c3:cc:93:
        66:67:df:bd:09:54:8e:29:1b:a7:15:e8:d7:1a:9b:1b:
        3d:5e:7b:20:c8:32:75:2f:68:7d:ea:51:bd:37:b2:b3:
        71:4f:83:00:02:91:00:e1:59:3e:f7:68:03:56:1c:43:
        5b:61:4f:8a:dc:ff:d5:35:b7:a9:56:c6:58:97:e8:69:
        97:fe:e8:8c:13:0e:07:7b:34:3a:21:89:db:21:2f:a5
    Fingerprint (SHA-256):
        AE:1B:FB:CE:07:89:97:8D:62:AF:ED:98:EF:C8:F9:5F:F3:44:CF:29:E2:E1:08:5D:BA:3C:2B:F4:89:C7:C5:5F
    Fingerprint (SHA1):
        41:7F:02:96:35:9E:BB:99:62:4B:3B:CA:48:D5:C9:73:8B:A2:F0:79
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7220: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182845 (0x25714f3d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:00 2016
            Not After : Mon Jun 28 18:47:00 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e7:48:07:57:e9:d4:53:7b:f8:1f:ae:46:23:87:48:6e:
                    a3:52:b4:e0:a3:ca:38:e7:28:f6:4e:07:d4:b9:cb:a1:
                    eb:4a:2d:a8:53:c0:93:f2:ec:9c:8b:40:e7:77:81:71:
                    cd:21:89:e6:90:06:cf:a0:37:77:95:7f:d5:11:54:4d:
                    bf:86:9d:2c:f8:31:99:64:65:de:02:8d:09:c5:6a:60:
                    49:a7:f8:a2:42:71:93:e9:fc:4e:34:68:c4:fc:75:80:
                    9b:7d:b3:1e:87:c0:d0:99:4d:33:90:6a:ee:da:d8:9d:
                    78:00:03:6f:f0:2f:de:ad:62:16:58:a8:fd:fe:29:8e:
                    12:c0:7e:5a:8c:3b:bc:af:e5:c4:a3:8d:fe:25:14:81:
                    f0:8d:b8:21:cc:0c:f9:6e:69:23:ec:c1:88:b9:40:fb:
                    28:a4:ff:81:40:a1:ee:99:6e:c0:f9:0a:9d:92:e2:0c:
                    ce:17:08:fe:37:99:b3:36:0e:00:53:6d:6b:1c:aa:fb:
                    3d:7f:cd:bb:ed:78:fc:4f:df:76:95:90:f6:f0:8a:80:
                    d3:01:6b:79:94:23:7d:b2:79:ea:57:fc:5c:33:e5:af:
                    92:ca:bf:fa:f1:66:70:0b:35:00:b0:ba:a8:cd:4b:c4:
                    db:e4:bf:be:7a:f2:39:cf:4c:8b:38:95:40:3c:53:ff
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        31:58:fd:1c:34:da:fa:bd:3c:42:39:c1:91:58:91:a1:
        65:64:03:73:39:2e:43:f8:24:c8:90:7e:84:e0:06:09:
        33:69:c5:4c:d7:67:2f:7b:30:ac:fc:fa:4e:52:0b:80:
        73:6d:d0:25:a6:57:1f:81:54:89:7f:79:7b:cf:c7:e2:
        4f:0c:db:1f:3b:96:4b:45:9c:fc:57:95:0d:ba:6f:92:
        73:56:b7:bb:4a:5b:c6:a8:e3:a6:c0:ae:30:31:42:f4:
        07:57:3c:1b:05:6f:60:a6:77:88:98:51:4d:e3:13:ce:
        66:de:d8:2d:c2:2e:01:ce:cb:d4:0f:79:4a:99:8d:db:
        68:5c:8a:8b:af:8f:07:5b:42:9d:35:e3:27:7c:cc:56:
        0c:34:24:af:bc:43:4e:53:28:b9:86:fa:78:83:b3:ec:
        1c:17:86:f8:c1:bb:e2:09:fb:aa:77:d0:75:0e:dc:4d:
        58:64:f6:8e:a6:98:ea:16:4e:fb:d1:e9:81:68:24:d4:
        9a:fd:54:55:59:58:d4:e2:53:6f:a8:49:c0:79:12:89:
        60:80:77:8e:e9:53:35:af:c3:97:d1:49:04:03:7e:17:
        9d:79:d7:4b:0b:f5:62:ae:85:8e:0f:47:4e:a2:6b:46:
        0f:73:a4:49:10:26:5a:63:91:25:f9:57:90:43:17:90
    Fingerprint (SHA-256):
        67:AD:C8:9B:5D:ED:A3:8D:D9:BD:6C:34:3A:D3:7A:8A:CE:82:24:D2:8B:93:89:F9:C0:AD:93:58:7E:41:58:DC
    Fingerprint (SHA1):
        07:11:C4:33:CF:00:F2:C5:F0:40:94:F0:7C:9A:D6:2C:FF:EC:A2:06
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7221: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #7222: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #7223: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #7224: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182843 (0x25714f3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:46:43 2016
            Not After : Mon Jun 28 18:46:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:17:0e:dd:30:0f:f5:24:56:da:10:0d:09:c4:af:45:
                    44:66:3b:ad:a8:14:08:a2:b3:1f:a4:86:cf:28:cc:83:
                    dd:45:27:37:a0:1d:16:e6:04:18:f5:0e:0f:5d:dc:93:
                    5b:cc:5d:35:b0:ee:94:da:b9:79:05:0f:11:27:27:36:
                    7d:cf:af:95:db:ab:c4:2f:52:84:9c:48:f7:9c:d8:7c:
                    17:ac:97:a5:82:04:f7:a8:e7:cc:01:96:a7:0a:61:8c:
                    f6:93:9d:fc:6e:b3:ed:4e:82:78:43:1e:03:79:2f:93:
                    75:01:f4:46:5d:e4:25:0c:cf:4a:d0:ef:f0:7a:66:f9:
                    9c:58:e9:2e:7e:74:3e:eb:0b:9d:6a:4d:e3:c7:99:f8:
                    cf:05:5a:07:5b:55:a8:9b:03:db:f4:5d:4b:80:9e:fb:
                    4d:34:e1:7f:61:4b:06:a3:cd:2c:d9:ad:32:f1:ac:1f:
                    be:d7:a0:3e:f4:18:f3:f9:40:7c:d1:ad:a4:70:da:ed:
                    58:e3:15:2e:e8:d9:a7:6c:e7:37:74:93:01:e4:18:67:
                    a8:c6:35:ff:c6:3b:b3:8d:64:ea:48:9b:48:6b:3d:19:
                    7c:a9:34:11:29:65:72:95:7a:5e:20:00:b4:13:bc:49:
                    ce:f6:23:3c:d8:1e:af:69:bf:83:a5:6c:c4:72:63:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:90:87:9e:86:38:8d:a1:85:52:61:c4:40:b4:a7:64:
        91:01:d2:59:b7:6a:70:54:99:9a:84:c0:cd:8a:fe:d4:
        58:01:fe:2b:06:cc:49:37:3a:e6:92:40:7b:5b:4b:cf:
        50:b2:c8:c6:c7:14:df:e5:cd:d9:d4:99:cc:65:1c:41:
        49:0f:00:0e:89:61:59:2c:4a:cd:67:86:22:55:a5:4c:
        35:d9:73:8e:89:c0:ab:f1:ab:98:8a:75:c9:9b:d7:54:
        60:a4:97:80:a7:c2:84:9b:2d:1e:a9:16:2a:d9:74:8b:
        28:e8:3d:9a:75:12:4d:de:84:d4:c4:3d:e4:b0:48:2d:
        1e:20:19:b0:99:a6:67:1e:8e:05:d0:63:b1:38:d3:65:
        3f:d6:d6:6c:45:be:f8:47:24:4a:72:46:21:c7:ef:23:
        27:10:06:9c:29:9d:4e:d8:62:af:cd:2a:8c:c3:cc:93:
        66:67:df:bd:09:54:8e:29:1b:a7:15:e8:d7:1a:9b:1b:
        3d:5e:7b:20:c8:32:75:2f:68:7d:ea:51:bd:37:b2:b3:
        71:4f:83:00:02:91:00:e1:59:3e:f7:68:03:56:1c:43:
        5b:61:4f:8a:dc:ff:d5:35:b7:a9:56:c6:58:97:e8:69:
        97:fe:e8:8c:13:0e:07:7b:34:3a:21:89:db:21:2f:a5
    Fingerprint (SHA-256):
        AE:1B:FB:CE:07:89:97:8D:62:AF:ED:98:EF:C8:F9:5F:F3:44:CF:29:E2:E1:08:5D:BA:3C:2B:F4:89:C7:C5:5F
    Fingerprint (SHA1):
        41:7F:02:96:35:9E:BB:99:62:4B:3B:CA:48:D5:C9:73:8B:A2:F0:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7225: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182847 (0x25714f3f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:21 2016
            Not After : Mon Jun 28 18:47:21 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a5:36:8e:90:a6:96:d8:8d:26:e9:65:25:ef:42:6b:92:
                    6d:a4:69:e9:80:f0:de:6f:02:e7:42:0e:c0:6c:fd:42:
                    9f:9a:05:7e:6f:8d:f4:ae:86:ac:43:70:e0:21:ac:e3:
                    e7:7f:64:19:03:4e:63:68:84:ed:0e:34:7f:34:8e:4f:
                    15:6a:c3:39:3c:e5:ab:90:07:de:df:3e:bb:aa:a3:4c:
                    63:da:13:d8:a3:87:18:47:ad:c9:e9:12:f5:3d:a9:f7:
                    5f:e8:2f:b8:98:3f:51:eb:07:34:2d:bc:82:61:db:05:
                    f7:e7:ad:f7:cf:6c:79:16:3a:cf:c2:73:09:6b:41:24:
                    73:0b:74:36:d2:ce:c3:2f:c6:7e:73:93:d5:75:1a:81:
                    39:56:e4:2a:15:a6:0c:5b:5f:1e:d8:6d:37:6d:bf:8b:
                    79:f8:d0:9d:7c:29:1c:8d:2f:8d:8a:01:a3:ca:02:85:
                    fa:78:4a:9f:a5:94:fe:1d:86:b7:51:44:88:c1:ea:3a:
                    b7:57:89:d3:12:28:b4:b4:8b:20:90:7c:a3:7e:de:fd:
                    cd:f9:6a:97:29:85:87:b1:d1:06:bb:d0:20:d7:54:1d:
                    75:07:0b:d7:40:94:dd:8f:af:3b:42:f3:7c:d7:38:91:
                    1b:53:26:6d:89:2c:5e:cd:96:eb:2f:9c:b6:c9:15:89
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        64:27:06:47:26:2a:6a:64:41:2e:3a:28:57:d1:d0:fd:
        24:d9:ff:9d:32:b4:b4:13:d0:6b:19:0d:0a:ca:9e:7c:
        6f:6b:95:1a:96:ef:a6:31:7b:f8:da:b4:85:40:60:04:
        e8:b1:d3:6b:11:cd:7d:9f:89:20:dd:93:e0:a9:09:28:
        51:94:0a:c5:d8:56:20:d4:99:93:01:d1:75:1f:36:d3:
        09:d7:38:72:eb:85:09:89:63:7e:d3:d0:67:61:eb:b1:
        85:4f:4e:6f:8a:2d:f2:cb:8a:1d:71:d1:dc:d2:91:01:
        6e:fb:46:4c:41:59:a3:e1:ca:c3:94:17:30:d4:99:e8:
        d3:26:4d:20:76:66:36:59:86:20:e8:3e:51:6a:96:34:
        09:96:59:ea:0e:fd:ee:15:da:38:17:65:cd:80:0b:a9:
        1c:b4:b1:9a:31:13:b7:b2:97:28:e3:4d:07:82:55:5f:
        0c:48:44:18:38:cc:a9:e3:43:ce:ad:62:ec:7f:19:1a:
        e9:9b:10:0d:93:4e:5f:54:cf:7c:fd:cc:cd:4d:b0:82:
        c2:ef:7e:c3:84:ad:e2:94:89:3b:62:b8:6c:07:a5:7b:
        b2:95:d1:d2:71:55:2a:e8:71:e9:71:66:f3:5f:b2:4c:
        81:48:47:96:7a:08:69:86:58:ac:41:b2:ee:e2:5f:d8
    Fingerprint (SHA-256):
        29:D8:1F:16:B9:BA:C4:BC:23:80:53:CB:18:10:05:DE:83:75:7B:16:3B:1D:77:72:FF:5D:BF:80:C2:0C:6E:57
    Fingerprint (SHA1):
        68:F5:0C:0C:1E:3F:6A:E5:8D:9E:65:F3:5A:DE:DF:E6:A7:8B:2F:CF
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #7226: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182843 (0x25714f3b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:46:43 2016
            Not After : Mon Jun 28 18:46:43 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c2:17:0e:dd:30:0f:f5:24:56:da:10:0d:09:c4:af:45:
                    44:66:3b:ad:a8:14:08:a2:b3:1f:a4:86:cf:28:cc:83:
                    dd:45:27:37:a0:1d:16:e6:04:18:f5:0e:0f:5d:dc:93:
                    5b:cc:5d:35:b0:ee:94:da:b9:79:05:0f:11:27:27:36:
                    7d:cf:af:95:db:ab:c4:2f:52:84:9c:48:f7:9c:d8:7c:
                    17:ac:97:a5:82:04:f7:a8:e7:cc:01:96:a7:0a:61:8c:
                    f6:93:9d:fc:6e:b3:ed:4e:82:78:43:1e:03:79:2f:93:
                    75:01:f4:46:5d:e4:25:0c:cf:4a:d0:ef:f0:7a:66:f9:
                    9c:58:e9:2e:7e:74:3e:eb:0b:9d:6a:4d:e3:c7:99:f8:
                    cf:05:5a:07:5b:55:a8:9b:03:db:f4:5d:4b:80:9e:fb:
                    4d:34:e1:7f:61:4b:06:a3:cd:2c:d9:ad:32:f1:ac:1f:
                    be:d7:a0:3e:f4:18:f3:f9:40:7c:d1:ad:a4:70:da:ed:
                    58:e3:15:2e:e8:d9:a7:6c:e7:37:74:93:01:e4:18:67:
                    a8:c6:35:ff:c6:3b:b3:8d:64:ea:48:9b:48:6b:3d:19:
                    7c:a9:34:11:29:65:72:95:7a:5e:20:00:b4:13:bc:49:
                    ce:f6:23:3c:d8:1e:af:69:bf:83:a5:6c:c4:72:63:b9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2b:90:87:9e:86:38:8d:a1:85:52:61:c4:40:b4:a7:64:
        91:01:d2:59:b7:6a:70:54:99:9a:84:c0:cd:8a:fe:d4:
        58:01:fe:2b:06:cc:49:37:3a:e6:92:40:7b:5b:4b:cf:
        50:b2:c8:c6:c7:14:df:e5:cd:d9:d4:99:cc:65:1c:41:
        49:0f:00:0e:89:61:59:2c:4a:cd:67:86:22:55:a5:4c:
        35:d9:73:8e:89:c0:ab:f1:ab:98:8a:75:c9:9b:d7:54:
        60:a4:97:80:a7:c2:84:9b:2d:1e:a9:16:2a:d9:74:8b:
        28:e8:3d:9a:75:12:4d:de:84:d4:c4:3d:e4:b0:48:2d:
        1e:20:19:b0:99:a6:67:1e:8e:05:d0:63:b1:38:d3:65:
        3f:d6:d6:6c:45:be:f8:47:24:4a:72:46:21:c7:ef:23:
        27:10:06:9c:29:9d:4e:d8:62:af:cd:2a:8c:c3:cc:93:
        66:67:df:bd:09:54:8e:29:1b:a7:15:e8:d7:1a:9b:1b:
        3d:5e:7b:20:c8:32:75:2f:68:7d:ea:51:bd:37:b2:b3:
        71:4f:83:00:02:91:00:e1:59:3e:f7:68:03:56:1c:43:
        5b:61:4f:8a:dc:ff:d5:35:b7:a9:56:c6:58:97:e8:69:
        97:fe:e8:8c:13:0e:07:7b:34:3a:21:89:db:21:2f:a5
    Fingerprint (SHA-256):
        AE:1B:FB:CE:07:89:97:8D:62:AF:ED:98:EF:C8:F9:5F:F3:44:CF:29:E2:E1:08:5D:BA:3C:2B:F4:89:C7:C5:5F
    Fingerprint (SHA1):
        41:7F:02:96:35:9E:BB:99:62:4B:3B:CA:48:D5:C9:73:8B:A2:F0:79
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7227: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #7228: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #7229: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #7230: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #7231: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #7232: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182848 (0x25714f40)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:30 2016
            Not After : Mon Jun 28 18:47:30 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bc:be:1b:7f:7d:49:fe:73:b8:7c:52:bf:39:41:62:e5:
                    24:53:47:e5:4f:e0:e7:a4:80:73:82:ed:5d:f7:22:a0:
                    df:6b:37:e2:ec:88:60:0c:d7:e9:07:c8:7d:07:0a:52:
                    4e:5c:1c:83:46:b7:51:0a:4e:a5:b2:f6:2d:0b:a0:59:
                    63:52:3f:cc:bb:e4:70:13:5a:91:68:c1:52:f5:de:42:
                    19:7d:c7:d3:24:31:c0:b1:44:37:9b:08:89:d9:37:3d:
                    f2:63:50:b2:ee:9a:e8:0f:31:2e:92:92:18:04:9d:98:
                    f0:bb:5e:2c:9b:6c:2c:5c:ac:9d:2c:c8:06:ca:25:ac:
                    8f:99:71:0a:26:36:8d:08:64:d7:a1:38:06:3a:c6:a3:
                    b8:72:de:57:9f:d5:38:28:25:2c:20:02:fa:86:7f:be:
                    15:51:75:de:e7:7d:d1:9d:3a:7b:2d:95:3d:95:7a:a3:
                    e9:16:f5:33:2a:73:a6:45:09:a2:dc:1c:89:b6:d2:17:
                    e6:16:5e:e2:5f:5f:25:14:0b:cd:00:73:12:25:5b:16:
                    8d:8c:18:27:f0:f1:28:b2:e0:43:97:6d:ba:e9:91:4a:
                    2f:3a:74:58:a9:01:7d:61:51:68:2f:bd:10:a4:95:10:
                    47:87:5f:a2:d2:85:88:8b:be:d3:9d:8a:d7:ec:99:b1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        91:4e:62:62:f1:be:44:3e:b5:f0:f8:6a:36:67:36:25:
        1b:83:31:14:25:d7:c8:87:48:8f:8c:d0:1a:47:14:20:
        7f:8f:48:83:4a:63:29:3c:96:97:1a:db:73:f9:38:8c:
        d3:ba:3c:aa:43:a1:c0:6b:93:3d:f7:ec:30:78:a0:6c:
        65:53:ae:61:39:0c:9d:c9:7b:25:2b:51:ca:19:55:9b:
        07:ff:55:29:37:10:0e:85:13:94:13:1e:48:bd:c2:63:
        c4:bb:fa:66:d7:c6:0c:9a:64:ca:1b:14:9a:ce:a6:1c:
        05:38:79:fe:30:d7:06:f3:2e:ea:af:48:83:40:5e:b9:
        13:6f:d8:65:7d:a3:c5:d1:88:e3:54:fa:dd:57:47:9e:
        b8:e7:c2:ee:33:37:0c:4d:c3:38:85:1b:4c:92:77:77:
        d8:9d:b2:c4:56:3e:23:55:88:45:dd:ee:e3:d1:cd:4c:
        58:36:31:0d:5f:48:17:81:82:a0:cc:39:ae:92:7e:7e:
        47:1a:76:66:9d:40:1f:a5:3d:03:b5:f5:41:c2:0c:76:
        ef:90:e8:7c:8b:27:0c:33:7b:6c:a0:76:43:2c:6a:7f:
        18:42:7b:a0:91:57:d9:05:06:57:8f:0e:7d:c7:01:74:
        c4:49:81:1d:41:73:cb:6d:cc:0c:02:94:7b:89:af:be
    Fingerprint (SHA-256):
        25:8C:CB:50:29:60:0D:18:0C:9A:16:91:00:71:AE:A3:75:35:43:C7:D7:62:46:3E:BE:CE:2A:49:62:6A:AD:B2
    Fingerprint (SHA1):
        FE:33:58:39:3B:79:AC:EA:63:66:9D:9B:B7:AE:C2:B1:F0:3F:F3:11
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7233: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #7234: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #7235: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #7236: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #7237: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #7238: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7239: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7240: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #7241: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7242: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7243: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7244: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7245: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #7246: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7247: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7248: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7249: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #7250: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7251: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #7252: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7253: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #7254: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #7255: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #7256: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 16435 at Tue Jun 28 18:47:54 UTC 2016
kill -USR1 16435
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 16435 killed at Tue Jun 28 18:47:54 UTC 2016
httpserv starting at Tue Jun 28 18:47:54 UTC 2016
httpserv -D -p 9668  \
         -A OCSPRoot -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPRoot.crl -A OCSPCA1 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA1.crl \
         -A OCSPCA2  -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA2.crl  -A OCSPCA3 -C /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/OCSPCA3.crl \
         -O get-unknown -d /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/ -f /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/chains/OCSPD/ServerDB/dbpasswd \
         -i /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/aiahttp/http_pid.14577  &
trying to connect to httpserv at Tue Jun 28 18:47:54 UTC 2016
tstclnt -p 9668 -h localhost.localdomain -q -v
tstclnt: connecting to localhost.localdomain:9668 (address=::1)
kill -0 31850 >/dev/null 2>/dev/null
httpserv with PID 31850 found at Tue Jun 28 18:47:54 UTC 2016
httpserv with PID 31850 started at Tue Jun 28 18:47:54 UTC 2016
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #7257: Bridge: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182850 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7258: Bridge: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #7259: Bridge: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #7260: Bridge: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182851 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7261: Bridge: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #7262: Bridge: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #7263: Bridge: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7264: Bridge: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182852 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7265: Bridge: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7266: Bridge: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182853 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7267: Bridge: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7268: Bridge: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #7269: Bridge: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #7270: Bridge: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7271: Bridge: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserBridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i UserReq.der -o UserBridge.der -f BridgeDB/dbpasswd -m 628182854   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7272: Bridge: Creating certficate UserBridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate UserBridge.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserBridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7273: Bridge: Importing certificate UserBridge.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7274: Bridge: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Army.der to AllDB database
certutil -A -n Army  -t "" -d AllDB -f AllDB/dbpasswd -i Army.der
chains.sh: #7275: Bridge: Importing certificate Army.der to AllDB database  - PASSED
chains.sh: Importing certificate Navy.der to AllDB database
certutil -A -n Navy  -t "" -d AllDB -f AllDB/dbpasswd -i Navy.der
chains.sh: #7276: Bridge: Importing certificate Navy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182851 (0x25714f43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:48:12 2016
            Not After : Mon Jun 28 18:48:12 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f6:31:05:d0:cf:ef:98:22:6e:5c:b5:d5:b8:0c:ca:e7:
                    f9:77:56:52:be:70:1b:94:5e:2a:b3:cf:56:e8:c7:db:
                    a5:5f:58:44:15:16:50:d0:f4:6b:1a:ff:ef:e5:77:d6:
                    3d:09:49:00:c7:4d:5a:68:9d:92:20:75:48:6d:c7:8a:
                    5b:13:81:06:c8:13:57:a3:a1:35:b9:dc:d8:37:6e:f7:
                    9d:16:e1:cc:55:3b:da:98:15:df:9f:37:c7:61:0d:f9:
                    2f:98:53:90:a6:03:80:12:d4:de:61:df:20:c3:c3:9f:
                    20:a3:16:ee:cf:6b:31:80:a8:ae:6d:9c:24:58:a5:45:
                    bb:16:ed:f0:ec:dc:91:e6:8e:91:07:e7:0b:83:8f:b9:
                    52:19:ff:71:48:b8:53:74:6e:d2:20:35:75:3b:e8:ab:
                    db:37:30:ff:19:8d:82:53:82:4c:87:4c:70:69:06:fd:
                    b7:ac:e0:cc:90:e3:a8:a8:55:5b:60:12:69:c2:96:a0:
                    6c:58:36:14:81:e7:e2:06:50:d4:2b:4f:98:a6:8f:bc:
                    40:60:94:ab:45:0e:0c:ee:93:a2:be:f2:5b:97:ad:0c:
                    c4:be:84:2f:fc:d8:2b:5c:b2:d9:90:a6:14:c0:6a:84:
                    32:7d:1e:76:85:a1:18:d9:9e:ed:ce:4a:5c:20:91:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a9:52:fb:fb:c1:f9:da:fa:aa:b1:09:b2:cc:6d:a4:c5:
        58:30:15:df:e8:ad:a8:76:31:14:55:e4:8a:47:98:f3:
        e4:8c:bc:a0:63:2a:60:e7:43:04:a0:bb:35:18:46:10:
        32:39:13:c4:03:55:d4:39:6d:c9:97:f8:20:1e:55:9f:
        80:9b:1f:c3:5c:42:e6:91:f1:41:ee:87:95:21:3c:eb:
        6b:5f:d1:56:5d:fc:53:b1:04:58:18:52:98:91:3e:68:
        13:2a:5b:38:bf:c4:2a:7f:ea:e5:c7:c0:49:c1:8a:12:
        cd:e0:fc:0c:6e:ab:f0:41:94:82:42:8e:df:2d:52:0c:
        e4:bc:ce:f0:34:dc:d1:43:2c:6c:15:2c:15:6a:06:e1:
        02:25:8b:15:64:2d:5a:3a:04:99:73:70:9e:9d:08:23:
        f2:8c:a9:27:d0:3d:1f:b3:c2:43:21:7d:5c:a9:d7:67:
        54:4f:45:70:de:ca:23:13:5a:eb:0c:ff:34:cf:71:d8:
        4c:18:ac:f0:85:6a:f1:52:cb:7d:2f:37:2a:7e:11:e2:
        0f:35:78:b6:02:e5:e4:ae:a0:90:39:18:6a:15:57:41:
        48:78:82:08:4e:18:f3:21:43:40:69:d5:36:38:b4:9c:
        da:6e:30:a6:2d:e3:62:a7:4f:e9:02:e3:37:84:de:81
    Fingerprint (SHA-256):
        E6:CE:54:3F:07:81:8E:8B:A5:41:BA:8D:D1:F7:CA:B3:E7:18:D8:60:E3:FC:22:03:60:71:F5:BF:DA:6F:6B:F6
    Fingerprint (SHA1):
        51:30:13:31:95:F2:8F:8A:1F:56:5A:A9:3D:31:6A:DD:EA:90:B6:DB
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7277: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182850 (0x25714f42)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:58 2016
            Not After : Mon Jun 28 18:47:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:09:81:59:bb:4a:00:a4:39:68:2b:bd:17:a8:28:20:
                    15:ae:b2:e2:11:45:f6:99:c9:90:b8:4c:bc:35:fd:5a:
                    36:27:3a:1c:47:3a:61:12:74:9e:1e:5b:d8:5c:cd:4c:
                    c7:39:bd:78:86:ac:1b:a6:e0:f2:83:c2:b1:ca:74:9b:
                    23:f4:88:fb:ee:82:f4:67:07:4d:c8:56:af:6a:fb:50:
                    3b:e3:6b:65:2e:ea:25:ed:9c:3e:17:2e:32:66:51:82:
                    49:35:78:76:ac:7a:be:0f:9c:a2:47:88:87:fa:dc:0e:
                    0f:f8:a5:86:d0:b5:2e:a3:fe:58:3a:a3:e4:e9:34:53:
                    2a:8e:87:20:fc:e1:c5:c1:dd:82:b2:6d:a8:4b:88:da:
                    1b:75:ad:c2:b3:06:36:03:73:28:6a:bf:c2:0a:00:1e:
                    52:be:05:4d:4b:ad:4f:a7:2a:ba:96:a1:a3:14:3d:af:
                    53:0e:62:db:6b:6a:89:1e:26:46:20:19:ef:ea:0a:0c:
                    4e:00:f1:64:70:bd:0c:a2:f2:69:72:a7:17:a5:3e:58:
                    59:f1:cf:3b:2d:8f:87:3f:f5:db:ff:ba:19:a2:48:6c:
                    73:c5:0b:b5:a0:34:28:4c:90:04:d2:a3:34:12:96:64:
                    f4:f0:80:48:ce:14:c5:54:8f:3f:7e:05:a7:b8:5c:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:1c:68:d9:10:54:1f:bc:5a:7c:86:26:39:68:fe:b9:
        3d:bb:48:17:c8:8d:a8:78:87:31:0c:5d:0c:70:3f:5c:
        62:f8:cf:cb:da:42:3d:c7:f7:d6:97:dc:cd:75:ba:a9:
        a1:53:03:f3:42:4a:c7:a9:b9:7e:2d:27:21:de:d0:ea:
        39:ef:09:52:58:b7:3c:ec:6a:cf:7e:7e:55:ad:25:f4:
        0d:45:71:13:5f:79:50:2c:1b:8d:92:8c:1a:76:a4:8b:
        e3:72:2c:b7:32:b3:92:68:bd:cf:7c:98:39:8d:d7:84:
        e6:62:ed:7d:aa:59:89:fc:ca:94:04:42:b8:31:89:bb:
        8a:20:c5:cf:96:88:7d:7e:c0:56:73:91:f4:2e:09:a5:
        d9:94:8c:40:20:81:16:e5:ea:40:8e:bf:05:d0:48:b9:
        d1:78:fc:5a:31:2d:a4:35:1e:37:6e:35:75:f0:fb:9b:
        b2:38:5c:3e:cb:bf:08:c8:2a:3d:84:3a:b1:b6:43:08:
        03:8a:ed:f8:c0:e5:7c:cf:73:f2:79:80:11:86:41:84:
        d9:93:9f:a6:c9:6e:fc:b5:c2:26:eb:0f:ea:a1:e2:8c:
        cf:86:3a:44:dd:ca:62:a0:59:b9:c8:c1:35:93:84:aa:
        c6:a0:56:27:df:52:26:24:6d:7e:5c:2d:a1:28:03:fc
    Fingerprint (SHA-256):
        B6:6D:8E:CF:23:47:9E:D3:96:B7:68:A7:0E:D8:92:AA:C3:70:46:38:A9:BD:6E:D7:57:EC:F2:3A:9E:75:AF:0F
    Fingerprint (SHA1):
        EA:E1:C9:E4:01:F7:57:2B:3C:B0:2D:60:37:37:24:14:F6:8D:1E:1B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7278: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der BridgeNavy.der  -t Army
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Navy [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #7279: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Importing certificate BridgeArmy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeArmy.der
chains.sh: #7280: Bridge: Importing certificate BridgeArmy.der to AllDB database  - PASSED
chains.sh: Importing certificate BridgeNavy.der to AllDB database
certutil -A -n Bridge  -t "" -d AllDB -f AllDB/dbpasswd -i BridgeNavy.der
chains.sh: #7281: Bridge: Importing certificate BridgeNavy.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army
vfychain -d AllDB -pp -vv       UserBridge.der  -t Army
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182850 (0x25714f42)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:58 2016
            Not After : Mon Jun 28 18:47:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:09:81:59:bb:4a:00:a4:39:68:2b:bd:17:a8:28:20:
                    15:ae:b2:e2:11:45:f6:99:c9:90:b8:4c:bc:35:fd:5a:
                    36:27:3a:1c:47:3a:61:12:74:9e:1e:5b:d8:5c:cd:4c:
                    c7:39:bd:78:86:ac:1b:a6:e0:f2:83:c2:b1:ca:74:9b:
                    23:f4:88:fb:ee:82:f4:67:07:4d:c8:56:af:6a:fb:50:
                    3b:e3:6b:65:2e:ea:25:ed:9c:3e:17:2e:32:66:51:82:
                    49:35:78:76:ac:7a:be:0f:9c:a2:47:88:87:fa:dc:0e:
                    0f:f8:a5:86:d0:b5:2e:a3:fe:58:3a:a3:e4:e9:34:53:
                    2a:8e:87:20:fc:e1:c5:c1:dd:82:b2:6d:a8:4b:88:da:
                    1b:75:ad:c2:b3:06:36:03:73:28:6a:bf:c2:0a:00:1e:
                    52:be:05:4d:4b:ad:4f:a7:2a:ba:96:a1:a3:14:3d:af:
                    53:0e:62:db:6b:6a:89:1e:26:46:20:19:ef:ea:0a:0c:
                    4e:00:f1:64:70:bd:0c:a2:f2:69:72:a7:17:a5:3e:58:
                    59:f1:cf:3b:2d:8f:87:3f:f5:db:ff:ba:19:a2:48:6c:
                    73:c5:0b:b5:a0:34:28:4c:90:04:d2:a3:34:12:96:64:
                    f4:f0:80:48:ce:14:c5:54:8f:3f:7e:05:a7:b8:5c:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:1c:68:d9:10:54:1f:bc:5a:7c:86:26:39:68:fe:b9:
        3d:bb:48:17:c8:8d:a8:78:87:31:0c:5d:0c:70:3f:5c:
        62:f8:cf:cb:da:42:3d:c7:f7:d6:97:dc:cd:75:ba:a9:
        a1:53:03:f3:42:4a:c7:a9:b9:7e:2d:27:21:de:d0:ea:
        39:ef:09:52:58:b7:3c:ec:6a:cf:7e:7e:55:ad:25:f4:
        0d:45:71:13:5f:79:50:2c:1b:8d:92:8c:1a:76:a4:8b:
        e3:72:2c:b7:32:b3:92:68:bd:cf:7c:98:39:8d:d7:84:
        e6:62:ed:7d:aa:59:89:fc:ca:94:04:42:b8:31:89:bb:
        8a:20:c5:cf:96:88:7d:7e:c0:56:73:91:f4:2e:09:a5:
        d9:94:8c:40:20:81:16:e5:ea:40:8e:bf:05:d0:48:b9:
        d1:78:fc:5a:31:2d:a4:35:1e:37:6e:35:75:f0:fb:9b:
        b2:38:5c:3e:cb:bf:08:c8:2a:3d:84:3a:b1:b6:43:08:
        03:8a:ed:f8:c0:e5:7c:cf:73:f2:79:80:11:86:41:84:
        d9:93:9f:a6:c9:6e:fc:b5:c2:26:eb:0f:ea:a1:e2:8c:
        cf:86:3a:44:dd:ca:62:a0:59:b9:c8:c1:35:93:84:aa:
        c6:a0:56:27:df:52:26:24:6d:7e:5c:2d:a1:28:03:fc
    Fingerprint (SHA-256):
        B6:6D:8E:CF:23:47:9E:D3:96:B7:68:A7:0E:D8:92:AA:C3:70:46:38:A9:BD:6E:D7:57:EC:F2:3A:9E:75:AF:0F
    Fingerprint (SHA1):
        EA:E1:C9:E4:01:F7:57:2B:3C:B0:2D:60:37:37:24:14:F6:8D:1E:1B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7282: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Army - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy
vfychain -d AllDB -pp -vv       UserBridge.der  -t Navy
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182851 (0x25714f43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:48:12 2016
            Not After : Mon Jun 28 18:48:12 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f6:31:05:d0:cf:ef:98:22:6e:5c:b5:d5:b8:0c:ca:e7:
                    f9:77:56:52:be:70:1b:94:5e:2a:b3:cf:56:e8:c7:db:
                    a5:5f:58:44:15:16:50:d0:f4:6b:1a:ff:ef:e5:77:d6:
                    3d:09:49:00:c7:4d:5a:68:9d:92:20:75:48:6d:c7:8a:
                    5b:13:81:06:c8:13:57:a3:a1:35:b9:dc:d8:37:6e:f7:
                    9d:16:e1:cc:55:3b:da:98:15:df:9f:37:c7:61:0d:f9:
                    2f:98:53:90:a6:03:80:12:d4:de:61:df:20:c3:c3:9f:
                    20:a3:16:ee:cf:6b:31:80:a8:ae:6d:9c:24:58:a5:45:
                    bb:16:ed:f0:ec:dc:91:e6:8e:91:07:e7:0b:83:8f:b9:
                    52:19:ff:71:48:b8:53:74:6e:d2:20:35:75:3b:e8:ab:
                    db:37:30:ff:19:8d:82:53:82:4c:87:4c:70:69:06:fd:
                    b7:ac:e0:cc:90:e3:a8:a8:55:5b:60:12:69:c2:96:a0:
                    6c:58:36:14:81:e7:e2:06:50:d4:2b:4f:98:a6:8f:bc:
                    40:60:94:ab:45:0e:0c:ee:93:a2:be:f2:5b:97:ad:0c:
                    c4:be:84:2f:fc:d8:2b:5c:b2:d9:90:a6:14:c0:6a:84:
                    32:7d:1e:76:85:a1:18:d9:9e:ed:ce:4a:5c:20:91:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a9:52:fb:fb:c1:f9:da:fa:aa:b1:09:b2:cc:6d:a4:c5:
        58:30:15:df:e8:ad:a8:76:31:14:55:e4:8a:47:98:f3:
        e4:8c:bc:a0:63:2a:60:e7:43:04:a0:bb:35:18:46:10:
        32:39:13:c4:03:55:d4:39:6d:c9:97:f8:20:1e:55:9f:
        80:9b:1f:c3:5c:42:e6:91:f1:41:ee:87:95:21:3c:eb:
        6b:5f:d1:56:5d:fc:53:b1:04:58:18:52:98:91:3e:68:
        13:2a:5b:38:bf:c4:2a:7f:ea:e5:c7:c0:49:c1:8a:12:
        cd:e0:fc:0c:6e:ab:f0:41:94:82:42:8e:df:2d:52:0c:
        e4:bc:ce:f0:34:dc:d1:43:2c:6c:15:2c:15:6a:06:e1:
        02:25:8b:15:64:2d:5a:3a:04:99:73:70:9e:9d:08:23:
        f2:8c:a9:27:d0:3d:1f:b3:c2:43:21:7d:5c:a9:d7:67:
        54:4f:45:70:de:ca:23:13:5a:eb:0c:ff:34:cf:71:d8:
        4c:18:ac:f0:85:6a:f1:52:cb:7d:2f:37:2a:7e:11:e2:
        0f:35:78:b6:02:e5:e4:ae:a0:90:39:18:6a:15:57:41:
        48:78:82:08:4e:18:f3:21:43:40:69:d5:36:38:b4:9c:
        da:6e:30:a6:2d:e3:62:a7:4f:e9:02:e3:37:84:de:81
    Fingerprint (SHA-256):
        E6:CE:54:3F:07:81:8E:8B:A5:41:BA:8D:D1:F7:CA:B3:E7:18:D8:60:E3:FC:22:03:60:71:F5:BF:DA:6F:6B:F6
    Fingerprint (SHA1):
        51:30:13:31:95:F2:8F:8A:1F:56:5A:A9:3D:31:6A:DD:EA:90:B6:DB
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7283: Bridge: Verifying certificate(s)  UserBridge.der with flags -d AllDB -pp       -t Navy - PASSED
chains.sh: Creating DB ArmyOnlyDB
certutil -N -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd
chains.sh: #7284: Bridge: Creating DB ArmyOnlyDB  - PASSED
chains.sh: Importing certificate Army.der to ArmyOnlyDB database
certutil -A -n Army  -t "C,," -d ArmyOnlyDB -f ArmyOnlyDB/dbpasswd -i Army.der
chains.sh: #7285: Bridge: Importing certificate Army.der to ArmyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #7286: Bridge: Verifying certificate(s)  UserBridge.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@navy [Certificate Authority]:
Email Address(es): bridge@navy
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #7287: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp      
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Navy ROOT CA,O=Navy,C=US
Returned value is 1, expected result is fail
chains.sh: #7288: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der Navy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182851 (0x25714f43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:48:12 2016
            Not After : Mon Jun 28 18:48:12 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f6:31:05:d0:cf:ef:98:22:6e:5c:b5:d5:b8:0c:ca:e7:
                    f9:77:56:52:be:70:1b:94:5e:2a:b3:cf:56:e8:c7:db:
                    a5:5f:58:44:15:16:50:d0:f4:6b:1a:ff:ef:e5:77:d6:
                    3d:09:49:00:c7:4d:5a:68:9d:92:20:75:48:6d:c7:8a:
                    5b:13:81:06:c8:13:57:a3:a1:35:b9:dc:d8:37:6e:f7:
                    9d:16:e1:cc:55:3b:da:98:15:df:9f:37:c7:61:0d:f9:
                    2f:98:53:90:a6:03:80:12:d4:de:61:df:20:c3:c3:9f:
                    20:a3:16:ee:cf:6b:31:80:a8:ae:6d:9c:24:58:a5:45:
                    bb:16:ed:f0:ec:dc:91:e6:8e:91:07:e7:0b:83:8f:b9:
                    52:19:ff:71:48:b8:53:74:6e:d2:20:35:75:3b:e8:ab:
                    db:37:30:ff:19:8d:82:53:82:4c:87:4c:70:69:06:fd:
                    b7:ac:e0:cc:90:e3:a8:a8:55:5b:60:12:69:c2:96:a0:
                    6c:58:36:14:81:e7:e2:06:50:d4:2b:4f:98:a6:8f:bc:
                    40:60:94:ab:45:0e:0c:ee:93:a2:be:f2:5b:97:ad:0c:
                    c4:be:84:2f:fc:d8:2b:5c:b2:d9:90:a6:14:c0:6a:84:
                    32:7d:1e:76:85:a1:18:d9:9e:ed:ce:4a:5c:20:91:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a9:52:fb:fb:c1:f9:da:fa:aa:b1:09:b2:cc:6d:a4:c5:
        58:30:15:df:e8:ad:a8:76:31:14:55:e4:8a:47:98:f3:
        e4:8c:bc:a0:63:2a:60:e7:43:04:a0:bb:35:18:46:10:
        32:39:13:c4:03:55:d4:39:6d:c9:97:f8:20:1e:55:9f:
        80:9b:1f:c3:5c:42:e6:91:f1:41:ee:87:95:21:3c:eb:
        6b:5f:d1:56:5d:fc:53:b1:04:58:18:52:98:91:3e:68:
        13:2a:5b:38:bf:c4:2a:7f:ea:e5:c7:c0:49:c1:8a:12:
        cd:e0:fc:0c:6e:ab:f0:41:94:82:42:8e:df:2d:52:0c:
        e4:bc:ce:f0:34:dc:d1:43:2c:6c:15:2c:15:6a:06:e1:
        02:25:8b:15:64:2d:5a:3a:04:99:73:70:9e:9d:08:23:
        f2:8c:a9:27:d0:3d:1f:b3:c2:43:21:7d:5c:a9:d7:67:
        54:4f:45:70:de:ca:23:13:5a:eb:0c:ff:34:cf:71:d8:
        4c:18:ac:f0:85:6a:f1:52:cb:7d:2f:37:2a:7e:11:e2:
        0f:35:78:b6:02:e5:e4:ae:a0:90:39:18:6a:15:57:41:
        48:78:82:08:4e:18:f3:21:43:40:69:d5:36:38:b4:9c:
        da:6e:30:a6:2d:e3:62:a7:4f:e9:02:e3:37:84:de:81
    Fingerprint (SHA-256):
        E6:CE:54:3F:07:81:8E:8B:A5:41:BA:8D:D1:F7:CA:B3:E7:18:D8:60:E3:FC:22:03:60:71:F5:BF:DA:6F:6B:F6
    Fingerprint (SHA1):
        51:30:13:31:95:F2:8F:8A:1F:56:5A:A9:3D:31:6A:DD:EA:90:B6:DB
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7289: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der Navy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der
vfychain -d ArmyOnlyDB -pp -vv       UserBridge.der BridgeNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182851 (0x25714f43)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 18:48:12 2016
            Not After : Mon Jun 28 18:48:12 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f6:31:05:d0:cf:ef:98:22:6e:5c:b5:d5:b8:0c:ca:e7:
                    f9:77:56:52:be:70:1b:94:5e:2a:b3:cf:56:e8:c7:db:
                    a5:5f:58:44:15:16:50:d0:f4:6b:1a:ff:ef:e5:77:d6:
                    3d:09:49:00:c7:4d:5a:68:9d:92:20:75:48:6d:c7:8a:
                    5b:13:81:06:c8:13:57:a3:a1:35:b9:dc:d8:37:6e:f7:
                    9d:16:e1:cc:55:3b:da:98:15:df:9f:37:c7:61:0d:f9:
                    2f:98:53:90:a6:03:80:12:d4:de:61:df:20:c3:c3:9f:
                    20:a3:16:ee:cf:6b:31:80:a8:ae:6d:9c:24:58:a5:45:
                    bb:16:ed:f0:ec:dc:91:e6:8e:91:07:e7:0b:83:8f:b9:
                    52:19:ff:71:48:b8:53:74:6e:d2:20:35:75:3b:e8:ab:
                    db:37:30:ff:19:8d:82:53:82:4c:87:4c:70:69:06:fd:
                    b7:ac:e0:cc:90:e3:a8:a8:55:5b:60:12:69:c2:96:a0:
                    6c:58:36:14:81:e7:e2:06:50:d4:2b:4f:98:a6:8f:bc:
                    40:60:94:ab:45:0e:0c:ee:93:a2:be:f2:5b:97:ad:0c:
                    c4:be:84:2f:fc:d8:2b:5c:b2:d9:90:a6:14:c0:6a:84:
                    32:7d:1e:76:85:a1:18:d9:9e:ed:ce:4a:5c:20:91:db
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a9:52:fb:fb:c1:f9:da:fa:aa:b1:09:b2:cc:6d:a4:c5:
        58:30:15:df:e8:ad:a8:76:31:14:55:e4:8a:47:98:f3:
        e4:8c:bc:a0:63:2a:60:e7:43:04:a0:bb:35:18:46:10:
        32:39:13:c4:03:55:d4:39:6d:c9:97:f8:20:1e:55:9f:
        80:9b:1f:c3:5c:42:e6:91:f1:41:ee:87:95:21:3c:eb:
        6b:5f:d1:56:5d:fc:53:b1:04:58:18:52:98:91:3e:68:
        13:2a:5b:38:bf:c4:2a:7f:ea:e5:c7:c0:49:c1:8a:12:
        cd:e0:fc:0c:6e:ab:f0:41:94:82:42:8e:df:2d:52:0c:
        e4:bc:ce:f0:34:dc:d1:43:2c:6c:15:2c:15:6a:06:e1:
        02:25:8b:15:64:2d:5a:3a:04:99:73:70:9e:9d:08:23:
        f2:8c:a9:27:d0:3d:1f:b3:c2:43:21:7d:5c:a9:d7:67:
        54:4f:45:70:de:ca:23:13:5a:eb:0c:ff:34:cf:71:d8:
        4c:18:ac:f0:85:6a:f1:52:cb:7d:2f:37:2a:7e:11:e2:
        0f:35:78:b6:02:e5:e4:ae:a0:90:39:18:6a:15:57:41:
        48:78:82:08:4e:18:f3:21:43:40:69:d5:36:38:b4:9c:
        da:6e:30:a6:2d:e3:62:a7:4f:e9:02:e3:37:84:de:81
    Fingerprint (SHA-256):
        E6:CE:54:3F:07:81:8E:8B:A5:41:BA:8D:D1:F7:CA:B3:E7:18:D8:60:E3:FC:22:03:60:71:F5:BF:DA:6F:6B:F6
    Fingerprint (SHA1):
        51:30:13:31:95:F2:8F:8A:1F:56:5A:A9:3D:31:6A:DD:EA:90:B6:DB
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7290: Bridge: Verifying certificate(s)  UserBridge.der BridgeNavy.der with flags -d ArmyOnlyDB -pp       -t Navy.der - PASSED
chains.sh: Creating DB NavyOnlyDB
certutil -N -d NavyOnlyDB -f NavyOnlyDB/dbpasswd
chains.sh: #7291: Bridge: Creating DB NavyOnlyDB  - PASSED
chains.sh: Importing certificate Navy.der to NavyOnlyDB database
certutil -A -n Navy  -t "C,," -d NavyOnlyDB -f NavyOnlyDB/dbpasswd -i Navy.der
chains.sh: #7292: Bridge: Importing certificate Navy.der to NavyOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=User EE,O=User,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #7293: Bridge: Verifying certificate(s)  UserBridge.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. bridge@army [Certificate Authority]:
Email Address(es): bridge@army
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #7294: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp      
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8172: Peer's certificate issuer has been marked as not trusted by the user.
    CN=Army ROOT CA,O=Army,C=US
Returned value is 1, expected result is fail
chains.sh: #7295: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der Army.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182850 (0x25714f42)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:58 2016
            Not After : Mon Jun 28 18:47:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:09:81:59:bb:4a:00:a4:39:68:2b:bd:17:a8:28:20:
                    15:ae:b2:e2:11:45:f6:99:c9:90:b8:4c:bc:35:fd:5a:
                    36:27:3a:1c:47:3a:61:12:74:9e:1e:5b:d8:5c:cd:4c:
                    c7:39:bd:78:86:ac:1b:a6:e0:f2:83:c2:b1:ca:74:9b:
                    23:f4:88:fb:ee:82:f4:67:07:4d:c8:56:af:6a:fb:50:
                    3b:e3:6b:65:2e:ea:25:ed:9c:3e:17:2e:32:66:51:82:
                    49:35:78:76:ac:7a:be:0f:9c:a2:47:88:87:fa:dc:0e:
                    0f:f8:a5:86:d0:b5:2e:a3:fe:58:3a:a3:e4:e9:34:53:
                    2a:8e:87:20:fc:e1:c5:c1:dd:82:b2:6d:a8:4b:88:da:
                    1b:75:ad:c2:b3:06:36:03:73:28:6a:bf:c2:0a:00:1e:
                    52:be:05:4d:4b:ad:4f:a7:2a:ba:96:a1:a3:14:3d:af:
                    53:0e:62:db:6b:6a:89:1e:26:46:20:19:ef:ea:0a:0c:
                    4e:00:f1:64:70:bd:0c:a2:f2:69:72:a7:17:a5:3e:58:
                    59:f1:cf:3b:2d:8f:87:3f:f5:db:ff:ba:19:a2:48:6c:
                    73:c5:0b:b5:a0:34:28:4c:90:04:d2:a3:34:12:96:64:
                    f4:f0:80:48:ce:14:c5:54:8f:3f:7e:05:a7:b8:5c:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:1c:68:d9:10:54:1f:bc:5a:7c:86:26:39:68:fe:b9:
        3d:bb:48:17:c8:8d:a8:78:87:31:0c:5d:0c:70:3f:5c:
        62:f8:cf:cb:da:42:3d:c7:f7:d6:97:dc:cd:75:ba:a9:
        a1:53:03:f3:42:4a:c7:a9:b9:7e:2d:27:21:de:d0:ea:
        39:ef:09:52:58:b7:3c:ec:6a:cf:7e:7e:55:ad:25:f4:
        0d:45:71:13:5f:79:50:2c:1b:8d:92:8c:1a:76:a4:8b:
        e3:72:2c:b7:32:b3:92:68:bd:cf:7c:98:39:8d:d7:84:
        e6:62:ed:7d:aa:59:89:fc:ca:94:04:42:b8:31:89:bb:
        8a:20:c5:cf:96:88:7d:7e:c0:56:73:91:f4:2e:09:a5:
        d9:94:8c:40:20:81:16:e5:ea:40:8e:bf:05:d0:48:b9:
        d1:78:fc:5a:31:2d:a4:35:1e:37:6e:35:75:f0:fb:9b:
        b2:38:5c:3e:cb:bf:08:c8:2a:3d:84:3a:b1:b6:43:08:
        03:8a:ed:f8:c0:e5:7c:cf:73:f2:79:80:11:86:41:84:
        d9:93:9f:a6:c9:6e:fc:b5:c2:26:eb:0f:ea:a1:e2:8c:
        cf:86:3a:44:dd:ca:62:a0:59:b9:c8:c1:35:93:84:aa:
        c6:a0:56:27:df:52:26:24:6d:7e:5c:2d:a1:28:03:fc
    Fingerprint (SHA-256):
        B6:6D:8E:CF:23:47:9E:D3:96:B7:68:A7:0E:D8:92:AA:C3:70:46:38:A9:BD:6E:D7:57:EC:F2:3A:9E:75:AF:0F
    Fingerprint (SHA1):
        EA:E1:C9:E4:01:F7:57:2B:3C:B0:2D:60:37:37:24:14:F6:8D:1E:1B
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7296: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der Army.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der
vfychain -d NavyOnlyDB -pp -vv       UserBridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182850 (0x25714f42)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 18:47:58 2016
            Not After : Mon Jun 28 18:47:58 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:09:81:59:bb:4a:00:a4:39:68:2b:bd:17:a8:28:20:
                    15:ae:b2:e2:11:45:f6:99:c9:90:b8:4c:bc:35:fd:5a:
                    36:27:3a:1c:47:3a:61:12:74:9e:1e:5b:d8:5c:cd:4c:
                    c7:39:bd:78:86:ac:1b:a6:e0:f2:83:c2:b1:ca:74:9b:
                    23:f4:88:fb:ee:82:f4:67:07:4d:c8:56:af:6a:fb:50:
                    3b:e3:6b:65:2e:ea:25:ed:9c:3e:17:2e:32:66:51:82:
                    49:35:78:76:ac:7a:be:0f:9c:a2:47:88:87:fa:dc:0e:
                    0f:f8:a5:86:d0:b5:2e:a3:fe:58:3a:a3:e4:e9:34:53:
                    2a:8e:87:20:fc:e1:c5:c1:dd:82:b2:6d:a8:4b:88:da:
                    1b:75:ad:c2:b3:06:36:03:73:28:6a:bf:c2:0a:00:1e:
                    52:be:05:4d:4b:ad:4f:a7:2a:ba:96:a1:a3:14:3d:af:
                    53:0e:62:db:6b:6a:89:1e:26:46:20:19:ef:ea:0a:0c:
                    4e:00:f1:64:70:bd:0c:a2:f2:69:72:a7:17:a5:3e:58:
                    59:f1:cf:3b:2d:8f:87:3f:f5:db:ff:ba:19:a2:48:6c:
                    73:c5:0b:b5:a0:34:28:4c:90:04:d2:a3:34:12:96:64:
                    f4:f0:80:48:ce:14:c5:54:8f:3f:7e:05:a7:b8:5c:83
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:1c:68:d9:10:54:1f:bc:5a:7c:86:26:39:68:fe:b9:
        3d:bb:48:17:c8:8d:a8:78:87:31:0c:5d:0c:70:3f:5c:
        62:f8:cf:cb:da:42:3d:c7:f7:d6:97:dc:cd:75:ba:a9:
        a1:53:03:f3:42:4a:c7:a9:b9:7e:2d:27:21:de:d0:ea:
        39:ef:09:52:58:b7:3c:ec:6a:cf:7e:7e:55:ad:25:f4:
        0d:45:71:13:5f:79:50:2c:1b:8d:92:8c:1a:76:a4:8b:
        e3:72:2c:b7:32:b3:92:68:bd:cf:7c:98:39:8d:d7:84:
        e6:62:ed:7d:aa:59:89:fc:ca:94:04:42:b8:31:89:bb:
        8a:20:c5:cf:96:88:7d:7e:c0:56:73:91:f4:2e:09:a5:
        d9:94:8c:40:20:81:16:e5:ea:40:8e:bf:05:d0:48:b9:
        d1:78:fc:5a:31:2d:a4:35:1e:37:6e:35:75:f0:fb:9b:
        b2:38:5c:3e:cb:bf:08:c8:2a:3d:84:3a:b1:b6:43:08:
        03:8a:ed:f8:c0:e5:7c:cf:73:f2:79:80:11:86:41:84:
        d9:93:9f:a6:c9:6e:fc:b5:c2:26:eb:0f:ea:a1:e2:8c:
        cf:86:3a:44:dd:ca:62:a0:59:b9:c8:c1:35:93:84:aa:
        c6:a0:56:27:df:52:26:24:6d:7e:5c:2d:a1:28:03:fc
    Fingerprint (SHA-256):
        B6:6D:8E:CF:23:47:9E:D3:96:B7:68:A7:0E:D8:92:AA:C3:70:46:38:A9:BD:6E:D7:57:EC:F2:3A:9E:75:AF:0F
    Fingerprint (SHA1):
        EA:E1:C9:E4:01:F7:57:2B:3C:B0:2D:60:37:37:24:14:F6:8D:1E:1B
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7297: Bridge: Verifying certificate(s)  UserBridge.der BridgeArmy.der with flags -d NavyOnlyDB -pp       -t Army.der - PASSED
chains.sh: Creating DB Root1DB
certutil -N -d Root1DB -f Root1DB/dbpasswd
chains.sh: #7298: MegaBridge_3_2: Creating DB Root1DB  - PASSED
chains.sh: Creating Root CA Root1
certutil -s "CN=Root1 ROOT CA, O=Root1, C=US" -S -n Root1  -t CTu,CTu,CTu -v 600 -x -d Root1DB -1 -2 -5 -f Root1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182855 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7299: MegaBridge_3_2: Creating Root CA Root1  - PASSED
chains.sh: Exporting Root CA Root1.der
certutil -L -d Root1DB -r -n Root1 -o Root1.der
chains.sh: #7300: MegaBridge_3_2: Exporting Root CA Root1.der  - PASSED
chains.sh: Creating DB Root2DB
certutil -N -d Root2DB -f Root2DB/dbpasswd
chains.sh: #7301: MegaBridge_3_2: Creating DB Root2DB  - PASSED
chains.sh: Creating Root CA Root2
certutil -s "CN=Root2 ROOT CA, O=Root2, C=US" -S -n Root2  -t CTu,CTu,CTu -v 600 -x -d Root2DB -1 -2 -5 -f Root2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182856 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7302: MegaBridge_3_2: Creating Root CA Root2  - PASSED
chains.sh: Exporting Root CA Root2.der
certutil -L -d Root2DB -r -n Root2 -o Root2.der
chains.sh: #7303: MegaBridge_3_2: Exporting Root CA Root2.der  - PASSED
chains.sh: Creating DB Root3DB
certutil -N -d Root3DB -f Root3DB/dbpasswd
chains.sh: #7304: MegaBridge_3_2: Creating DB Root3DB  - PASSED
chains.sh: Creating Root CA Root3
certutil -s "CN=Root3 ROOT CA, O=Root3, C=US" -S -n Root3  -t CTu,CTu,CTu -v 600 -x -d Root3DB -1 -2 -5 -f Root3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182857 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7305: MegaBridge_3_2: Creating Root CA Root3  - PASSED
chains.sh: Exporting Root CA Root3.der
certutil -L -d Root3DB -r -n Root3 -o Root3.der
chains.sh: #7306: MegaBridge_3_2: Exporting Root CA Root3.der  - PASSED
chains.sh: Creating DB Root4DB
certutil -N -d Root4DB -f Root4DB/dbpasswd
chains.sh: #7307: MegaBridge_3_2: Creating DB Root4DB  - PASSED
chains.sh: Creating Root CA Root4
certutil -s "CN=Root4 ROOT CA, O=Root4, C=US" -S -n Root4  -t CTu,CTu,CTu -v 600 -x -d Root4DB -1 -2 -5 -f Root4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182858 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7308: MegaBridge_3_2: Creating Root CA Root4  - PASSED
chains.sh: Exporting Root CA Root4.der
certutil -L -d Root4DB -r -n Root4 -o Root4.der
chains.sh: #7309: MegaBridge_3_2: Exporting Root CA Root4.der  - PASSED
chains.sh: Creating DB Root5DB
certutil -N -d Root5DB -f Root5DB/dbpasswd
chains.sh: #7310: MegaBridge_3_2: Creating DB Root5DB  - PASSED
chains.sh: Creating Root CA Root5
certutil -s "CN=Root5 ROOT CA, O=Root5, C=US" -S -n Root5  -t CTu,CTu,CTu -v 600 -x -d Root5DB -1 -2 -5 -f Root5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182859 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7311: MegaBridge_3_2: Creating Root CA Root5  - PASSED
chains.sh: Exporting Root CA Root5.der
certutil -L -d Root5DB -r -n Root5 -o Root5.der
chains.sh: #7312: MegaBridge_3_2: Exporting Root CA Root5.der  - PASSED
chains.sh: Creating DB Root6DB
certutil -N -d Root6DB -f Root6DB/dbpasswd
chains.sh: #7313: MegaBridge_3_2: Creating DB Root6DB  - PASSED
chains.sh: Creating Root CA Root6
certutil -s "CN=Root6 ROOT CA, O=Root6, C=US" -S -n Root6  -t CTu,CTu,CTu -v 600 -x -d Root6DB -1 -2 -5 -f Root6DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182860 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7314: MegaBridge_3_2: Creating Root CA Root6  - PASSED
chains.sh: Exporting Root CA Root6.der
certutil -L -d Root6DB -r -n Root6 -o Root6.der
chains.sh: #7315: MegaBridge_3_2: Exporting Root CA Root6.der  - PASSED
chains.sh: Creating DB Root7DB
certutil -N -d Root7DB -f Root7DB/dbpasswd
chains.sh: #7316: MegaBridge_3_2: Creating DB Root7DB  - PASSED
chains.sh: Creating Root CA Root7
certutil -s "CN=Root7 ROOT CA, O=Root7, C=US" -S -n Root7  -t CTu,CTu,CTu -v 600 -x -d Root7DB -1 -2 -5 -f Root7DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182861 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7317: MegaBridge_3_2: Creating Root CA Root7  - PASSED
chains.sh: Exporting Root CA Root7.der
certutil -L -d Root7DB -r -n Root7 -o Root7.der
chains.sh: #7318: MegaBridge_3_2: Exporting Root CA Root7.der  - PASSED
chains.sh: Creating DB Root8DB
certutil -N -d Root8DB -f Root8DB/dbpasswd
chains.sh: #7319: MegaBridge_3_2: Creating DB Root8DB  - PASSED
chains.sh: Creating Root CA Root8
certutil -s "CN=Root8 ROOT CA, O=Root8, C=US" -S -n Root8  -t CTu,CTu,CTu -v 600 -x -d Root8DB -1 -2 -5 -f Root8DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182862 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7320: MegaBridge_3_2: Creating Root CA Root8  - PASSED
chains.sh: Exporting Root CA Root8.der
certutil -L -d Root8DB -r -n Root8 -o Root8.der
chains.sh: #7321: MegaBridge_3_2: Exporting Root CA Root8.der  - PASSED
chains.sh: Creating DB Root9DB
certutil -N -d Root9DB -f Root9DB/dbpasswd
chains.sh: #7322: MegaBridge_3_2: Creating DB Root9DB  - PASSED
chains.sh: Creating Root CA Root9
certutil -s "CN=Root9 ROOT CA, O=Root9, C=US" -S -n Root9  -t CTu,CTu,CTu -v 600 -x -d Root9DB -1 -2 -5 -f Root9DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182863 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7323: MegaBridge_3_2: Creating Root CA Root9  - PASSED
chains.sh: Exporting Root CA Root9.der
certutil -L -d Root9DB -r -n Root9 -o Root9.der
chains.sh: #7324: MegaBridge_3_2: Exporting Root CA Root9.der  - PASSED
chains.sh: Creating DB Bridge11DB
certutil -N -d Bridge11DB -f Bridge11DB/dbpasswd
chains.sh: #7325: MegaBridge_3_2: Creating DB Bridge11DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge11Req.der
certutil -s "CN=Bridge11 Bridge, O=Bridge11, C=US"  -R -2 -d Bridge11DB -f Bridge11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7326: MegaBridge_3_2: Creating Bridge certifiate request Bridge11Req.der  - PASSED
chains.sh: Creating certficate Bridge11Root1.der signed by Root1
certutil -C -c Root1 -v 60 -d Root1DB -i Bridge11Req.der -o Bridge11Root1.der -f Root1DB/dbpasswd -m 628182864 -7 Bridge11@Root1  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7327: MegaBridge_3_2: Creating certficate Bridge11Root1.der signed by Root1  - PASSED
chains.sh: Importing certificate Bridge11Root1.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7328: MegaBridge_3_2: Importing certificate Bridge11Root1.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root2.der signed by Root2
certutil -C -c Root2 -v 60 -d Root2DB -i Bridge11Req.der -o Bridge11Root2.der -f Root2DB/dbpasswd -m 628182865 -7 Bridge11@Root2  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7329: MegaBridge_3_2: Creating certficate Bridge11Root2.der signed by Root2  - PASSED
chains.sh: Importing certificate Bridge11Root2.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7330: MegaBridge_3_2: Importing certificate Bridge11Root2.der to Bridge11DB database  - PASSED
chains.sh: Creating certficate Bridge11Root3.der signed by Root3
certutil -C -c Root3 -v 60 -d Root3DB -i Bridge11Req.der -o Bridge11Root3.der -f Root3DB/dbpasswd -m 628182866 -7 Bridge11@Root3  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7331: MegaBridge_3_2: Creating certficate Bridge11Root3.der signed by Root3  - PASSED
chains.sh: Importing certificate Bridge11Root3.der to Bridge11DB database
certutil -A -n Bridge11 -t u,u,u -d Bridge11DB -f Bridge11DB/dbpasswd -i Bridge11Root3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7332: MegaBridge_3_2: Importing certificate Bridge11Root3.der to Bridge11DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge11DB database
cmsutil -O -r "Bridge11@Root1,Bridge11@Root2,Bridge11@Root3" -d Bridge11DB > Bridge11.p7
chains.sh: #7333: MegaBridge_3_2: Generating PKCS7 package from Bridge11DB database  - PASSED
chains.sh: Creating DB Bridge12DB
certutil -N -d Bridge12DB -f Bridge12DB/dbpasswd
chains.sh: #7334: MegaBridge_3_2: Creating DB Bridge12DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge12Req.der
certutil -s "CN=Bridge12 Bridge, O=Bridge12, C=US"  -R -2 -d Bridge12DB -f Bridge12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7335: MegaBridge_3_2: Creating Bridge certifiate request Bridge12Req.der  - PASSED
chains.sh: Creating certficate Bridge12Root4.der signed by Root4
certutil -C -c Root4 -v 60 -d Root4DB -i Bridge12Req.der -o Bridge12Root4.der -f Root4DB/dbpasswd -m 628182867 -7 Bridge12@Root4  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7336: MegaBridge_3_2: Creating certficate Bridge12Root4.der signed by Root4  - PASSED
chains.sh: Importing certificate Bridge12Root4.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7337: MegaBridge_3_2: Importing certificate Bridge12Root4.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root5.der signed by Root5
certutil -C -c Root5 -v 60 -d Root5DB -i Bridge12Req.der -o Bridge12Root5.der -f Root5DB/dbpasswd -m 628182868 -7 Bridge12@Root5  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7338: MegaBridge_3_2: Creating certficate Bridge12Root5.der signed by Root5  - PASSED
chains.sh: Importing certificate Bridge12Root5.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root5.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7339: MegaBridge_3_2: Importing certificate Bridge12Root5.der to Bridge12DB database  - PASSED
chains.sh: Creating certficate Bridge12Root6.der signed by Root6
certutil -C -c Root6 -v 60 -d Root6DB -i Bridge12Req.der -o Bridge12Root6.der -f Root6DB/dbpasswd -m 628182869 -7 Bridge12@Root6  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7340: MegaBridge_3_2: Creating certficate Bridge12Root6.der signed by Root6  - PASSED
chains.sh: Importing certificate Bridge12Root6.der to Bridge12DB database
certutil -A -n Bridge12 -t u,u,u -d Bridge12DB -f Bridge12DB/dbpasswd -i Bridge12Root6.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7341: MegaBridge_3_2: Importing certificate Bridge12Root6.der to Bridge12DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge12DB database
cmsutil -O -r "Bridge12@Root4,Bridge12@Root5,Bridge12@Root6" -d Bridge12DB > Bridge12.p7
chains.sh: #7342: MegaBridge_3_2: Generating PKCS7 package from Bridge12DB database  - PASSED
chains.sh: Creating DB Bridge13DB
certutil -N -d Bridge13DB -f Bridge13DB/dbpasswd
chains.sh: #7343: MegaBridge_3_2: Creating DB Bridge13DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge13Req.der
certutil -s "CN=Bridge13 Bridge, O=Bridge13, C=US"  -R -2 -d Bridge13DB -f Bridge13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7344: MegaBridge_3_2: Creating Bridge certifiate request Bridge13Req.der  - PASSED
chains.sh: Creating certficate Bridge13Root7.der signed by Root7
certutil -C -c Root7 -v 60 -d Root7DB -i Bridge13Req.der -o Bridge13Root7.der -f Root7DB/dbpasswd -m 628182870 -7 Bridge13@Root7  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7345: MegaBridge_3_2: Creating certficate Bridge13Root7.der signed by Root7  - PASSED
chains.sh: Importing certificate Bridge13Root7.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root7.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7346: MegaBridge_3_2: Importing certificate Bridge13Root7.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root8.der signed by Root8
certutil -C -c Root8 -v 60 -d Root8DB -i Bridge13Req.der -o Bridge13Root8.der -f Root8DB/dbpasswd -m 628182871 -7 Bridge13@Root8  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7347: MegaBridge_3_2: Creating certficate Bridge13Root8.der signed by Root8  - PASSED
chains.sh: Importing certificate Bridge13Root8.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root8.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7348: MegaBridge_3_2: Importing certificate Bridge13Root8.der to Bridge13DB database  - PASSED
chains.sh: Creating certficate Bridge13Root9.der signed by Root9
certutil -C -c Root9 -v 60 -d Root9DB -i Bridge13Req.der -o Bridge13Root9.der -f Root9DB/dbpasswd -m 628182872 -7 Bridge13@Root9  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7349: MegaBridge_3_2: Creating certficate Bridge13Root9.der signed by Root9  - PASSED
chains.sh: Importing certificate Bridge13Root9.der to Bridge13DB database
certutil -A -n Bridge13 -t u,u,u -d Bridge13DB -f Bridge13DB/dbpasswd -i Bridge13Root9.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7350: MegaBridge_3_2: Importing certificate Bridge13Root9.der to Bridge13DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge13DB database
cmsutil -O -r "Bridge13@Root7,Bridge13@Root8,Bridge13@Root9" -d Bridge13DB > Bridge13.p7
chains.sh: #7351: MegaBridge_3_2: Generating PKCS7 package from Bridge13DB database  - PASSED
chains.sh: Creating DB Bridge21DB
certutil -N -d Bridge21DB -f Bridge21DB/dbpasswd
chains.sh: #7352: MegaBridge_3_2: Creating DB Bridge21DB  - PASSED
chains.sh: Creating Bridge certifiate request Bridge21Req.der
certutil -s "CN=Bridge21 Bridge, O=Bridge21, C=US"  -R -2 -d Bridge21DB -f Bridge21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o Bridge21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7353: MegaBridge_3_2: Creating Bridge certifiate request Bridge21Req.der  - PASSED
chains.sh: Creating certficate Bridge21Bridge11.der signed by Bridge11
certutil -C -c Bridge11 -v 60 -d Bridge11DB -i Bridge21Req.der -o Bridge21Bridge11.der -f Bridge11DB/dbpasswd -m 628182873 -7 Bridge21@Bridge11  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7354: MegaBridge_3_2: Creating certficate Bridge21Bridge11.der signed by Bridge11  - PASSED
chains.sh: Importing certificate Bridge21Bridge11.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge11.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7355: MegaBridge_3_2: Importing certificate Bridge21Bridge11.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge12.der signed by Bridge12
certutil -C -c Bridge12 -v 60 -d Bridge12DB -i Bridge21Req.der -o Bridge21Bridge12.der -f Bridge12DB/dbpasswd -m 628182874 -7 Bridge21@Bridge12  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7356: MegaBridge_3_2: Creating certficate Bridge21Bridge12.der signed by Bridge12  - PASSED
chains.sh: Importing certificate Bridge21Bridge12.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7357: MegaBridge_3_2: Importing certificate Bridge21Bridge12.der to Bridge21DB database  - PASSED
chains.sh: Creating certficate Bridge21Bridge13.der signed by Bridge13
certutil -C -c Bridge13 -v 60 -d Bridge13DB -i Bridge21Req.der -o Bridge21Bridge13.der -f Bridge13DB/dbpasswd -m 628182875 -7 Bridge21@Bridge13  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7358: MegaBridge_3_2: Creating certficate Bridge21Bridge13.der signed by Bridge13  - PASSED
chains.sh: Importing certificate Bridge21Bridge13.der to Bridge21DB database
certutil -A -n Bridge21 -t u,u,u -d Bridge21DB -f Bridge21DB/dbpasswd -i Bridge21Bridge13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7359: MegaBridge_3_2: Importing certificate Bridge21Bridge13.der to Bridge21DB database  - PASSED
chains.sh: Generating PKCS7 package from Bridge21DB database
cmsutil -O -r "Bridge21@Bridge11,Bridge21@Bridge12,Bridge21@Bridge13" -d Bridge21DB > Bridge21.p7
chains.sh: #7360: MegaBridge_3_2: Generating PKCS7 package from Bridge21DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7361: MegaBridge_3_2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7362: MegaBridge_3_2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge21.der signed by Bridge21
certutil -C -c Bridge21 -v 60 -d Bridge21DB -i CA1Req.der -o CA1Bridge21.der -f Bridge21DB/dbpasswd -m 628182876   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7363: MegaBridge_3_2: Creating certficate CA1Bridge21.der signed by Bridge21  - PASSED
chains.sh: Importing certificate CA1Bridge21.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge21.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7364: MegaBridge_3_2: Importing certificate CA1Bridge21.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7365: MegaBridge_3_2: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7366: MegaBridge_3_2: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182877   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7367: MegaBridge_3_2: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7368: MegaBridge_3_2: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der  -t Root1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182855 (0x25714f47)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root1 ROOT CA,O=Root1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:48:55 2016
            Not After : Mon Jun 28 18:48:55 2066
        Subject: "CN=Root1 ROOT CA,O=Root1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cf:7e:26:4e:39:6f:67:fd:db:e5:6d:b5:f1:43:bb:f3:
                    7d:90:cc:52:39:26:a3:da:71:06:23:9b:a2:06:f7:0a:
                    d6:62:1d:e8:0c:1a:38:7b:3c:20:61:f4:e0:16:6d:98:
                    bb:33:3c:52:0a:b5:9c:0a:cc:0a:de:28:4f:38:bf:6f:
                    35:0f:2a:63:60:26:1f:d7:40:00:0b:c3:30:90:9c:b9:
                    63:64:fe:3c:6d:8c:1c:3e:ad:b0:99:8c:27:16:95:68:
                    2e:1f:d4:ed:33:4a:bd:17:09:c8:b6:31:49:e8:0b:df:
                    cb:c9:21:95:c2:c1:4d:98:7f:8f:c2:78:44:56:2a:5e:
                    50:99:ce:57:18:f9:ab:d3:0f:fa:a8:0c:aa:5e:18:50:
                    1c:f9:ec:27:39:8c:22:f8:6d:db:f6:ad:9c:cf:77:78:
                    a6:c0:cb:7c:27:0c:ae:39:83:1e:81:73:64:55:d1:54:
                    78:b3:05:c4:ff:35:16:af:eb:00:5f:cd:e1:cd:e2:95:
                    fd:fa:e7:9c:d4:11:5a:7a:91:f0:6b:91:0f:f4:a7:8b:
                    2a:2b:8b:d4:69:8d:8e:1a:18:cc:70:c2:50:d1:94:02:
                    ff:69:0d:37:eb:66:f0:b8:07:18:45:a3:69:84:e9:7f:
                    71:3e:86:bc:a4:32:2c:c0:de:f9:18:d4:d1:12:ea:67
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        70:b8:a3:f9:ee:59:3b:2c:71:28:f8:28:16:e4:da:d8:
        9a:f2:5a:08:90:c6:9f:05:70:98:e7:43:02:cc:c8:45:
        33:ef:55:09:51:a4:95:c3:bc:2e:f6:81:79:10:23:2a:
        31:70:f0:bd:09:04:62:d4:8b:37:f5:14:0b:b6:57:75:
        5e:5b:d1:3d:07:1c:1a:25:dd:dd:96:fe:c9:d0:d9:ce:
        00:c4:45:99:d5:69:e6:42:14:42:50:92:43:ec:ef:c2:
        5e:76:dc:14:86:85:ac:5a:f2:2f:40:c6:3a:0a:82:80:
        60:c7:e5:25:51:1e:e1:c9:f0:96:cb:57:8e:81:08:83:
        fd:c0:0c:8b:fb:3a:cb:98:82:09:9a:0c:07:e7:5c:ed:
        c5:a2:5a:46:39:c2:3f:5e:0f:91:30:92:12:e5:ec:51:
        51:b1:9a:86:f1:9b:12:aa:1e:21:b7:29:46:a9:fa:da:
        dc:76:67:e8:13:1b:3c:a1:d9:15:ed:6a:5f:37:92:3e:
        9c:e6:f2:bc:1e:ba:81:47:a8:12:99:4f:05:23:8b:30:
        be:ac:e4:37:25:43:e0:3c:39:69:9b:43:c8:9c:ce:b9:
        38:00:e7:a2:19:5b:10:60:e7:ce:00:f7:09:6b:fd:af:
        1c:de:cf:6b:84:1b:68:b2:33:01:c7:0c:b9:15:7a:56
    Fingerprint (SHA-256):
        45:CE:9E:6F:02:95:B7:1A:CE:42:5C:B7:B1:D2:FE:95:F8:85:45:20:12:F6:69:E0:0E:69:B9:C2:7D:58:A0:2E
    Fingerprint (SHA1):
        12:CF:20:86:52:D4:26:25:7E:4A:DF:2B:AE:A3:69:FF:82:4F:DE:A0
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #7369: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root1.der with flags -d EE1DB -pp       -t Root1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der  -t Root2.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182856 (0x25714f48)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root2 ROOT CA,O=Root2,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:03 2016
            Not After : Mon Jun 28 18:49:03 2066
        Subject: "CN=Root2 ROOT CA,O=Root2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:47:d0:4d:6d:c4:c7:98:02:15:46:26:81:53:b2:58:
                    56:69:65:ad:fa:74:91:cd:b9:c5:c4:f2:f2:bd:b3:94:
                    09:71:06:d7:da:25:f4:da:ff:fe:41:aa:b8:ce:fc:e0:
                    f8:25:1d:64:e8:01:f0:d3:37:0a:cc:5b:94:17:50:35:
                    e5:55:37:40:d6:cc:4a:bf:4b:3a:5f:a1:df:fc:6c:78:
                    56:cb:9a:3b:26:e7:cb:72:d7:f7:90:54:67:95:63:45:
                    34:0a:ac:46:2d:bb:aa:6b:48:fe:12:1c:fb:f4:2d:f5:
                    15:8a:b5:a6:6c:66:c4:ae:05:95:15:8d:06:70:15:9a:
                    24:4c:05:df:a3:a6:ca:29:1a:90:ee:2a:de:b4:c3:af:
                    1b:64:ff:b0:e6:4c:f6:75:99:69:42:f0:b9:cb:95:94:
                    52:f5:41:5a:6a:6c:5c:ef:e1:43:d0:c6:e8:3f:af:48:
                    2a:25:a7:c8:b8:01:d6:27:a2:a8:c0:6b:dd:36:42:70:
                    23:03:dd:e0:07:bf:f8:8f:c8:52:5f:55:9f:6a:a7:64:
                    3e:f9:b5:7d:7c:b7:e5:71:e0:ce:e1:9e:6e:81:6f:b8:
                    ab:21:2e:e5:28:a4:84:03:be:65:16:2d:a9:fe:da:44:
                    ce:fa:ef:f3:0c:1c:a8:8f:6e:64:8d:68:88:d7:65:61
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:fd:59:f3:14:f3:80:72:8e:ab:7b:4f:53:37:39:41:
        47:d2:09:cd:44:ae:e9:bb:da:a7:a6:45:a8:cd:91:c0:
        95:bc:89:90:f8:c1:e6:eb:e6:bb:37:bf:46:31:d8:65:
        52:c7:7a:a8:cf:3a:ed:aa:02:e0:40:2e:e8:e0:08:24:
        34:e3:02:32:39:18:d1:a4:53:06:cd:09:9a:b3:8c:4c:
        c1:a6:3a:2d:db:94:98:2f:a2:fe:0d:ad:5b:f4:b1:73:
        34:be:6c:98:20:6d:a0:d7:17:e7:13:a3:2c:d7:52:78:
        0c:e9:a5:18:c4:aa:7e:8d:78:81:1b:ff:a7:19:68:f9:
        87:54:57:8b:80:29:04:a0:22:92:c4:90:7c:5b:c0:a5:
        b1:3d:df:d9:81:30:53:ee:08:c0:6f:17:cb:26:75:d7:
        1e:65:8a:fd:e1:56:f7:2c:92:ef:89:4d:b8:41:4a:7a:
        07:c4:b8:5a:93:3d:50:a8:89:4d:5a:fa:1f:5e:4e:29:
        c6:f9:7d:9e:67:99:95:98:1a:7a:a9:bd:ae:d6:d5:ae:
        77:c1:6c:38:c4:67:a1:46:e0:bf:9b:ea:14:fe:68:83:
        76:04:dd:f3:f8:2c:71:06:63:b4:69:2a:a3:03:00:ea:
        82:cb:47:81:1e:d2:cf:2f:31:61:f4:60:1b:e3:fe:1a
    Fingerprint (SHA-256):
        69:E8:D0:08:CB:A1:BA:03:3A:CF:C1:85:37:F3:2B:1D:73:E3:70:D2:CB:43:77:E7:6E:E7:89:2A:F9:9E:7B:30
    Fingerprint (SHA1):
        D1:9C:19:95:90:1E:9B:E7:2A:63:FF:31:CB:2C:18:78:D2:2F:BA:BD
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #7370: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root2.der with flags -d EE1DB -pp       -t Root2.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der  -t Root3.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182857 (0x25714f49)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root3 ROOT CA,O=Root3,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:11 2016
            Not After : Mon Jun 28 18:49:11 2066
        Subject: "CN=Root3 ROOT CA,O=Root3,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dc:8f:1b:89:cc:26:0a:80:ed:c2:7b:4c:51:57:db:d9:
                    03:50:a4:f5:71:e8:93:01:16:40:04:d8:c3:5f:dd:b9:
                    73:2b:1b:26:d7:a5:30:02:83:d0:3d:57:14:02:d5:61:
                    4b:15:b4:8e:47:4d:3e:4d:fb:f2:cc:07:31:c7:e8:a0:
                    aa:33:99:da:71:f9:38:e0:17:f6:d8:6e:56:b1:6b:1b:
                    af:d6:ca:4c:2c:01:85:49:fd:ae:65:b9:7a:1d:c9:d4:
                    22:f4:31:f7:e1:80:97:bb:f9:a2:a2:8f:3e:15:36:f9:
                    71:c5:f0:44:1b:f1:c9:2f:e2:7e:c4:5f:76:ab:17:23:
                    ab:68:bc:bc:da:61:c8:ae:db:a6:11:45:6e:7a:49:44:
                    fe:45:17:95:2b:75:c6:40:c4:03:85:57:9b:80:eb:f3:
                    b1:c2:b8:aa:b0:62:4f:46:2a:d4:37:df:5e:83:19:c3:
                    2b:7b:f2:23:d8:b3:80:1a:d2:a2:49:13:f1:cc:20:ba:
                    95:4f:a1:cb:f7:4d:d9:81:a7:38:4b:c3:4e:9a:b6:0d:
                    4e:8c:23:bb:eb:49:a6:ea:a8:cf:bd:d7:6a:0b:cc:5e:
                    27:a0:59:35:84:79:73:6d:c8:84:15:82:60:99:c6:0b:
                    1f:98:be:35:1c:83:9b:78:69:de:64:42:11:4c:cf:97
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        a4:61:a8:42:c1:8a:2a:4b:81:f8:87:f4:91:e1:99:fe:
        6f:1f:18:4c:30:4f:e0:8c:1c:42:82:59:c3:70:25:17:
        9e:f2:72:c5:8e:67:69:ba:90:ed:07:96:bc:30:e8:d7:
        23:cd:f6:d0:37:a6:a3:12:8b:eb:94:32:ad:9a:e4:38:
        b2:9b:52:b4:92:37:73:e4:51:6f:98:0d:1b:c9:d9:b9:
        f9:25:6c:33:cb:cb:a0:0a:6b:82:b2:23:32:f1:07:b4:
        d9:1d:b1:26:05:97:5f:8e:15:ca:0c:2f:98:d8:91:a9:
        6b:d6:67:69:38:16:fc:45:b1:ac:b6:11:f8:f2:45:fb:
        16:03:9a:07:31:27:b4:0b:d1:ed:cb:a9:5c:d7:c5:3d:
        02:49:42:4d:a5:93:74:f4:22:34:20:01:8a:0e:8d:a9:
        ac:a9:46:dc:01:b7:7e:2a:5d:54:e0:ed:55:19:e1:b2:
        e6:e3:22:3d:d9:d8:58:f3:dc:5e:a8:e2:95:6a:0a:90:
        b3:2b:19:65:02:f0:08:df:e3:20:49:3d:84:de:93:63:
        34:c8:6c:b2:60:66:32:d0:c5:0d:c3:b6:ac:20:1d:68:
        9d:7b:c7:6f:1b:dd:d6:57:24:a2:b0:81:6a:0f:37:b0:
        9d:10:0f:f1:81:6f:86:d1:54:5f:9c:b3:5a:47:7b:27
    Fingerprint (SHA-256):
        2C:4E:22:19:73:29:6D:AF:20:64:A6:60:7A:ED:96:A9:A1:A2:E6:A1:DE:12:B5:E8:B6:3A:FE:4E:45:05:2E:9C
    Fingerprint (SHA1):
        1E:53:D5:A3:BF:CC:FC:E1:98:20:14:7E:D2:9E:EC:BA:E8:69:96:74
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge11 Bridge,O=Bridge11,C=US"
Returned value is 0, expected result is pass
chains.sh: #7371: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge11.der Bridge11Root3.der with flags -d EE1DB -pp       -t Root3.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der  -t Root4.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182858 (0x25714f4a)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root4 ROOT CA,O=Root4,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:15 2016
            Not After : Mon Jun 28 18:49:15 2066
        Subject: "CN=Root4 ROOT CA,O=Root4,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e1:da:06:38:53:81:06:13:0f:50:43:12:2b:73:99:5e:
                    b2:14:3b:30:2f:7e:e8:8d:67:bd:13:d6:e1:b2:11:82:
                    27:71:50:5f:ff:14:14:7c:48:3a:c1:e3:fd:78:d5:a5:
                    d0:bc:81:57:00:da:bb:79:d6:71:01:e0:8a:bf:3d:70:
                    6f:a6:96:c3:a5:15:0f:60:f4:48:e1:3d:b0:10:4f:87:
                    77:d3:42:b4:ca:c7:db:14:f3:ef:d7:fd:8e:22:e7:a8:
                    b9:2f:c5:eb:61:cb:5d:b6:4f:4f:63:b0:57:e4:09:f6:
                    dd:39:1d:be:c0:e5:03:8a:17:23:58:3e:20:bc:4a:55:
                    3c:f7:47:95:7b:6b:25:5a:82:41:a0:dd:33:92:ec:fb:
                    01:e5:ad:74:ad:b9:cf:6d:fa:c9:17:e1:b3:35:ec:26:
                    49:c6:41:a2:10:a1:0f:e4:b2:12:e8:2a:94:0b:a9:58:
                    b7:22:9c:75:6a:03:3b:56:f7:ea:75:c2:7d:79:22:95:
                    f8:91:a1:ff:29:b8:6c:27:76:34:26:bd:c8:fa:18:9b:
                    b9:c5:8c:2d:05:18:1b:9d:f3:69:60:24:c8:16:04:fb:
                    5c:d3:20:93:bf:84:b6:9c:0a:fa:e8:43:4c:7d:78:2a:
                    d4:65:59:2b:fb:9d:3a:5e:de:9c:0b:e2:60:b9:b4:f9
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        59:c5:df:2c:68:69:31:28:05:9a:fa:93:cb:7d:51:07:
        81:ba:b0:bc:ea:55:bc:9a:c2:e2:b4:10:17:2e:0c:03:
        4c:d2:30:73:36:84:96:8d:c7:b9:4f:d4:c6:57:a0:be:
        be:d1:67:2b:55:c2:57:94:46:2f:0e:0f:47:c1:41:dd:
        fb:6c:86:41:2a:b5:f1:98:19:84:a6:d4:7c:11:71:f0:
        aa:75:6f:3d:a1:42:14:f9:91:21:02:db:de:5e:89:c5:
        30:88:1e:0d:65:91:12:8b:c1:28:9c:b4:93:3b:2b:02:
        85:63:70:48:4d:40:a3:f2:93:90:38:6a:cd:1e:b8:25:
        c8:78:27:23:14:43:bc:6e:31:fa:39:ff:c9:3a:07:7f:
        2d:59:7c:26:9e:28:15:cc:5e:39:4e:24:ec:a4:f1:f3:
        74:0b:3a:05:79:11:09:6c:c6:b3:42:8b:2a:ad:c3:7d:
        00:e7:10:c1:e5:07:e6:d1:4e:8a:4e:bf:ba:e5:45:2f:
        81:45:27:61:47:33:4b:3d:d3:cf:91:89:ac:48:31:db:
        ea:ba:47:28:69:1a:5d:1b:04:03:17:d7:f2:f9:ce:23:
        4e:0f:9e:f3:b6:43:54:68:0b:d9:23:80:df:d5:6e:14:
        ee:76:89:99:cc:ae:4c:14:d3:62:e0:d3:b0:92:d7:8a
    Fingerprint (SHA-256):
        E9:71:15:71:D9:6F:88:E0:EC:7F:14:21:3A:0D:48:4F:92:D2:03:2F:B8:8C:29:07:5F:4C:7D:95:0C:8A:FA:4D
    Fingerprint (SHA1):
        A3:82:B8:5A:61:69:CB:C9:59:72:D6:F6:D2:84:53:3B:92:4C:F4:E4
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #7372: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root4.der with flags -d EE1DB -pp       -t Root4.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der  -t Root5.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182859 (0x25714f4b)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root5 ROOT CA,O=Root5,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:21 2016
            Not After : Mon Jun 28 18:49:21 2066
        Subject: "CN=Root5 ROOT CA,O=Root5,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d3:85:cd:2e:e6:c4:7c:09:bd:6d:5f:15:7c:e3:27:95:
                    20:55:ad:e7:60:1d:0f:4d:c5:93:f9:c3:b2:6b:aa:b4:
                    17:ad:97:62:d2:c7:68:50:0f:9a:be:bf:07:0d:1d:73:
                    fb:32:ae:9f:d9:49:4b:a3:be:46:0d:98:cb:93:7c:a0:
                    d0:a3:a1:e2:0f:88:30:09:5c:fb:2f:cb:e0:7e:9a:6d:
                    c2:1d:1b:82:7d:83:85:ef:2a:57:82:d1:7e:c1:ff:02:
                    29:db:00:b6:c5:e6:ab:18:81:16:4c:cf:a0:9a:36:dc:
                    2f:98:81:89:08:3e:73:e8:71:54:99:a3:63:51:ef:cc:
                    21:83:fe:30:cb:64:0a:ec:14:a3:5a:2d:cb:08:8b:51:
                    ed:22:89:ae:76:30:7a:6e:a1:ff:3b:fe:00:53:11:c2:
                    8a:87:57:cf:9e:f4:3e:23:29:2e:61:8d:d5:0a:3a:49:
                    d1:13:14:83:57:23:0b:43:ec:08:76:c0:22:4c:ed:b2:
                    c4:32:55:c3:df:e4:be:98:fd:d2:47:ba:09:66:d1:68:
                    b7:b1:ac:ce:45:64:a9:e3:4e:e0:28:4b:ae:d7:b4:0c:
                    f6:5a:24:9a:e1:66:30:fd:33:fe:8a:32:81:99:3d:5c:
                    cd:01:0e:c5:67:47:ed:99:f3:53:df:5c:1d:79:8a:65
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        37:ef:07:a0:55:32:21:af:8a:cb:80:12:e0:a3:34:c5:
        49:94:d9:18:12:17:a3:96:2f:47:03:94:8f:49:ef:08:
        70:b8:e1:bc:9f:c5:b2:75:6b:14:be:82:af:e9:7d:a4:
        a7:28:01:a7:67:d8:e4:90:b3:c4:3f:ed:cc:6a:96:2f:
        cb:25:b2:d5:f9:74:93:a6:64:26:5f:6d:ae:51:98:93:
        03:0f:9f:c3:e0:ec:23:37:30:b7:60:1b:2d:00:d2:27:
        0a:b9:36:6b:e7:f7:59:15:89:53:76:b3:44:21:17:a9:
        ae:83:48:7d:59:6e:c6:58:2d:40:cd:20:b3:7c:4a:67:
        e8:d1:a0:c3:ad:2b:93:93:e1:ed:50:bb:9c:c7:ae:6a:
        2f:e2:d8:56:8b:db:40:41:3d:7a:fc:19:83:9a:34:a3:
        92:3b:cd:32:7f:65:f3:20:f5:c7:32:2e:d8:b1:eb:10:
        9f:38:75:a7:03:d7:5d:76:6f:6a:a7:6c:7b:58:34:4e:
        63:ff:ba:88:de:08:dc:c4:b3:6d:46:2f:53:16:98:15:
        bd:fb:b6:41:15:a5:e6:de:7e:02:ef:2b:57:03:6f:64:
        4b:20:70:83:f4:5a:90:9e:80:d8:33:bb:e6:01:ee:f5:
        6c:25:e5:e2:b7:33:18:4d:f9:d4:8c:de:59:91:6f:c7
    Fingerprint (SHA-256):
        2C:1D:C8:B8:3C:6B:B2:2C:86:AF:CF:54:71:59:7D:FE:67:4D:75:FA:78:F3:16:A0:9A:87:B9:07:74:69:4C:FF
    Fingerprint (SHA1):
        B8:6D:BB:C9:02:52:BA:F5:1C:8D:8A:76:A8:73:14:99:1C:E5:50:9C
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #7373: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root5.der with flags -d EE1DB -pp       -t Root5.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der  -t Root6.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182860 (0x25714f4c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root6 ROOT CA,O=Root6,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:26 2016
            Not After : Mon Jun 28 18:49:26 2066
        Subject: "CN=Root6 ROOT CA,O=Root6,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a6:31:63:1f:0a:0e:34:7b:38:c0:14:9e:43:46:65:ad:
                    7c:91:0b:19:e2:49:fb:34:8b:10:98:3b:22:45:12:c3:
                    64:26:8e:7b:9d:2b:da:8a:4f:df:65:d7:52:67:ad:d4:
                    a4:e1:c8:cb:c1:b0:c3:fb:99:50:9a:e0:1e:d1:60:93:
                    bb:9d:24:42:00:97:11:0e:ff:74:af:b4:2f:ec:ad:49:
                    57:eb:fb:78:97:36:a2:80:94:40:b2:1d:f7:a1:f6:2f:
                    51:86:0b:08:79:85:84:f6:96:2b:52:4e:b5:21:6c:6b:
                    7b:4a:09:ef:0b:12:88:13:25:20:13:23:c1:f6:6d:c9:
                    21:e0:5b:2d:f9:3c:9a:e0:cd:e9:08:c3:35:ec:cb:00:
                    98:8b:dd:ed:4a:01:37:fc:01:6c:3c:cf:5b:03:fc:c5:
                    22:11:95:88:3c:0f:40:e5:19:c6:02:79:5b:f2:37:d6:
                    3f:94:4b:75:b7:ab:d2:fe:90:d1:e0:f7:ff:5f:85:8b:
                    3c:07:21:40:d1:d1:19:0e:fe:c2:a1:0d:80:15:51:d4:
                    4f:a7:f1:34:86:8e:58:80:4b:f8:be:29:e2:0c:b7:a4:
                    c2:da:50:aa:fb:23:9a:3b:a9:48:37:8f:86:23:5a:b6:
                    cc:d8:51:7d:91:94:a5:b3:ce:93:62:06:ad:28:50:bd
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        5c:19:2f:94:b4:de:55:ad:7c:74:bf:a4:6b:da:30:e1:
        fd:40:d5:fb:81:d5:8a:19:cc:00:55:b2:c1:c9:77:58:
        a5:23:e1:88:c8:08:c1:99:46:ab:b9:a3:4b:41:b2:d8:
        94:4e:b4:af:bf:d5:b4:cc:72:10:e5:48:52:35:4a:79:
        b9:85:80:4c:5d:72:04:8f:f9:82:86:ec:af:03:f0:8e:
        e8:10:ac:a6:9d:f8:9c:4e:8e:76:55:08:44:57:1e:82:
        1a:ac:d4:90:e4:a0:b5:e0:8f:07:87:97:f4:2a:37:71:
        18:a6:31:20:13:ce:8f:b9:6c:70:c1:6f:b4:a6:df:a6:
        93:ff:0a:57:fd:21:2f:0d:b0:30:c2:da:91:60:4c:a9:
        b2:0f:05:39:53:06:d0:ea:fe:10:d6:66:32:de:7a:e4:
        9b:30:c0:2d:ff:27:a6:01:3c:26:07:54:0f:6f:f3:74:
        0d:b8:a2:6f:f1:c5:fa:1d:d1:53:23:dc:44:7d:94:31:
        ee:1c:e9:72:21:c1:b5:b8:c6:1a:10:74:01:0d:16:89:
        1e:e4:f2:d5:b3:a7:cb:16:10:03:28:e1:f6:17:9b:1d:
        53:80:56:30:4a:a6:3f:c0:ff:3b:ca:bd:f0:48:82:1a:
        5c:bd:f8:c4:0f:94:f4:08:90:3e:9e:16:77:ef:83:bf
    Fingerprint (SHA-256):
        D4:D7:D9:BA:1F:9B:2C:B6:01:6D:F5:F4:72:87:4B:AD:ED:F9:7B:E8:1E:E5:1D:75:2D:B1:C4:C8:B0:3A:BB:0D
    Fingerprint (SHA1):
        66:31:26:7C:CD:EB:86:C6:CA:C7:BB:0B:DA:C0:B3:28:71:6B:E2:02
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge12 Bridge,O=Bridge12,C=US"
Returned value is 0, expected result is pass
chains.sh: #7374: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge12.der Bridge12Root6.der with flags -d EE1DB -pp       -t Root6.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der  -t Root7.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182861 (0x25714f4d)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root7 ROOT CA,O=Root7,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:34 2016
            Not After : Mon Jun 28 18:49:34 2066
        Subject: "CN=Root7 ROOT CA,O=Root7,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b2:7f:ec:03:8c:4b:68:20:89:52:e7:b1:05:95:06:d3:
                    01:08:d1:2e:99:06:aa:f6:b5:a7:41:26:c2:c8:14:ef:
                    c4:23:1d:a4:c3:04:6f:d5:70:fb:62:97:56:69:3f:0e:
                    04:f1:23:f9:0b:92:58:66:fd:7c:37:63:8c:4b:7c:eb:
                    53:74:e4:19:19:11:85:dd:37:1b:f7:96:42:dd:e2:4d:
                    cd:6f:b4:b9:32:5b:8f:e6:ad:4e:7b:b3:da:d6:60:98:
                    44:38:ea:b7:9e:85:68:4a:53:df:f2:55:18:8d:df:45:
                    e9:2f:d5:66:e7:78:a7:f1:b6:59:5d:42:9f:36:ce:3d:
                    b3:7e:6b:dd:1d:4e:72:97:05:2f:49:41:cf:ba:05:80:
                    8f:b6:4a:7c:dc:09:87:ed:10:73:25:5c:01:3c:5b:84:
                    f0:76:1e:f3:b8:7e:e0:59:9c:54:a2:28:e8:bb:2f:2a:
                    36:cb:71:01:dc:68:19:3f:43:aa:a5:17:fa:d9:90:5c:
                    fd:e0:f7:91:37:95:52:6b:61:44:69:85:c2:99:f9:5c:
                    de:8d:01:53:a9:6f:37:1b:51:8a:92:35:78:7d:1d:88:
                    fe:1a:9f:8d:69:dc:a7:20:4e:7e:1b:81:4e:0f:71:dd:
                    fb:6f:74:41:a4:05:8b:c1:06:a4:91:26:f6:29:bc:2f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        4c:a9:23:17:a9:82:e8:07:8c:0b:fb:65:63:6f:7b:ad:
        db:e4:00:97:5b:74:2e:10:7f:aa:ae:2e:0a:52:2d:19:
        76:76:ae:2e:f4:b3:2e:64:b0:42:1b:3e:d5:3c:7d:94:
        80:4a:64:62:28:12:c0:a5:b8:1e:95:9c:96:e6:ec:83:
        84:73:da:c6:3a:53:49:e1:6c:31:48:35:37:12:94:a1:
        88:d0:81:52:cf:e9:9d:85:03:15:46:83:f8:28:84:73:
        04:b7:74:5e:0f:24:02:3d:e6:e7:7a:85:63:68:54:f2:
        9c:5b:e2:8a:88:e3:aa:55:e5:dd:e2:2f:96:3a:23:ae:
        7a:e9:9f:96:64:ae:c7:f9:1b:6c:a7:59:31:09:11:51:
        3b:48:31:7a:99:91:f9:38:27:7f:23:94:99:ec:a7:6f:
        fc:cb:db:fa:f5:af:69:f6:2c:35:84:c5:bb:21:a4:56:
        4d:02:f6:b9:a3:69:5c:38:99:72:58:ad:ca:27:17:ab:
        e1:24:42:9b:99:00:7e:c4:88:69:a5:53:39:fd:4a:63:
        fd:57:f9:91:fc:16:c5:27:05:85:b5:6a:c4:1e:7b:63:
        2c:ee:b9:7b:e4:b9:45:aa:70:ec:e8:85:e7:b3:e7:c3:
        7f:f4:65:a2:2b:cd:a6:87:88:00:fb:e2:89:84:b0:24
    Fingerprint (SHA-256):
        80:EA:A6:C7:F3:B1:CC:5D:08:1B:9D:BB:A2:BA:93:6B:56:9A:87:52:49:F6:7A:12:3E:4F:A3:FE:A7:5A:C2:D0
    Fingerprint (SHA1):
        E3:86:3F:FB:52:B5:06:70:E1:9C:3C:CC:01:67:68:70:47:0B:DB:DA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #7375: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root7.der with flags -d EE1DB -pp       -t Root7.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der  -t Root8.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182862 (0x25714f4e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root8 ROOT CA,O=Root8,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:46 2016
            Not After : Mon Jun 28 18:49:46 2066
        Subject: "CN=Root8 ROOT CA,O=Root8,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:3c:ff:4b:f1:7e:b3:f7:8d:c5:c8:7f:a3:0c:37:76:
                    6a:91:dc:ca:5c:d0:af:e2:46:e8:e1:ea:ed:d1:9b:d8:
                    a0:0f:7a:93:e4:ed:fc:05:d6:b6:3b:1a:da:26:fd:8f:
                    c0:a1:90:66:dd:25:27:2a:4c:a6:a1:1a:e5:1f:3e:06:
                    2a:d4:f8:ba:ba:f4:8d:b9:5e:a5:dc:61:5b:2f:4c:4a:
                    ce:0c:8a:0e:9d:f8:cc:f5:4f:a9:90:ba:5a:d9:13:7e:
                    c9:0b:4b:16:7a:8e:a1:7a:f6:36:ad:7c:84:d7:69:7c:
                    19:d4:69:cb:56:1f:a2:f0:65:39:99:7d:1d:68:1e:d8:
                    a7:87:80:d7:66:14:4b:34:b8:10:c1:6d:37:63:dc:be:
                    77:54:43:e6:85:b9:4f:86:9e:dc:00:41:59:75:83:55:
                    ec:db:fb:16:1c:8d:85:ea:f2:3a:93:6c:bc:03:3c:e1:
                    7a:05:bf:b4:da:52:b1:de:c2:da:6c:87:e4:a8:6f:49:
                    fe:62:6d:fe:9c:a8:ac:de:73:d6:11:9e:c4:59:d9:98:
                    69:62:63:ba:6a:f2:7a:8f:ca:42:ec:2e:fc:52:24:7a:
                    53:59:43:e5:7f:96:2a:4d:70:81:2c:f2:e0:5c:8b:9d:
                    e2:fd:b7:3b:f4:be:a5:7c:e6:95:39:bb:80:10:3b:15
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bb:94:69:a4:9a:3a:fd:b4:0e:be:5b:c1:80:70:bc:90:
        e7:07:6b:b0:d1:02:0d:8d:1e:61:ca:ac:94:93:e3:03:
        e7:54:c5:0a:d4:cf:11:ba:66:58:ef:38:9b:2c:26:88:
        eb:52:cb:ad:3a:76:0e:20:ac:a0:a4:17:fc:83:9e:f8:
        a4:d6:35:4f:2d:aa:4a:2e:3f:90:21:e9:8b:c7:32:ab:
        76:9b:d9:85:f4:7c:e0:49:a6:7e:59:6b:b8:b7:98:0d:
        18:a4:c7:30:23:c2:9b:91:5a:af:c7:36:d3:62:41:54:
        aa:49:fe:a2:ef:fa:b8:ed:89:bf:4c:19:61:11:6a:e6:
        e9:11:02:3e:ca:f6:53:97:0b:15:30:10:53:28:c0:bb:
        b9:8b:d1:d6:17:32:dc:18:07:36:ef:99:ce:1e:ca:73:
        38:9c:2d:0c:1c:e5:c5:3e:5a:5d:bb:00:15:05:9b:90:
        d1:b7:57:1e:49:d6:29:a8:67:75:8b:12:c0:62:52:f2:
        59:57:32:e9:bc:81:25:4d:24:cc:fa:c2:0a:d4:18:d5:
        6d:51:d2:cd:61:fc:d7:fd:bf:ea:83:82:99:7b:5e:38:
        8e:ee:ad:ef:e2:c4:9b:b7:a6:ba:40:f1:ce:a1:87:e4:
        08:6c:7d:ed:83:b3:f8:2a:b3:cb:35:b2:a6:aa:c2:32
    Fingerprint (SHA-256):
        5A:0E:FC:69:F9:60:9F:62:93:E5:D3:18:9F:AA:AE:6C:64:23:64:61:27:52:86:32:50:12:D7:7B:7E:61:70:EB
    Fingerprint (SHA1):
        A9:D2:BE:78:91:6B:59:FC:1D:BA:B5:7F:44:29:38:C2:88:DC:1C:00
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #7376: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root8.der with flags -d EE1DB -pp       -t Root8.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der  -t Root9.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182863 (0x25714f4f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root9 ROOT CA,O=Root9,C=US"
        Validity:
            Not Before: Tue Jun 28 18:49:52 2016
            Not After : Mon Jun 28 18:49:52 2066
        Subject: "CN=Root9 ROOT CA,O=Root9,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bf:23:f4:f9:cc:c2:25:a4:95:bb:1a:04:bf:f3:8f:bd:
                    45:d4:93:69:33:a1:db:19:1b:74:14:88:e4:67:79:c2:
                    38:ac:3c:7b:8b:b0:d6:68:a4:3f:14:a8:d3:d9:27:03:
                    a7:66:fe:cb:34:fe:a3:da:f4:fc:5b:94:61:3e:7d:d5:
                    da:9f:98:9f:92:d0:db:aa:09:56:2a:29:c9:87:41:96:
                    4f:2c:29:fb:b9:f5:99:d0:5a:b0:56:c8:a0:fe:14:73:
                    fa:4c:ba:fc:db:63:d8:4b:d2:51:63:e8:b2:4e:1a:d5:
                    f7:56:2d:32:49:97:05:a6:5e:96:b3:fa:06:bd:a8:2e:
                    d8:d9:e5:d2:44:de:ec:46:68:e9:85:ef:83:cd:be:82:
                    7b:83:de:d8:89:f3:0f:50:2a:c1:f7:19:75:3c:bb:03:
                    1f:1a:fb:a1:4d:46:70:ca:16:5e:f2:55:6a:91:eb:73:
                    78:1f:55:24:30:1d:40:73:66:17:13:a4:25:f4:fd:5b:
                    02:16:b3:c1:87:1b:f0:2c:a6:a5:20:8f:b7:b6:d6:49:
                    be:8a:ae:ec:a6:e9:a2:35:0c:c8:ab:3d:aa:90:3a:dd:
                    3d:d6:4f:aa:c1:d9:56:30:8e:d9:bd:7b:47:ff:e2:92:
                    a8:8a:f4:9b:e2:d3:12:30:66:8c:81:80:3c:5d:5f:cf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6b:66:d4:69:72:f3:b9:c3:32:42:6e:c5:bf:2d:c6:71:
        7e:19:9d:e5:43:14:c8:86:18:09:b5:05:76:42:77:84:
        a5:22:51:16:69:f4:c8:c8:ac:92:18:01:2e:df:12:20:
        8e:c6:f1:7d:4e:b0:71:04:41:0e:b4:b1:74:25:56:fc:
        76:55:74:f7:a1:ff:c3:00:d5:de:32:a8:dd:36:da:42:
        16:08:5c:cd:57:23:fe:8d:81:e4:d0:3a:bf:1d:66:b8:
        5e:58:fc:f1:8c:62:3a:f5:5f:e6:af:a8:f6:82:d0:9c:
        1c:49:ed:79:53:e5:e6:b1:13:75:db:6e:da:93:27:81:
        b0:d1:39:44:24:14:bf:20:e3:43:2b:8f:fd:50:85:69:
        60:88:77:ec:97:58:16:8d:ad:df:72:cd:56:97:7c:9d:
        1b:03:6b:2d:99:1b:5c:50:b8:77:21:dd:7f:e3:10:0f:
        ef:62:29:26:ed:dc:68:db:5e:d2:ec:ea:79:52:34:c9:
        3a:4c:8e:da:46:9e:f4:b0:32:f3:57:2d:88:8d:4c:07:
        28:1e:20:09:23:2d:40:a4:6d:c8:c1:6c:64:a4:c8:26:
        4c:2c:b9:b2:0b:41:c0:a1:26:70:e6:00:7d:57:f1:7e:
        c6:42:74:7e:ef:fb:d1:f5:61:f4:eb:4e:f4:e5:eb:03
    Fingerprint (SHA-256):
        05:7A:82:9E:95:15:4D:62:02:34:25:6F:D6:75:DF:23:1A:D5:EF:CA:53:80:43:F5:83:16:2C:4A:08:48:9E:36
    Fingerprint (SHA1):
        C0:94:DC:61:30:51:AC:D2:85:06:A4:7F:EF:80:91:0B:3F:4E:58:07
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge21 Bridge,O=Bridge21,C=US"
Certificate 4 Subject: "CN=Bridge13 Bridge,O=Bridge13,C=US"
Returned value is 0, expected result is pass
chains.sh: #7377: MegaBridge_3_2: Verifying certificate(s)  EE1CA1.der CA1Bridge21.der Bridge21Bridge13.der Bridge13Root9.der with flags -d EE1DB -pp       -t Root9.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7378: Extension: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182878 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7379: Extension: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7380: Extension: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7381: Extension: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7382: Extension: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182879   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7383: Extension: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7384: Extension: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7385: Extension: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7386: Extension: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182880   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7387: Extension: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7388: Extension: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #7389: Extension: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7390: Extension: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182881   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7391: Extension: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7392: Extension: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7393: Extension: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182878 (0x25714f5e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:50:50 2016
            Not After : Mon Jun 28 18:50:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:f4:9e:ba:23:e0:0e:11:0f:d5:4c:54:59:c6:fb:3a:
                    47:97:5e:7a:5c:84:0d:2f:6b:a0:d3:45:ba:40:0c:4e:
                    1e:de:c3:07:e4:4c:31:35:bd:00:39:34:82:f8:76:b7:
                    64:f1:84:d4:33:b9:b2:59:91:75:d8:46:40:76:c5:0f:
                    e3:f0:ba:48:9f:ef:08:80:a6:40:e6:85:b6:d8:f0:72:
                    8c:0a:05:dc:67:ab:9b:93:fd:24:51:be:f5:52:67:8c:
                    00:20:f9:97:34:88:8c:b0:36:39:c6:93:2b:21:e8:bb:
                    12:f5:f4:69:b4:3d:99:be:62:01:b5:58:dd:7e:39:de:
                    8d:1c:4a:58:5e:c1:ed:6d:58:44:3a:85:30:38:74:cf:
                    e6:69:dd:c2:a2:45:83:e5:a6:3a:c4:c7:30:21:90:c6:
                    2f:fa:36:00:9b:01:79:21:29:99:5d:d5:cf:72:bb:fb:
                    1b:42:23:b7:07:0f:00:b8:51:57:70:1d:46:31:8d:df:
                    f5:64:34:09:28:4b:16:bc:3d:ab:dd:fe:23:0e:44:6f:
                    6d:08:78:7b:d7:21:93:ad:b6:60:5a:c8:b7:4d:a8:6a:
                    a3:6a:08:ea:6e:97:2b:2d:bc:d4:50:6f:d8:a9:29:09:
                    ce:9e:fc:71:50:b6:83:e9:8e:7f:8f:97:fe:15:65:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bb:6c:9f:cf:94:be:08:81:bd:ac:00:1d:01:01:50:4c:
        9d:50:6c:59:4b:6b:4a:64:a6:2a:75:55:94:00:a3:a1:
        78:ef:ad:0c:02:9b:aa:41:c6:fc:6f:fb:52:35:56:3e:
        ce:93:aa:79:db:18:50:67:61:aa:46:a7:cc:7a:70:38:
        23:b7:fb:b3:34:59:35:19:78:db:43:56:35:e5:46:d2:
        09:9c:64:14:10:44:31:33:52:b5:9e:f6:cf:3a:d9:07:
        ae:3a:0a:5a:c0:8d:e0:ee:62:8a:bf:ec:81:ce:54:7e:
        1c:8f:64:d6:f5:b1:2e:57:9e:ce:21:28:e9:46:98:b3:
        4b:70:4c:5d:a1:fa:bb:49:4c:9d:df:38:3d:88:71:b5:
        2a:63:f6:ad:16:4a:0e:4d:20:45:e4:d0:d3:03:d3:b7:
        5c:9e:ad:0a:22:3d:20:5f:57:01:f0:06:4f:63:5b:98:
        dd:2f:f3:12:f9:97:c8:96:79:45:4f:09:b7:a3:80:86:
        f6:4f:49:b5:2a:02:5a:63:ad:12:e6:24:c6:f2:e4:c1:
        af:a2:51:42:6a:52:8c:a9:71:c2:e6:e8:8b:20:85:03:
        09:9c:8d:3c:e4:20:a4:5c:9b:ad:30:13:aa:b1:d6:d3:
        31:31:3c:66:15:5c:29:4c:8d:91:82:6a:83:b8:25:4b
    Fingerprint (SHA-256):
        E0:95:5C:3C:63:9E:63:99:3D:D0:A3:04:BC:24:BC:B5:DD:7F:7F:E2:DA:5E:27:0E:FD:AA:7E:00:A0:B4:72:12
    Fingerprint (SHA1):
        61:5D:0E:5D:8D:20:4B:3D:8F:87:F8:D7:1F:2B:30:38:32:70:1E:E8
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7394: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7395: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182879 (0x25714f5f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:03 2016
            Not After : Mon Jun 28 18:51:03 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:71:42:f4:ba:c9:07:bc:2a:e4:f5:a4:8b:af:2a:6e:
                    0e:93:e4:91:52:e8:bc:11:c9:cc:44:3d:65:6f:4b:83:
                    7c:c5:cc:46:49:84:2b:e1:a7:b4:fc:6e:45:cd:e7:0a:
                    83:cc:f9:e3:ef:78:c4:aa:39:32:d1:fd:f7:7f:fe:41:
                    79:60:2e:b9:4b:62:50:50:fe:d8:fa:14:b7:07:f5:b4:
                    40:eb:34:13:40:8f:98:19:15:c6:5d:31:b1:61:7c:46:
                    51:78:53:aa:3c:50:78:2e:03:ef:81:28:cb:ab:65:95:
                    df:98:c2:c4:1d:33:ad:d9:e6:bc:94:56:a9:c8:f9:b6:
                    bc:55:d0:0e:7f:c4:ef:fd:c2:45:f7:66:1f:98:d7:90:
                    be:ad:42:ea:3c:ba:3e:3e:fe:be:6a:e1:17:d2:30:32:
                    5e:ff:32:eb:ba:04:70:f6:2c:e1:27:bf:28:d1:ca:75:
                    40:12:9e:1c:8e:8f:66:86:40:75:f3:b4:c1:8c:6e:29:
                    3b:a0:6f:17:6a:6b:30:62:70:60:8b:c3:61:f3:66:4c:
                    0e:f1:3c:63:4a:0b:16:d9:d4:46:6e:4a:41:53:55:30:
                    0c:24:97:a8:e3:a5:b1:86:ff:62:76:d7:35:ac:4d:b3:
                    19:ec:c0:37:52:7f:05:29:eb:48:88:3e:e1:96:d7:b3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        89:74:c7:49:96:0e:d8:aa:5a:ff:ab:f9:02:6c:22:5e:
        09:c1:b3:24:b5:44:ab:68:4d:64:24:97:97:0a:2e:63:
        58:58:8f:07:b4:3f:e9:de:a2:7a:6b:d2:f3:d8:f7:e0:
        ab:ea:05:87:23:79:1a:e3:71:e4:fd:fa:9b:e1:40:5d:
        17:55:a8:c8:28:07:26:57:eb:36:b7:4b:85:39:ee:93:
        f0:2e:a9:7b:07:d7:1f:20:9b:bf:a7:a6:f0:65:dd:2f:
        ca:af:e9:21:6b:a2:8f:23:da:cd:eb:33:a6:73:b4:e1:
        3e:61:ad:f3:a4:ce:d0:d8:ac:c9:11:0b:53:88:08:bf:
        42:d8:1f:3e:38:8b:74:d9:e5:fc:d7:55:d6:de:06:03:
        96:7e:32:6f:4f:7f:23:39:d3:70:1b:11:c8:06:0e:2f:
        3e:c5:35:a4:80:66:fc:35:81:09:cb:82:e7:c8:a9:9e:
        56:e2:ee:9e:d0:71:b6:c8:05:c5:57:7d:7c:30:2f:66:
        3a:f5:f8:2c:da:30:7f:fc:d3:ed:70:55:49:15:3f:0d:
        5b:a2:db:d6:6b:f6:f3:fa:8b:21:25:1a:b7:9a:9a:38:
        e3:8b:3c:7a:7e:91:99:dd:ac:4d:78:4a:c2:ea:64:97:
        2a:9f:27:0f:51:e4:bd:40:11:dd:6b:cb:d8:fe:c4:e2
    Fingerprint (SHA-256):
        70:1B:8A:79:E5:70:EA:5B:73:F4:4B:C7:B3:6D:C2:E1:E0:C7:C2:9F:99:35:78:60:26:77:88:0D:F9:87:27:49
    Fingerprint (SHA1):
        F3:DF:03:F1:45:0F:52:BB:5A:BF:0F:95:91:EB:4B:9B:C1:30:D6:1A
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7396: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7397: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182880 (0x25714f60)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:07 2016
            Not After : Mon Jun 28 18:51:07 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:b3:40:f0:d7:6a:b2:20:46:ab:d9:e3:ce:95:b5:16:
                    09:f3:ba:7e:74:dc:30:26:2b:b0:fc:63:17:7e:8d:e6:
                    ab:5b:48:40:0c:38:7c:46:9e:07:6a:d8:8a:3b:ce:13:
                    da:39:81:73:59:ab:dc:9f:03:cc:73:ff:c9:8d:1a:aa:
                    cf:a2:87:57:0f:82:6c:7f:5f:32:0d:bf:86:35:b3:5e:
                    c7:ba:a7:2c:dc:a8:a9:a3:0a:d9:94:de:4f:af:fa:94:
                    05:f0:dc:ca:aa:b0:c0:93:cb:99:c9:36:ae:c0:ce:a3:
                    44:75:f8:0f:23:64:8c:4f:70:7b:80:65:7a:e7:4b:34:
                    5b:49:b2:13:75:5a:77:af:25:87:a4:b5:74:ca:f1:86:
                    2c:85:52:02:ee:5f:f6:91:d9:a3:c1:07:19:de:56:83:
                    df:bf:f2:77:e9:a7:c7:85:a0:00:f5:0c:b4:41:dc:03:
                    35:9f:f9:3c:c6:90:3f:8a:10:09:ad:9c:29:a4:15:ae:
                    a9:cf:5d:28:75:0b:0e:33:46:26:77:7a:c1:f0:68:f9:
                    d9:30:ff:d5:cf:18:20:e8:f2:4b:df:40:60:81:b0:f5:
                    2f:6b:0d:82:b7:a8:cc:7c:1d:27:f3:71:10:27:73:85:
                    d5:a3:69:bf:7d:65:21:2c:47:b6:27:59:df:26:76:85
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b0:2b:03:0c:d8:dc:59:77:d1:e8:3c:d8:2a:4b:e3:bb:
        59:8d:7b:d0:db:94:7d:55:bf:5d:8d:11:88:70:0e:9c:
        10:9e:01:af:5c:6f:a9:54:40:d8:36:df:60:6f:b3:c0:
        8b:a7:af:60:15:b2:5d:54:58:5f:25:ae:e5:6e:2a:7b:
        b9:5c:3c:1f:df:db:97:2d:7c:a0:3f:ef:f8:0a:12:19:
        4e:5e:44:6f:ec:b7:56:a8:b6:f0:eb:07:3f:2e:e7:aa:
        93:26:76:a0:ec:f8:30:aa:62:e9:24:d6:3a:b2:97:ad:
        fd:c8:1b:e2:d4:c0:cf:5f:06:48:d9:40:a5:6f:f4:c1:
        10:91:36:42:b0:2e:3e:84:57:4c:f2:db:ae:d0:c0:f4:
        3d:8d:ae:e2:41:0d:a1:b0:ad:32:68:ee:d2:97:97:36:
        62:f0:e5:d9:00:02:f1:bb:4c:c0:f6:ba:13:45:3b:22:
        78:b4:30:49:f2:0f:d5:2e:0a:02:4c:0e:9e:fd:74:e2:
        61:78:46:67:6e:ec:50:0f:23:21:11:bd:1c:42:84:08:
        81:9f:9d:67:b1:76:75:7c:28:65:3c:30:f2:de:2d:2b:
        83:50:8a:e1:58:29:ad:a6:e6:53:ab:26:07:ad:06:24:
        21:12:76:6a:8f:29:f9:dd:e8:38:a8:e8:fc:72:b6:7c
    Fingerprint (SHA-256):
        B4:2B:14:EB:B1:F3:96:EB:2F:D1:EC:08:6B:66:8D:0C:20:E2:98:57:6E:1C:28:BA:4D:7F:16:98:67:9D:A8:12
    Fingerprint (SHA1):
        F4:A5:BE:A1:65:D6:53:E9:92:F4:90:74:39:13:C5:86:C1:3C:EB:3E
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #7398: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7399: Extension: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #7400: Extension: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #7401: Extension: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #7402: Extension: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182878 (0x25714f5e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:50:50 2016
            Not After : Mon Jun 28 18:50:50 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:f4:9e:ba:23:e0:0e:11:0f:d5:4c:54:59:c6:fb:3a:
                    47:97:5e:7a:5c:84:0d:2f:6b:a0:d3:45:ba:40:0c:4e:
                    1e:de:c3:07:e4:4c:31:35:bd:00:39:34:82:f8:76:b7:
                    64:f1:84:d4:33:b9:b2:59:91:75:d8:46:40:76:c5:0f:
                    e3:f0:ba:48:9f:ef:08:80:a6:40:e6:85:b6:d8:f0:72:
                    8c:0a:05:dc:67:ab:9b:93:fd:24:51:be:f5:52:67:8c:
                    00:20:f9:97:34:88:8c:b0:36:39:c6:93:2b:21:e8:bb:
                    12:f5:f4:69:b4:3d:99:be:62:01:b5:58:dd:7e:39:de:
                    8d:1c:4a:58:5e:c1:ed:6d:58:44:3a:85:30:38:74:cf:
                    e6:69:dd:c2:a2:45:83:e5:a6:3a:c4:c7:30:21:90:c6:
                    2f:fa:36:00:9b:01:79:21:29:99:5d:d5:cf:72:bb:fb:
                    1b:42:23:b7:07:0f:00:b8:51:57:70:1d:46:31:8d:df:
                    f5:64:34:09:28:4b:16:bc:3d:ab:dd:fe:23:0e:44:6f:
                    6d:08:78:7b:d7:21:93:ad:b6:60:5a:c8:b7:4d:a8:6a:
                    a3:6a:08:ea:6e:97:2b:2d:bc:d4:50:6f:d8:a9:29:09:
                    ce:9e:fc:71:50:b6:83:e9:8e:7f:8f:97:fe:15:65:13
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        bb:6c:9f:cf:94:be:08:81:bd:ac:00:1d:01:01:50:4c:
        9d:50:6c:59:4b:6b:4a:64:a6:2a:75:55:94:00:a3:a1:
        78:ef:ad:0c:02:9b:aa:41:c6:fc:6f:fb:52:35:56:3e:
        ce:93:aa:79:db:18:50:67:61:aa:46:a7:cc:7a:70:38:
        23:b7:fb:b3:34:59:35:19:78:db:43:56:35:e5:46:d2:
        09:9c:64:14:10:44:31:33:52:b5:9e:f6:cf:3a:d9:07:
        ae:3a:0a:5a:c0:8d:e0:ee:62:8a:bf:ec:81:ce:54:7e:
        1c:8f:64:d6:f5:b1:2e:57:9e:ce:21:28:e9:46:98:b3:
        4b:70:4c:5d:a1:fa:bb:49:4c:9d:df:38:3d:88:71:b5:
        2a:63:f6:ad:16:4a:0e:4d:20:45:e4:d0:d3:03:d3:b7:
        5c:9e:ad:0a:22:3d:20:5f:57:01:f0:06:4f:63:5b:98:
        dd:2f:f3:12:f9:97:c8:96:79:45:4f:09:b7:a3:80:86:
        f6:4f:49:b5:2a:02:5a:63:ad:12:e6:24:c6:f2:e4:c1:
        af:a2:51:42:6a:52:8c:a9:71:c2:e6:e8:8b:20:85:03:
        09:9c:8d:3c:e4:20:a4:5c:9b:ad:30:13:aa:b1:d6:d3:
        31:31:3c:66:15:5c:29:4c:8d:91:82:6a:83:b8:25:4b
    Fingerprint (SHA-256):
        E0:95:5C:3C:63:9E:63:99:3D:D0:A3:04:BC:24:BC:B5:DD:7F:7F:E2:DA:5E:27:0E:FD:AA:7E:00:A0:B4:72:12
    Fingerprint (SHA1):
        61:5D:0E:5D:8D:20:4B:3D:8F:87:F8:D7:1F:2B:30:38:32:70:1E:E8
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7403: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7404: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182879 (0x25714f5f)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:03 2016
            Not After : Mon Jun 28 18:51:03 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    cd:71:42:f4:ba:c9:07:bc:2a:e4:f5:a4:8b:af:2a:6e:
                    0e:93:e4:91:52:e8:bc:11:c9:cc:44:3d:65:6f:4b:83:
                    7c:c5:cc:46:49:84:2b:e1:a7:b4:fc:6e:45:cd:e7:0a:
                    83:cc:f9:e3:ef:78:c4:aa:39:32:d1:fd:f7:7f:fe:41:
                    79:60:2e:b9:4b:62:50:50:fe:d8:fa:14:b7:07:f5:b4:
                    40:eb:34:13:40:8f:98:19:15:c6:5d:31:b1:61:7c:46:
                    51:78:53:aa:3c:50:78:2e:03:ef:81:28:cb:ab:65:95:
                    df:98:c2:c4:1d:33:ad:d9:e6:bc:94:56:a9:c8:f9:b6:
                    bc:55:d0:0e:7f:c4:ef:fd:c2:45:f7:66:1f:98:d7:90:
                    be:ad:42:ea:3c:ba:3e:3e:fe:be:6a:e1:17:d2:30:32:
                    5e:ff:32:eb:ba:04:70:f6:2c:e1:27:bf:28:d1:ca:75:
                    40:12:9e:1c:8e:8f:66:86:40:75:f3:b4:c1:8c:6e:29:
                    3b:a0:6f:17:6a:6b:30:62:70:60:8b:c3:61:f3:66:4c:
                    0e:f1:3c:63:4a:0b:16:d9:d4:46:6e:4a:41:53:55:30:
                    0c:24:97:a8:e3:a5:b1:86:ff:62:76:d7:35:ac:4d:b3:
                    19:ec:c0:37:52:7f:05:29:eb:48:88:3e:e1:96:d7:b3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        89:74:c7:49:96:0e:d8:aa:5a:ff:ab:f9:02:6c:22:5e:
        09:c1:b3:24:b5:44:ab:68:4d:64:24:97:97:0a:2e:63:
        58:58:8f:07:b4:3f:e9:de:a2:7a:6b:d2:f3:d8:f7:e0:
        ab:ea:05:87:23:79:1a:e3:71:e4:fd:fa:9b:e1:40:5d:
        17:55:a8:c8:28:07:26:57:eb:36:b7:4b:85:39:ee:93:
        f0:2e:a9:7b:07:d7:1f:20:9b:bf:a7:a6:f0:65:dd:2f:
        ca:af:e9:21:6b:a2:8f:23:da:cd:eb:33:a6:73:b4:e1:
        3e:61:ad:f3:a4:ce:d0:d8:ac:c9:11:0b:53:88:08:bf:
        42:d8:1f:3e:38:8b:74:d9:e5:fc:d7:55:d6:de:06:03:
        96:7e:32:6f:4f:7f:23:39:d3:70:1b:11:c8:06:0e:2f:
        3e:c5:35:a4:80:66:fc:35:81:09:cb:82:e7:c8:a9:9e:
        56:e2:ee:9e:d0:71:b6:c8:05:c5:57:7d:7c:30:2f:66:
        3a:f5:f8:2c:da:30:7f:fc:d3:ed:70:55:49:15:3f:0d:
        5b:a2:db:d6:6b:f6:f3:fa:8b:21:25:1a:b7:9a:9a:38:
        e3:8b:3c:7a:7e:91:99:dd:ac:4d:78:4a:c2:ea:64:97:
        2a:9f:27:0f:51:e4:bd:40:11:dd:6b:cb:d8:fe:c4:e2
    Fingerprint (SHA-256):
        70:1B:8A:79:E5:70:EA:5B:73:F4:4B:C7:B3:6D:C2:E1:E0:C7:C2:9F:99:35:78:60:26:77:88:0D:F9:87:27:49
    Fingerprint (SHA1):
        F3:DF:03:F1:45:0F:52:BB:5A:BF:0F:95:91:EB:4B:9B:C1:30:D6:1A
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7405: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7406: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182880 (0x25714f60)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:07 2016
            Not After : Mon Jun 28 18:51:07 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    dd:b3:40:f0:d7:6a:b2:20:46:ab:d9:e3:ce:95:b5:16:
                    09:f3:ba:7e:74:dc:30:26:2b:b0:fc:63:17:7e:8d:e6:
                    ab:5b:48:40:0c:38:7c:46:9e:07:6a:d8:8a:3b:ce:13:
                    da:39:81:73:59:ab:dc:9f:03:cc:73:ff:c9:8d:1a:aa:
                    cf:a2:87:57:0f:82:6c:7f:5f:32:0d:bf:86:35:b3:5e:
                    c7:ba:a7:2c:dc:a8:a9:a3:0a:d9:94:de:4f:af:fa:94:
                    05:f0:dc:ca:aa:b0:c0:93:cb:99:c9:36:ae:c0:ce:a3:
                    44:75:f8:0f:23:64:8c:4f:70:7b:80:65:7a:e7:4b:34:
                    5b:49:b2:13:75:5a:77:af:25:87:a4:b5:74:ca:f1:86:
                    2c:85:52:02:ee:5f:f6:91:d9:a3:c1:07:19:de:56:83:
                    df:bf:f2:77:e9:a7:c7:85:a0:00:f5:0c:b4:41:dc:03:
                    35:9f:f9:3c:c6:90:3f:8a:10:09:ad:9c:29:a4:15:ae:
                    a9:cf:5d:28:75:0b:0e:33:46:26:77:7a:c1:f0:68:f9:
                    d9:30:ff:d5:cf:18:20:e8:f2:4b:df:40:60:81:b0:f5:
                    2f:6b:0d:82:b7:a8:cc:7c:1d:27:f3:71:10:27:73:85:
                    d5:a3:69:bf:7d:65:21:2c:47:b6:27:59:df:26:76:85
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        b0:2b:03:0c:d8:dc:59:77:d1:e8:3c:d8:2a:4b:e3:bb:
        59:8d:7b:d0:db:94:7d:55:bf:5d:8d:11:88:70:0e:9c:
        10:9e:01:af:5c:6f:a9:54:40:d8:36:df:60:6f:b3:c0:
        8b:a7:af:60:15:b2:5d:54:58:5f:25:ae:e5:6e:2a:7b:
        b9:5c:3c:1f:df:db:97:2d:7c:a0:3f:ef:f8:0a:12:19:
        4e:5e:44:6f:ec:b7:56:a8:b6:f0:eb:07:3f:2e:e7:aa:
        93:26:76:a0:ec:f8:30:aa:62:e9:24:d6:3a:b2:97:ad:
        fd:c8:1b:e2:d4:c0:cf:5f:06:48:d9:40:a5:6f:f4:c1:
        10:91:36:42:b0:2e:3e:84:57:4c:f2:db:ae:d0:c0:f4:
        3d:8d:ae:e2:41:0d:a1:b0:ad:32:68:ee:d2:97:97:36:
        62:f0:e5:d9:00:02:f1:bb:4c:c0:f6:ba:13:45:3b:22:
        78:b4:30:49:f2:0f:d5:2e:0a:02:4c:0e:9e:fd:74:e2:
        61:78:46:67:6e:ec:50:0f:23:21:11:bd:1c:42:84:08:
        81:9f:9d:67:b1:76:75:7c:28:65:3c:30:f2:de:2d:2b:
        83:50:8a:e1:58:29:ad:a6:e6:53:ab:26:07:ad:06:24:
        21:12:76:6a:8f:29:f9:dd:e8:38:a8:e8:fc:72:b6:7c
    Fingerprint (SHA-256):
        B4:2B:14:EB:B1:F3:96:EB:2F:D1:EC:08:6B:66:8D:0C:20:E2:98:57:6E:1C:28:BA:4D:7F:16:98:67:9D:A8:12
    Fingerprint (SHA1):
        F4:A5:BE:A1:65:D6:53:E9:92:F4:90:74:39:13:C5:86:C1:3C:EB:3E
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #7407: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7408: Extension: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7409: Extension2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182882 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7410: Extension2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7411: Extension2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7412: Extension2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7413: Extension2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182883   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7414: Extension2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7415: Extension2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7416: Extension2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7417: Extension2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182884   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7418: Extension2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7419: Extension2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #7420: Extension2: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7421: Extension2: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628182885   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7422: Extension2: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7423: Extension2: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #7424: Extension2: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7425: Extension2: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628182886   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7426: Extension2: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7427: Extension2: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7428: Extension2: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182882 (0x25714f62)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:23 2016
            Not After : Mon Jun 28 18:51:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:c3:7b:11:36:4e:14:b5:5e:a6:ed:20:ca:60:c7:98:
                    49:50:5c:93:47:e2:be:7e:e7:55:2f:ec:ed:b5:44:68:
                    5b:90:b1:33:3c:6e:71:68:e8:26:76:a1:4d:69:b5:84:
                    7d:9b:46:4f:47:39:13:f9:07:61:62:82:6b:9d:c5:da:
                    77:67:b8:6d:d3:07:f3:bd:c9:5e:2e:ff:0c:fa:0b:10:
                    dd:fa:2e:3c:7b:15:2f:aa:5b:07:ac:2c:90:18:1c:dc:
                    e8:b9:a6:89:36:b8:a4:fe:88:5f:d7:a2:0c:bf:77:78:
                    15:a9:9a:10:fe:ca:ad:ad:5b:87:f7:21:e9:b5:c8:e6:
                    dc:af:c2:c8:05:a3:8e:95:90:79:e7:bc:50:33:67:9d:
                    e8:a8:69:7f:cf:40:78:fe:e5:0b:49:37:58:0e:0b:a9:
                    d0:e5:e6:e5:5a:29:6c:7e:ae:df:a9:21:b6:a6:c3:ef:
                    ff:d3:b2:00:5c:ba:94:ba:57:be:15:3a:66:fd:bd:73:
                    1b:95:d0:1c:21:7f:b0:f9:0b:5d:9e:b2:b5:cb:f1:28:
                    6a:9d:11:12:59:47:a1:1a:a1:00:68:7a:21:0b:b2:29:
                    f6:7b:58:0e:c2:4d:48:8b:09:79:cc:b4:bf:0e:ca:31:
                    af:d9:e9:df:6d:79:7d:36:be:d1:08:60:47:a9:26:59
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        74:f2:a8:1a:12:01:46:62:14:34:e5:75:08:1c:2d:4c:
        d9:3e:ea:c5:0e:e4:dd:31:9d:6d:01:57:c8:d8:1e:fe:
        87:6f:51:e0:83:f4:14:3a:07:0b:0f:5b:d5:74:1f:8a:
        e7:c9:df:64:0f:60:d4:68:9c:1f:9f:d6:dd:72:a5:a3:
        d5:f2:67:79:eb:fc:2c:02:22:d7:dd:45:54:a3:d5:be:
        fd:df:f8:98:0b:9f:00:03:4b:a6:08:ff:d6:2a:6c:1e:
        70:a1:d6:e0:c0:c1:42:28:70:c1:9a:4a:a6:f4:61:cd:
        83:75:3a:17:50:37:df:13:e3:6a:0c:4f:a8:fe:a9:ae:
        5c:a8:24:3b:6b:0a:f6:77:28:e2:ef:6e:ab:a3:44:1b:
        20:b8:a3:64:d5:bc:18:78:13:e8:c8:ae:40:ed:4d:c6:
        12:44:a5:f9:25:12:37:ed:7b:6a:3a:c0:20:6c:ef:7e:
        21:26:c4:38:b9:fa:c6:72:37:f8:b5:47:20:8d:a6:15:
        2a:6e:98:96:ba:a6:12:ae:12:6b:ab:bf:28:b4:dc:a7:
        f7:81:4d:3e:14:37:63:38:e8:2a:7e:22:37:d5:49:75:
        68:7b:2a:fa:c2:d5:cb:ad:07:31:21:e4:23:f0:44:68:
        62:b2:30:1d:38:2c:6d:ba:e1:3c:d7:13:8e:50:f8:0e
    Fingerprint (SHA-256):
        5C:78:F5:BA:6B:59:C9:12:F7:28:19:EE:F6:12:E4:12:42:94:C3:3A:5D:B5:DD:A3:8A:EF:BF:61:4A:2B:9B:99
    Fingerprint (SHA1):
        98:C2:A6:58:2C:8F:FE:46:D4:3D:0A:2C:11:02:AE:6C:02:01:84:A5
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7429: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7430: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der Root.der with flags -d AllDB -pp      -o OID.2.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182883 (0x25714f63)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:29 2016
            Not After : Mon Jun 28 18:51:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:38:66:04:3f:39:62:d7:45:1f:2d:d7:2d:e5:9f:3e:
                    27:66:d5:d8:2e:45:f4:de:f8:ff:e8:05:89:02:aa:63:
                    8e:c4:46:1d:c1:8a:d3:ea:77:33:f5:f3:9c:aa:7e:32:
                    56:94:96:20:f7:af:12:e2:e8:53:3c:18:bc:22:38:bc:
                    0b:9c:34:7a:21:79:42:c2:42:ff:34:21:3f:b1:a7:0a:
                    5c:08:28:48:31:cd:de:e2:c4:d5:55:50:8a:16:74:76:
                    5f:18:f1:dc:c0:a3:3a:71:e0:b2:3e:69:51:1b:3e:9f:
                    95:26:38:55:8b:8a:62:08:1c:14:2f:b3:70:b1:ac:28:
                    61:c8:8a:fc:b2:e0:95:b9:63:28:43:79:59:fa:2d:35:
                    b4:5c:e9:6d:1b:87:f6:73:88:4d:ae:60:dc:fd:38:64:
                    f2:ee:67:c8:56:94:db:3e:dd:6a:bc:69:e6:fb:80:33:
                    0e:55:76:f4:8a:ab:7f:14:32:19:e2:af:36:f6:a4:37:
                    4d:ba:42:d2:09:bd:53:ff:46:10:0f:8c:e0:f8:01:7f:
                    13:72:18:46:b7:3e:e3:f6:0d:b2:3a:2a:e8:07:c0:04:
                    e5:5b:9c:7b:e6:34:26:7d:61:6e:37:9b:8e:16:43:28:
                    f1:66:41:97:0e:e3:7f:9b:30:5e:1a:ac:1c:c9:49:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:1c:66:82:fc:ac:1a:ae:4a:f6:4f:15:1b:c0:fd:09:
        64:1e:3d:ae:4a:15:0b:e9:bc:dc:77:c4:72:ab:3f:c8:
        a3:8f:9c:18:17:61:c5:e0:4a:32:a2:76:9c:5e:82:b1:
        25:8e:13:b1:5c:0b:81:07:10:2a:6e:25:bb:76:06:43:
        4a:34:5c:6f:ea:58:a8:b3:e8:c3:73:c7:0d:73:93:3d:
        3b:91:de:a8:54:ac:1f:52:0d:df:e2:ff:91:0d:a3:b4:
        96:c5:b0:57:b9:0a:e6:59:ce:e6:d3:05:c8:9a:f2:6b:
        1f:7f:cb:aa:78:88:62:2d:f5:7a:80:45:c1:f3:2b:a6:
        42:ad:b3:dd:70:6c:30:f2:6e:0f:68:f1:72:90:a6:fd:
        ae:bf:01:d1:15:0a:b0:a8:b0:4e:12:c0:7e:84:a6:b5:
        61:ab:09:b5:79:45:b6:f1:bb:3c:38:7a:89:99:4e:ff:
        52:a3:20:01:b1:06:ad:77:d4:72:97:35:05:ef:4d:a1:
        19:09:e5:39:7f:00:74:a8:8d:24:5f:0e:5d:aa:ce:d0:
        5c:9d:19:f2:a3:a9:da:2a:d8:af:f0:7a:1b:b7:95:17:
        fa:14:74:6a:2d:16:5b:4d:69:87:ba:cd:71:23:f0:a5:
        d5:73:d4:81:22:74:22:2a:9c:85:b7:35:68:c0:a4:99
    Fingerprint (SHA-256):
        E7:03:16:BF:38:F1:C3:1C:A1:FC:97:8E:57:E2:11:40:00:B4:E6:CC:8A:DA:BF:E0:D6:D7:E6:81:69:F1:AC:17
    Fingerprint (SHA1):
        10:DD:E2:11:C4:09:DB:26:51:A1:D7:BE:9D:50:23:35:37:D7:A9:BA
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7431: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.1.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der CA1Root.der  -t CA1Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7432: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der CA1Root.der with flags -d AllDB -pp      -o OID.2.0  -t CA1Root.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182884 (0x25714f64)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:40 2016
            Not After : Mon Jun 28 18:51:40 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    99:2c:bd:3b:8a:e4:76:10:15:b4:6f:31:09:49:f0:78:
                    cc:c9:43:9a:74:8a:b7:2f:18:53:e9:9b:75:d3:b7:16:
                    44:e0:ad:7e:4e:04:97:05:15:5e:7c:20:3e:30:8f:c9:
                    bd:49:3f:1b:8b:04:2c:70:e2:f1:e5:b6:fe:68:ef:5a:
                    b2:6f:a1:c6:ec:de:4e:99:2a:3c:06:9a:98:88:47:00:
                    9a:fe:a2:81:5c:4d:0f:3e:34:3f:2d:38:1c:96:a3:1e:
                    0f:91:b4:7d:8d:24:90:ac:67:5c:f3:9e:da:13:0a:4a:
                    91:9b:6e:d1:32:a4:c6:1c:38:a6:5f:0e:5a:34:32:43:
                    58:13:3f:58:f7:f8:ca:30:eb:1b:81:b8:01:c0:68:28:
                    d1:ed:8c:fd:11:24:98:0e:2b:0e:4a:75:d2:9a:e5:12:
                    34:d4:2b:56:b5:50:88:69:a9:09:b1:b1:41:1f:5a:58:
                    7c:5a:e8:2f:73:e7:0f:20:26:64:a2:56:a3:1d:00:f9:
                    59:7d:5c:72:9e:c2:1d:5c:9e:0d:a7:9e:70:fe:3b:9c:
                    17:87:b2:23:bb:87:59:bd:8f:3e:2d:87:2e:0f:3e:f5:
                    14:ba:86:2c:15:df:1d:85:46:ea:a0:6b:e6:c4:1e:85:
                    b7:51:d5:30:a1:d1:48:56:03:5b:28:10:b2:9d:ea:43
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        45:77:b6:ac:a1:51:7a:51:0f:84:7d:8f:0b:18:31:e6:
        1c:b5:c2:61:3a:66:de:62:be:e4:b4:a0:17:77:70:27:
        f0:d7:39:97:70:c8:cc:60:07:38:96:e7:97:ff:18:29:
        6f:e3:3b:cd:d2:a3:7d:15:e1:a0:c5:b8:cb:61:c1:ae:
        bf:d4:fe:81:48:e0:4f:8b:66:bc:cb:2a:64:37:b3:56:
        c0:bf:df:9d:87:a3:8e:cd:0e:f2:1c:84:fb:9c:b7:02:
        03:2b:90:90:a2:f4:38:cc:5f:3d:14:2c:56:8d:c5:f0:
        b6:b7:45:32:f4:c6:40:77:a4:c3:cf:90:69:2b:15:11:
        34:3d:92:c5:f5:44:ff:a1:39:02:11:7f:dc:d9:26:65:
        94:aa:31:5f:fb:87:63:73:2e:63:52:fa:19:85:9b:f9:
        32:87:98:b2:99:42:df:65:63:54:f9:53:3f:49:28:d0:
        0b:d2:be:34:7a:ad:e5:5c:21:5a:61:18:ba:93:a5:6d:
        11:53:2e:5c:42:1c:eb:d0:1a:53:71:40:dd:59:37:2e:
        74:6f:ee:9c:00:5a:a5:0f:08:f7:d3:bb:5b:d6:30:a8:
        56:a0:b0:fd:93:10:94:65:51:35:e0:fb:66:3d:a5:06:
        0c:9d:d2:c6:af:7f:98:d7:3a:d5:e3:33:dd:4e:35:74
    Fingerprint (SHA-256):
        F8:95:6A:B4:A6:3C:15:61:5A:50:BF:06:B5:6A:E8:AE:F3:4A:FA:0C:DC:1E:98:C4:E7:7F:E7:12:20:76:06:F9
    Fingerprint (SHA1):
        B3:55:C6:E0:DE:79:C6:36:B3:88:2B:FF:9F:B5:BE:B6:11:12:45:BF
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7433: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.1.0  -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der CA2CA1.der  -t CA2CA1.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7434: Extension2: Verifying certificate(s)  User1CA2.der CA2CA1.der with flags -d AllDB -pp      -o OID.2.0  -t CA2CA1.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #7435: Extension2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #7436: Extension2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #7437: Extension2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182882 (0x25714f62)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:23 2016
            Not After : Mon Jun 28 18:51:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:c3:7b:11:36:4e:14:b5:5e:a6:ed:20:ca:60:c7:98:
                    49:50:5c:93:47:e2:be:7e:e7:55:2f:ec:ed:b5:44:68:
                    5b:90:b1:33:3c:6e:71:68:e8:26:76:a1:4d:69:b5:84:
                    7d:9b:46:4f:47:39:13:f9:07:61:62:82:6b:9d:c5:da:
                    77:67:b8:6d:d3:07:f3:bd:c9:5e:2e:ff:0c:fa:0b:10:
                    dd:fa:2e:3c:7b:15:2f:aa:5b:07:ac:2c:90:18:1c:dc:
                    e8:b9:a6:89:36:b8:a4:fe:88:5f:d7:a2:0c:bf:77:78:
                    15:a9:9a:10:fe:ca:ad:ad:5b:87:f7:21:e9:b5:c8:e6:
                    dc:af:c2:c8:05:a3:8e:95:90:79:e7:bc:50:33:67:9d:
                    e8:a8:69:7f:cf:40:78:fe:e5:0b:49:37:58:0e:0b:a9:
                    d0:e5:e6:e5:5a:29:6c:7e:ae:df:a9:21:b6:a6:c3:ef:
                    ff:d3:b2:00:5c:ba:94:ba:57:be:15:3a:66:fd:bd:73:
                    1b:95:d0:1c:21:7f:b0:f9:0b:5d:9e:b2:b5:cb:f1:28:
                    6a:9d:11:12:59:47:a1:1a:a1:00:68:7a:21:0b:b2:29:
                    f6:7b:58:0e:c2:4d:48:8b:09:79:cc:b4:bf:0e:ca:31:
                    af:d9:e9:df:6d:79:7d:36:be:d1:08:60:47:a9:26:59
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        74:f2:a8:1a:12:01:46:62:14:34:e5:75:08:1c:2d:4c:
        d9:3e:ea:c5:0e:e4:dd:31:9d:6d:01:57:c8:d8:1e:fe:
        87:6f:51:e0:83:f4:14:3a:07:0b:0f:5b:d5:74:1f:8a:
        e7:c9:df:64:0f:60:d4:68:9c:1f:9f:d6:dd:72:a5:a3:
        d5:f2:67:79:eb:fc:2c:02:22:d7:dd:45:54:a3:d5:be:
        fd:df:f8:98:0b:9f:00:03:4b:a6:08:ff:d6:2a:6c:1e:
        70:a1:d6:e0:c0:c1:42:28:70:c1:9a:4a:a6:f4:61:cd:
        83:75:3a:17:50:37:df:13:e3:6a:0c:4f:a8:fe:a9:ae:
        5c:a8:24:3b:6b:0a:f6:77:28:e2:ef:6e:ab:a3:44:1b:
        20:b8:a3:64:d5:bc:18:78:13:e8:c8:ae:40:ed:4d:c6:
        12:44:a5:f9:25:12:37:ed:7b:6a:3a:c0:20:6c:ef:7e:
        21:26:c4:38:b9:fa:c6:72:37:f8:b5:47:20:8d:a6:15:
        2a:6e:98:96:ba:a6:12:ae:12:6b:ab:bf:28:b4:dc:a7:
        f7:81:4d:3e:14:37:63:38:e8:2a:7e:22:37:d5:49:75:
        68:7b:2a:fa:c2:d5:cb:ad:07:31:21:e4:23:f0:44:68:
        62:b2:30:1d:38:2c:6d:ba:e1:3c:d7:13:8e:50:f8:0e
    Fingerprint (SHA-256):
        5C:78:F5:BA:6B:59:C9:12:F7:28:19:EE:F6:12:E4:12:42:94:C3:3A:5D:B5:DD:A3:8A:EF:BF:61:4A:2B:9B:99
    Fingerprint (SHA1):
        98:C2:A6:58:2C:8F:FE:46:D4:3D:0A:2C:11:02:AE:6C:02:01:84:A5
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7438: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7439: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182883 (0x25714f63)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:29 2016
            Not After : Mon Jun 28 18:51:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:38:66:04:3f:39:62:d7:45:1f:2d:d7:2d:e5:9f:3e:
                    27:66:d5:d8:2e:45:f4:de:f8:ff:e8:05:89:02:aa:63:
                    8e:c4:46:1d:c1:8a:d3:ea:77:33:f5:f3:9c:aa:7e:32:
                    56:94:96:20:f7:af:12:e2:e8:53:3c:18:bc:22:38:bc:
                    0b:9c:34:7a:21:79:42:c2:42:ff:34:21:3f:b1:a7:0a:
                    5c:08:28:48:31:cd:de:e2:c4:d5:55:50:8a:16:74:76:
                    5f:18:f1:dc:c0:a3:3a:71:e0:b2:3e:69:51:1b:3e:9f:
                    95:26:38:55:8b:8a:62:08:1c:14:2f:b3:70:b1:ac:28:
                    61:c8:8a:fc:b2:e0:95:b9:63:28:43:79:59:fa:2d:35:
                    b4:5c:e9:6d:1b:87:f6:73:88:4d:ae:60:dc:fd:38:64:
                    f2:ee:67:c8:56:94:db:3e:dd:6a:bc:69:e6:fb:80:33:
                    0e:55:76:f4:8a:ab:7f:14:32:19:e2:af:36:f6:a4:37:
                    4d:ba:42:d2:09:bd:53:ff:46:10:0f:8c:e0:f8:01:7f:
                    13:72:18:46:b7:3e:e3:f6:0d:b2:3a:2a:e8:07:c0:04:
                    e5:5b:9c:7b:e6:34:26:7d:61:6e:37:9b:8e:16:43:28:
                    f1:66:41:97:0e:e3:7f:9b:30:5e:1a:ac:1c:c9:49:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:1c:66:82:fc:ac:1a:ae:4a:f6:4f:15:1b:c0:fd:09:
        64:1e:3d:ae:4a:15:0b:e9:bc:dc:77:c4:72:ab:3f:c8:
        a3:8f:9c:18:17:61:c5:e0:4a:32:a2:76:9c:5e:82:b1:
        25:8e:13:b1:5c:0b:81:07:10:2a:6e:25:bb:76:06:43:
        4a:34:5c:6f:ea:58:a8:b3:e8:c3:73:c7:0d:73:93:3d:
        3b:91:de:a8:54:ac:1f:52:0d:df:e2:ff:91:0d:a3:b4:
        96:c5:b0:57:b9:0a:e6:59:ce:e6:d3:05:c8:9a:f2:6b:
        1f:7f:cb:aa:78:88:62:2d:f5:7a:80:45:c1:f3:2b:a6:
        42:ad:b3:dd:70:6c:30:f2:6e:0f:68:f1:72:90:a6:fd:
        ae:bf:01:d1:15:0a:b0:a8:b0:4e:12:c0:7e:84:a6:b5:
        61:ab:09:b5:79:45:b6:f1:bb:3c:38:7a:89:99:4e:ff:
        52:a3:20:01:b1:06:ad:77:d4:72:97:35:05:ef:4d:a1:
        19:09:e5:39:7f:00:74:a8:8d:24:5f:0e:5d:aa:ce:d0:
        5c:9d:19:f2:a3:a9:da:2a:d8:af:f0:7a:1b:b7:95:17:
        fa:14:74:6a:2d:16:5b:4d:69:87:ba:cd:71:23:f0:a5:
        d5:73:d4:81:22:74:22:2a:9c:85:b7:35:68:c0:a4:99
    Fingerprint (SHA-256):
        E7:03:16:BF:38:F1:C3:1C:A1:FC:97:8E:57:E2:11:40:00:B4:E6:CC:8A:DA:BF:E0:D6:D7:E6:81:69:F1:AC:17
    Fingerprint (SHA1):
        10:DD:E2:11:C4:09:DB:26:51:A1:D7:BE:9D:50:23:35:37:D7:A9:BA
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7440: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7441: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182884 (0x25714f64)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:40 2016
            Not After : Mon Jun 28 18:51:40 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    99:2c:bd:3b:8a:e4:76:10:15:b4:6f:31:09:49:f0:78:
                    cc:c9:43:9a:74:8a:b7:2f:18:53:e9:9b:75:d3:b7:16:
                    44:e0:ad:7e:4e:04:97:05:15:5e:7c:20:3e:30:8f:c9:
                    bd:49:3f:1b:8b:04:2c:70:e2:f1:e5:b6:fe:68:ef:5a:
                    b2:6f:a1:c6:ec:de:4e:99:2a:3c:06:9a:98:88:47:00:
                    9a:fe:a2:81:5c:4d:0f:3e:34:3f:2d:38:1c:96:a3:1e:
                    0f:91:b4:7d:8d:24:90:ac:67:5c:f3:9e:da:13:0a:4a:
                    91:9b:6e:d1:32:a4:c6:1c:38:a6:5f:0e:5a:34:32:43:
                    58:13:3f:58:f7:f8:ca:30:eb:1b:81:b8:01:c0:68:28:
                    d1:ed:8c:fd:11:24:98:0e:2b:0e:4a:75:d2:9a:e5:12:
                    34:d4:2b:56:b5:50:88:69:a9:09:b1:b1:41:1f:5a:58:
                    7c:5a:e8:2f:73:e7:0f:20:26:64:a2:56:a3:1d:00:f9:
                    59:7d:5c:72:9e:c2:1d:5c:9e:0d:a7:9e:70:fe:3b:9c:
                    17:87:b2:23:bb:87:59:bd:8f:3e:2d:87:2e:0f:3e:f5:
                    14:ba:86:2c:15:df:1d:85:46:ea:a0:6b:e6:c4:1e:85:
                    b7:51:d5:30:a1:d1:48:56:03:5b:28:10:b2:9d:ea:43
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        45:77:b6:ac:a1:51:7a:51:0f:84:7d:8f:0b:18:31:e6:
        1c:b5:c2:61:3a:66:de:62:be:e4:b4:a0:17:77:70:27:
        f0:d7:39:97:70:c8:cc:60:07:38:96:e7:97:ff:18:29:
        6f:e3:3b:cd:d2:a3:7d:15:e1:a0:c5:b8:cb:61:c1:ae:
        bf:d4:fe:81:48:e0:4f:8b:66:bc:cb:2a:64:37:b3:56:
        c0:bf:df:9d:87:a3:8e:cd:0e:f2:1c:84:fb:9c:b7:02:
        03:2b:90:90:a2:f4:38:cc:5f:3d:14:2c:56:8d:c5:f0:
        b6:b7:45:32:f4:c6:40:77:a4:c3:cf:90:69:2b:15:11:
        34:3d:92:c5:f5:44:ff:a1:39:02:11:7f:dc:d9:26:65:
        94:aa:31:5f:fb:87:63:73:2e:63:52:fa:19:85:9b:f9:
        32:87:98:b2:99:42:df:65:63:54:f9:53:3f:49:28:d0:
        0b:d2:be:34:7a:ad:e5:5c:21:5a:61:18:ba:93:a5:6d:
        11:53:2e:5c:42:1c:eb:d0:1a:53:71:40:dd:59:37:2e:
        74:6f:ee:9c:00:5a:a5:0f:08:f7:d3:bb:5b:d6:30:a8:
        56:a0:b0:fd:93:10:94:65:51:35:e0:fb:66:3d:a5:06:
        0c:9d:d2:c6:af:7f:98:d7:3a:d5:e3:33:dd:4e:35:74
    Fingerprint (SHA-256):
        F8:95:6A:B4:A6:3C:15:61:5A:50:BF:06:B5:6A:E8:AE:F3:4A:FA:0C:DC:1E:98:C4:E7:7F:E7:12:20:76:06:F9
    Fingerprint (SHA1):
        B3:55:C6:E0:DE:79:C6:36:B3:88:2B:FF:9F:B5:BE:B6:11:12:45:BF
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7442: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7443: Extension2: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182882 (0x25714f62)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:23 2016
            Not After : Mon Jun 28 18:51:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:c3:7b:11:36:4e:14:b5:5e:a6:ed:20:ca:60:c7:98:
                    49:50:5c:93:47:e2:be:7e:e7:55:2f:ec:ed:b5:44:68:
                    5b:90:b1:33:3c:6e:71:68:e8:26:76:a1:4d:69:b5:84:
                    7d:9b:46:4f:47:39:13:f9:07:61:62:82:6b:9d:c5:da:
                    77:67:b8:6d:d3:07:f3:bd:c9:5e:2e:ff:0c:fa:0b:10:
                    dd:fa:2e:3c:7b:15:2f:aa:5b:07:ac:2c:90:18:1c:dc:
                    e8:b9:a6:89:36:b8:a4:fe:88:5f:d7:a2:0c:bf:77:78:
                    15:a9:9a:10:fe:ca:ad:ad:5b:87:f7:21:e9:b5:c8:e6:
                    dc:af:c2:c8:05:a3:8e:95:90:79:e7:bc:50:33:67:9d:
                    e8:a8:69:7f:cf:40:78:fe:e5:0b:49:37:58:0e:0b:a9:
                    d0:e5:e6:e5:5a:29:6c:7e:ae:df:a9:21:b6:a6:c3:ef:
                    ff:d3:b2:00:5c:ba:94:ba:57:be:15:3a:66:fd:bd:73:
                    1b:95:d0:1c:21:7f:b0:f9:0b:5d:9e:b2:b5:cb:f1:28:
                    6a:9d:11:12:59:47:a1:1a:a1:00:68:7a:21:0b:b2:29:
                    f6:7b:58:0e:c2:4d:48:8b:09:79:cc:b4:bf:0e:ca:31:
                    af:d9:e9:df:6d:79:7d:36:be:d1:08:60:47:a9:26:59
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        74:f2:a8:1a:12:01:46:62:14:34:e5:75:08:1c:2d:4c:
        d9:3e:ea:c5:0e:e4:dd:31:9d:6d:01:57:c8:d8:1e:fe:
        87:6f:51:e0:83:f4:14:3a:07:0b:0f:5b:d5:74:1f:8a:
        e7:c9:df:64:0f:60:d4:68:9c:1f:9f:d6:dd:72:a5:a3:
        d5:f2:67:79:eb:fc:2c:02:22:d7:dd:45:54:a3:d5:be:
        fd:df:f8:98:0b:9f:00:03:4b:a6:08:ff:d6:2a:6c:1e:
        70:a1:d6:e0:c0:c1:42:28:70:c1:9a:4a:a6:f4:61:cd:
        83:75:3a:17:50:37:df:13:e3:6a:0c:4f:a8:fe:a9:ae:
        5c:a8:24:3b:6b:0a:f6:77:28:e2:ef:6e:ab:a3:44:1b:
        20:b8:a3:64:d5:bc:18:78:13:e8:c8:ae:40:ed:4d:c6:
        12:44:a5:f9:25:12:37:ed:7b:6a:3a:c0:20:6c:ef:7e:
        21:26:c4:38:b9:fa:c6:72:37:f8:b5:47:20:8d:a6:15:
        2a:6e:98:96:ba:a6:12:ae:12:6b:ab:bf:28:b4:dc:a7:
        f7:81:4d:3e:14:37:63:38:e8:2a:7e:22:37:d5:49:75:
        68:7b:2a:fa:c2:d5:cb:ad:07:31:21:e4:23:f0:44:68:
        62:b2:30:1d:38:2c:6d:ba:e1:3c:d7:13:8e:50:f8:0e
    Fingerprint (SHA-256):
        5C:78:F5:BA:6B:59:C9:12:F7:28:19:EE:F6:12:E4:12:42:94:C3:3A:5D:B5:DD:A3:8A:EF:BF:61:4A:2B:9B:99
    Fingerprint (SHA1):
        98:C2:A6:58:2C:8F:FE:46:D4:3D:0A:2C:11:02:AE:6C:02:01:84:A5
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7444: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182882 (0x25714f62)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:23 2016
            Not After : Mon Jun 28 18:51:23 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bb:c3:7b:11:36:4e:14:b5:5e:a6:ed:20:ca:60:c7:98:
                    49:50:5c:93:47:e2:be:7e:e7:55:2f:ec:ed:b5:44:68:
                    5b:90:b1:33:3c:6e:71:68:e8:26:76:a1:4d:69:b5:84:
                    7d:9b:46:4f:47:39:13:f9:07:61:62:82:6b:9d:c5:da:
                    77:67:b8:6d:d3:07:f3:bd:c9:5e:2e:ff:0c:fa:0b:10:
                    dd:fa:2e:3c:7b:15:2f:aa:5b:07:ac:2c:90:18:1c:dc:
                    e8:b9:a6:89:36:b8:a4:fe:88:5f:d7:a2:0c:bf:77:78:
                    15:a9:9a:10:fe:ca:ad:ad:5b:87:f7:21:e9:b5:c8:e6:
                    dc:af:c2:c8:05:a3:8e:95:90:79:e7:bc:50:33:67:9d:
                    e8:a8:69:7f:cf:40:78:fe:e5:0b:49:37:58:0e:0b:a9:
                    d0:e5:e6:e5:5a:29:6c:7e:ae:df:a9:21:b6:a6:c3:ef:
                    ff:d3:b2:00:5c:ba:94:ba:57:be:15:3a:66:fd:bd:73:
                    1b:95:d0:1c:21:7f:b0:f9:0b:5d:9e:b2:b5:cb:f1:28:
                    6a:9d:11:12:59:47:a1:1a:a1:00:68:7a:21:0b:b2:29:
                    f6:7b:58:0e:c2:4d:48:8b:09:79:cc:b4:bf:0e:ca:31:
                    af:d9:e9:df:6d:79:7d:36:be:d1:08:60:47:a9:26:59
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        74:f2:a8:1a:12:01:46:62:14:34:e5:75:08:1c:2d:4c:
        d9:3e:ea:c5:0e:e4:dd:31:9d:6d:01:57:c8:d8:1e:fe:
        87:6f:51:e0:83:f4:14:3a:07:0b:0f:5b:d5:74:1f:8a:
        e7:c9:df:64:0f:60:d4:68:9c:1f:9f:d6:dd:72:a5:a3:
        d5:f2:67:79:eb:fc:2c:02:22:d7:dd:45:54:a3:d5:be:
        fd:df:f8:98:0b:9f:00:03:4b:a6:08:ff:d6:2a:6c:1e:
        70:a1:d6:e0:c0:c1:42:28:70:c1:9a:4a:a6:f4:61:cd:
        83:75:3a:17:50:37:df:13:e3:6a:0c:4f:a8:fe:a9:ae:
        5c:a8:24:3b:6b:0a:f6:77:28:e2:ef:6e:ab:a3:44:1b:
        20:b8:a3:64:d5:bc:18:78:13:e8:c8:ae:40:ed:4d:c6:
        12:44:a5:f9:25:12:37:ed:7b:6a:3a:c0:20:6c:ef:7e:
        21:26:c4:38:b9:fa:c6:72:37:f8:b5:47:20:8d:a6:15:
        2a:6e:98:96:ba:a6:12:ae:12:6b:ab:bf:28:b4:dc:a7:
        f7:81:4d:3e:14:37:63:38:e8:2a:7e:22:37:d5:49:75:
        68:7b:2a:fa:c2:d5:cb:ad:07:31:21:e4:23:f0:44:68:
        62:b2:30:1d:38:2c:6d:ba:e1:3c:d7:13:8e:50:f8:0e
    Fingerprint (SHA-256):
        5C:78:F5:BA:6B:59:C9:12:F7:28:19:EE:F6:12:E4:12:42:94:C3:3A:5D:B5:DD:A3:8A:EF:BF:61:4A:2B:9B:99
    Fingerprint (SHA1):
        98:C2:A6:58:2C:8F:FE:46:D4:3D:0A:2C:11:02:AE:6C:02:01:84:A5
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7445: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182883 (0x25714f63)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:29 2016
            Not After : Mon Jun 28 18:51:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:38:66:04:3f:39:62:d7:45:1f:2d:d7:2d:e5:9f:3e:
                    27:66:d5:d8:2e:45:f4:de:f8:ff:e8:05:89:02:aa:63:
                    8e:c4:46:1d:c1:8a:d3:ea:77:33:f5:f3:9c:aa:7e:32:
                    56:94:96:20:f7:af:12:e2:e8:53:3c:18:bc:22:38:bc:
                    0b:9c:34:7a:21:79:42:c2:42:ff:34:21:3f:b1:a7:0a:
                    5c:08:28:48:31:cd:de:e2:c4:d5:55:50:8a:16:74:76:
                    5f:18:f1:dc:c0:a3:3a:71:e0:b2:3e:69:51:1b:3e:9f:
                    95:26:38:55:8b:8a:62:08:1c:14:2f:b3:70:b1:ac:28:
                    61:c8:8a:fc:b2:e0:95:b9:63:28:43:79:59:fa:2d:35:
                    b4:5c:e9:6d:1b:87:f6:73:88:4d:ae:60:dc:fd:38:64:
                    f2:ee:67:c8:56:94:db:3e:dd:6a:bc:69:e6:fb:80:33:
                    0e:55:76:f4:8a:ab:7f:14:32:19:e2:af:36:f6:a4:37:
                    4d:ba:42:d2:09:bd:53:ff:46:10:0f:8c:e0:f8:01:7f:
                    13:72:18:46:b7:3e:e3:f6:0d:b2:3a:2a:e8:07:c0:04:
                    e5:5b:9c:7b:e6:34:26:7d:61:6e:37:9b:8e:16:43:28:
                    f1:66:41:97:0e:e3:7f:9b:30:5e:1a:ac:1c:c9:49:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:1c:66:82:fc:ac:1a:ae:4a:f6:4f:15:1b:c0:fd:09:
        64:1e:3d:ae:4a:15:0b:e9:bc:dc:77:c4:72:ab:3f:c8:
        a3:8f:9c:18:17:61:c5:e0:4a:32:a2:76:9c:5e:82:b1:
        25:8e:13:b1:5c:0b:81:07:10:2a:6e:25:bb:76:06:43:
        4a:34:5c:6f:ea:58:a8:b3:e8:c3:73:c7:0d:73:93:3d:
        3b:91:de:a8:54:ac:1f:52:0d:df:e2:ff:91:0d:a3:b4:
        96:c5:b0:57:b9:0a:e6:59:ce:e6:d3:05:c8:9a:f2:6b:
        1f:7f:cb:aa:78:88:62:2d:f5:7a:80:45:c1:f3:2b:a6:
        42:ad:b3:dd:70:6c:30:f2:6e:0f:68:f1:72:90:a6:fd:
        ae:bf:01:d1:15:0a:b0:a8:b0:4e:12:c0:7e:84:a6:b5:
        61:ab:09:b5:79:45:b6:f1:bb:3c:38:7a:89:99:4e:ff:
        52:a3:20:01:b1:06:ad:77:d4:72:97:35:05:ef:4d:a1:
        19:09:e5:39:7f:00:74:a8:8d:24:5f:0e:5d:aa:ce:d0:
        5c:9d:19:f2:a3:a9:da:2a:d8:af:f0:7a:1b:b7:95:17:
        fa:14:74:6a:2d:16:5b:4d:69:87:ba:cd:71:23:f0:a5:
        d5:73:d4:81:22:74:22:2a:9c:85:b7:35:68:c0:a4:99
    Fingerprint (SHA-256):
        E7:03:16:BF:38:F1:C3:1C:A1:FC:97:8E:57:E2:11:40:00:B4:E6:CC:8A:DA:BF:E0:D6:D7:E6:81:69:F1:AC:17
    Fingerprint (SHA1):
        10:DD:E2:11:C4:09:DB:26:51:A1:D7:BE:9D:50:23:35:37:D7:A9:BA
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7446: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182883 (0x25714f63)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:29 2016
            Not After : Mon Jun 28 18:51:29 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:38:66:04:3f:39:62:d7:45:1f:2d:d7:2d:e5:9f:3e:
                    27:66:d5:d8:2e:45:f4:de:f8:ff:e8:05:89:02:aa:63:
                    8e:c4:46:1d:c1:8a:d3:ea:77:33:f5:f3:9c:aa:7e:32:
                    56:94:96:20:f7:af:12:e2:e8:53:3c:18:bc:22:38:bc:
                    0b:9c:34:7a:21:79:42:c2:42:ff:34:21:3f:b1:a7:0a:
                    5c:08:28:48:31:cd:de:e2:c4:d5:55:50:8a:16:74:76:
                    5f:18:f1:dc:c0:a3:3a:71:e0:b2:3e:69:51:1b:3e:9f:
                    95:26:38:55:8b:8a:62:08:1c:14:2f:b3:70:b1:ac:28:
                    61:c8:8a:fc:b2:e0:95:b9:63:28:43:79:59:fa:2d:35:
                    b4:5c:e9:6d:1b:87:f6:73:88:4d:ae:60:dc:fd:38:64:
                    f2:ee:67:c8:56:94:db:3e:dd:6a:bc:69:e6:fb:80:33:
                    0e:55:76:f4:8a:ab:7f:14:32:19:e2:af:36:f6:a4:37:
                    4d:ba:42:d2:09:bd:53:ff:46:10:0f:8c:e0:f8:01:7f:
                    13:72:18:46:b7:3e:e3:f6:0d:b2:3a:2a:e8:07:c0:04:
                    e5:5b:9c:7b:e6:34:26:7d:61:6e:37:9b:8e:16:43:28:
                    f1:66:41:97:0e:e3:7f:9b:30:5e:1a:ac:1c:c9:49:ab
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        2c:1c:66:82:fc:ac:1a:ae:4a:f6:4f:15:1b:c0:fd:09:
        64:1e:3d:ae:4a:15:0b:e9:bc:dc:77:c4:72:ab:3f:c8:
        a3:8f:9c:18:17:61:c5:e0:4a:32:a2:76:9c:5e:82:b1:
        25:8e:13:b1:5c:0b:81:07:10:2a:6e:25:bb:76:06:43:
        4a:34:5c:6f:ea:58:a8:b3:e8:c3:73:c7:0d:73:93:3d:
        3b:91:de:a8:54:ac:1f:52:0d:df:e2:ff:91:0d:a3:b4:
        96:c5:b0:57:b9:0a:e6:59:ce:e6:d3:05:c8:9a:f2:6b:
        1f:7f:cb:aa:78:88:62:2d:f5:7a:80:45:c1:f3:2b:a6:
        42:ad:b3:dd:70:6c:30:f2:6e:0f:68:f1:72:90:a6:fd:
        ae:bf:01:d1:15:0a:b0:a8:b0:4e:12:c0:7e:84:a6:b5:
        61:ab:09:b5:79:45:b6:f1:bb:3c:38:7a:89:99:4e:ff:
        52:a3:20:01:b1:06:ad:77:d4:72:97:35:05:ef:4d:a1:
        19:09:e5:39:7f:00:74:a8:8d:24:5f:0e:5d:aa:ce:d0:
        5c:9d:19:f2:a3:a9:da:2a:d8:af:f0:7a:1b:b7:95:17:
        fa:14:74:6a:2d:16:5b:4d:69:87:ba:cd:71:23:f0:a5:
        d5:73:d4:81:22:74:22:2a:9c:85:b7:35:68:c0:a4:99
    Fingerprint (SHA-256):
        E7:03:16:BF:38:F1:C3:1C:A1:FC:97:8E:57:E2:11:40:00:B4:E6:CC:8A:DA:BF:E0:D6:D7:E6:81:69:F1:AC:17
    Fingerprint (SHA1):
        10:DD:E2:11:C4:09:DB:26:51:A1:D7:BE:9D:50:23:35:37:D7:A9:BA
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7447: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182884 (0x25714f64)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:40 2016
            Not After : Mon Jun 28 18:51:40 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    99:2c:bd:3b:8a:e4:76:10:15:b4:6f:31:09:49:f0:78:
                    cc:c9:43:9a:74:8a:b7:2f:18:53:e9:9b:75:d3:b7:16:
                    44:e0:ad:7e:4e:04:97:05:15:5e:7c:20:3e:30:8f:c9:
                    bd:49:3f:1b:8b:04:2c:70:e2:f1:e5:b6:fe:68:ef:5a:
                    b2:6f:a1:c6:ec:de:4e:99:2a:3c:06:9a:98:88:47:00:
                    9a:fe:a2:81:5c:4d:0f:3e:34:3f:2d:38:1c:96:a3:1e:
                    0f:91:b4:7d:8d:24:90:ac:67:5c:f3:9e:da:13:0a:4a:
                    91:9b:6e:d1:32:a4:c6:1c:38:a6:5f:0e:5a:34:32:43:
                    58:13:3f:58:f7:f8:ca:30:eb:1b:81:b8:01:c0:68:28:
                    d1:ed:8c:fd:11:24:98:0e:2b:0e:4a:75:d2:9a:e5:12:
                    34:d4:2b:56:b5:50:88:69:a9:09:b1:b1:41:1f:5a:58:
                    7c:5a:e8:2f:73:e7:0f:20:26:64:a2:56:a3:1d:00:f9:
                    59:7d:5c:72:9e:c2:1d:5c:9e:0d:a7:9e:70:fe:3b:9c:
                    17:87:b2:23:bb:87:59:bd:8f:3e:2d:87:2e:0f:3e:f5:
                    14:ba:86:2c:15:df:1d:85:46:ea:a0:6b:e6:c4:1e:85:
                    b7:51:d5:30:a1:d1:48:56:03:5b:28:10:b2:9d:ea:43
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: OID.2.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        45:77:b6:ac:a1:51:7a:51:0f:84:7d:8f:0b:18:31:e6:
        1c:b5:c2:61:3a:66:de:62:be:e4:b4:a0:17:77:70:27:
        f0:d7:39:97:70:c8:cc:60:07:38:96:e7:97:ff:18:29:
        6f:e3:3b:cd:d2:a3:7d:15:e1:a0:c5:b8:cb:61:c1:ae:
        bf:d4:fe:81:48:e0:4f:8b:66:bc:cb:2a:64:37:b3:56:
        c0:bf:df:9d:87:a3:8e:cd:0e:f2:1c:84:fb:9c:b7:02:
        03:2b:90:90:a2:f4:38:cc:5f:3d:14:2c:56:8d:c5:f0:
        b6:b7:45:32:f4:c6:40:77:a4:c3:cf:90:69:2b:15:11:
        34:3d:92:c5:f5:44:ff:a1:39:02:11:7f:dc:d9:26:65:
        94:aa:31:5f:fb:87:63:73:2e:63:52:fa:19:85:9b:f9:
        32:87:98:b2:99:42:df:65:63:54:f9:53:3f:49:28:d0:
        0b:d2:be:34:7a:ad:e5:5c:21:5a:61:18:ba:93:a5:6d:
        11:53:2e:5c:42:1c:eb:d0:1a:53:71:40:dd:59:37:2e:
        74:6f:ee:9c:00:5a:a5:0f:08:f7:d3:bb:5b:d6:30:a8:
        56:a0:b0:fd:93:10:94:65:51:35:e0:fb:66:3d:a5:06:
        0c:9d:d2:c6:af:7f:98:d7:3a:d5:e3:33:dd:4e:35:74
    Fingerprint (SHA-256):
        F8:95:6A:B4:A6:3C:15:61:5A:50:BF:06:B5:6A:E8:AE:F3:4A:FA:0C:DC:1E:98:C4:E7:7F:E7:12:20:76:06:F9
    Fingerprint (SHA1):
        B3:55:C6:E0:DE:79:C6:36:B3:88:2B:FF:9F:B5:BE:B6:11:12:45:BF
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7448: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182884 (0x25714f64)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:51:40 2016
            Not After : Mon Jun 28 18:51:40 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    99:2c:bd:3b:8a:e4:76:10:15:b4:6f:31:09:49:f0:78:
                    cc:c9:43:9a:74:8a:b7:2f:18:53:e9:9b:75:d3:b7:16:
                    44:e0:ad:7e:4e:04:97:05:15:5e:7c:20:3e:30:8f:c9:
                    bd:49:3f:1b:8b:04:2c:70:e2:f1:e5:b6:fe:68:ef:5a:
                    b2:6f:a1:c6:ec:de:4e:99:2a:3c:06:9a:98:88:47:00:
                    9a:fe:a2:81:5c:4d:0f:3e:34:3f:2d:38:1c:96:a3:1e:
                    0f:91:b4:7d:8d:24:90:ac:67:5c:f3:9e:da:13:0a:4a:
                    91:9b:6e:d1:32:a4:c6:1c:38:a6:5f:0e:5a:34:32:43:
                    58:13:3f:58:f7:f8:ca:30:eb:1b:81:b8:01:c0:68:28:
                    d1:ed:8c:fd:11:24:98:0e:2b:0e:4a:75:d2:9a:e5:12:
                    34:d4:2b:56:b5:50:88:69:a9:09:b1:b1:41:1f:5a:58:
                    7c:5a:e8:2f:73:e7:0f:20:26:64:a2:56:a3:1d:00:f9:
                    59:7d:5c:72:9e:c2:1d:5c:9e:0d:a7:9e:70:fe:3b:9c:
                    17:87:b2:23:bb:87:59:bd:8f:3e:2d:87:2e:0f:3e:f5:
                    14:ba:86:2c:15:df:1d:85:46:ea:a0:6b:e6:c4:1e:85:
                    b7:51:d5:30:a1:d1:48:56:03:5b:28:10:b2:9d:ea:43
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        45:77:b6:ac:a1:51:7a:51:0f:84:7d:8f:0b:18:31:e6:
        1c:b5:c2:61:3a:66:de:62:be:e4:b4:a0:17:77:70:27:
        f0:d7:39:97:70:c8:cc:60:07:38:96:e7:97:ff:18:29:
        6f:e3:3b:cd:d2:a3:7d:15:e1:a0:c5:b8:cb:61:c1:ae:
        bf:d4:fe:81:48:e0:4f:8b:66:bc:cb:2a:64:37:b3:56:
        c0:bf:df:9d:87:a3:8e:cd:0e:f2:1c:84:fb:9c:b7:02:
        03:2b:90:90:a2:f4:38:cc:5f:3d:14:2c:56:8d:c5:f0:
        b6:b7:45:32:f4:c6:40:77:a4:c3:cf:90:69:2b:15:11:
        34:3d:92:c5:f5:44:ff:a1:39:02:11:7f:dc:d9:26:65:
        94:aa:31:5f:fb:87:63:73:2e:63:52:fa:19:85:9b:f9:
        32:87:98:b2:99:42:df:65:63:54:f9:53:3f:49:28:d0:
        0b:d2:be:34:7a:ad:e5:5c:21:5a:61:18:ba:93:a5:6d:
        11:53:2e:5c:42:1c:eb:d0:1a:53:71:40:dd:59:37:2e:
        74:6f:ee:9c:00:5a:a5:0f:08:f7:d3:bb:5b:d6:30:a8:
        56:a0:b0:fd:93:10:94:65:51:35:e0:fb:66:3d:a5:06:
        0c:9d:d2:c6:af:7f:98:d7:3a:d5:e3:33:dd:4e:35:74
    Fingerprint (SHA-256):
        F8:95:6A:B4:A6:3C:15:61:5A:50:BF:06:B5:6A:E8:AE:F3:4A:FA:0C:DC:1E:98:C4:E7:7F:E7:12:20:76:06:F9
    Fingerprint (SHA1):
        B3:55:C6:E0:DE:79:C6:36:B3:88:2B:FF:9F:B5:BE:B6:11:12:45:BF
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User2 EE,O=User2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7449: Extension2: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t CA2 - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #7450: AnyPolicy: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182887 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7451: AnyPolicy: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #7452: AnyPolicy: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7453: AnyPolicy: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7454: AnyPolicy: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182888   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7455: AnyPolicy: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7456: AnyPolicy: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7457: AnyPolicy: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7458: AnyPolicy: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182889   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
0
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #7459: AnyPolicy: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7460: AnyPolicy: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #7461: AnyPolicy: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7462: AnyPolicy: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA3Req.der -o CA3CA1.der -f CA1DB/dbpasswd -m 628182890   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7463: AnyPolicy: Creating certficate CA3CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA3CA1.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7464: AnyPolicy: Importing certificate CA3CA1.der to CA3DB database  - PASSED
chains.sh: Creating DB User1DB
certutil -N -d User1DB -f User1DB/dbpasswd
chains.sh: #7465: AnyPolicy: Creating DB User1DB  - PASSED
chains.sh: Creating EE certifiate request User1Req.der
certutil -s "CN=User1 EE, O=User1, C=US"  -R  -d User1DB -f User1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7466: AnyPolicy: Creating EE certifiate request User1Req.der  - PASSED
chains.sh: Creating certficate User1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User1Req.der -o User1CA2.der -f CA2DB/dbpasswd -m 628182891   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7467: AnyPolicy: Creating certficate User1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User1CA2.der to User1DB database
certutil -A -n User1 -t u,u,u -d User1DB -f User1DB/dbpasswd -i User1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7468: AnyPolicy: Importing certificate User1CA2.der to User1DB database  - PASSED
chains.sh: Creating DB User2DB
certutil -N -d User2DB -f User2DB/dbpasswd
chains.sh: #7469: AnyPolicy: Creating DB User2DB  - PASSED
chains.sh: Creating EE certifiate request User2Req.der
certutil -s "CN=User2 EE, O=User2, C=US"  -R  -d User2DB -f User2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7470: AnyPolicy: Creating EE certifiate request User2Req.der  - PASSED
chains.sh: Creating certficate User2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i User2Req.der -o User2CA2.der -f CA2DB/dbpasswd -m 628182892   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7471: AnyPolicy: Creating certficate User2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate User2CA2.der to User2DB database
certutil -A -n User2 -t u,u,u -d User2DB -f User2DB/dbpasswd -i User2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7472: AnyPolicy: Importing certificate User2CA2.der to User2DB database  - PASSED
chains.sh: Creating DB User3DB
certutil -N -d User3DB -f User3DB/dbpasswd
chains.sh: #7473: AnyPolicy: Creating DB User3DB  - PASSED
chains.sh: Creating EE certifiate request User3Req.der
certutil -s "CN=User3 EE, O=User3, C=US"  -R  -d User3DB -f User3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o User3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7474: AnyPolicy: Creating EE certifiate request User3Req.der  - PASSED
chains.sh: Creating certficate User3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i User3Req.der -o User3CA3.der -f CA3DB/dbpasswd -m 628182893   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7475: AnyPolicy: Creating certficate User3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate User3CA3.der to User3DB database
certutil -A -n User3 -t u,u,u -d User3DB -f User3DB/dbpasswd -i User3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7476: AnyPolicy: Importing certificate User3CA3.der to User3DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7477: AnyPolicy: Creating DB AllDB  - PASSED
chains.sh: Importing certificate RootCA.der to AllDB database
certutil -A -n RootCA  -t "" -d AllDB -f AllDB/dbpasswd -i RootCA.der
chains.sh: #7478: AnyPolicy: Importing certificate RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1RootCA.der
chains.sh: #7479: AnyPolicy: Importing certificate CA1RootCA.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #7480: AnyPolicy: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA1.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA1.der
chains.sh: #7481: AnyPolicy: Importing certificate CA3CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User1CA2.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182887 (0x25714f67)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:52:08 2016
            Not After : Mon Jun 28 18:52:08 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:ad:fa:4a:8f:e3:95:c2:77:cb:b4:89:ca:d0:6b:b5:
                    41:4f:09:14:0e:83:d8:2d:f9:e1:8e:07:d2:f9:0c:6e:
                    e2:be:83:2c:71:1b:d1:74:c7:c0:65:bc:6f:09:d8:6a:
                    95:b1:52:7c:e8:b7:c1:ba:5e:4c:50:0c:6f:53:0f:90:
                    1a:62:00:77:ff:5e:1a:2f:e9:3c:f0:51:b4:43:62:2b:
                    5f:76:53:57:3c:d5:60:cb:ed:7e:40:6e:ec:45:49:87:
                    c6:9a:43:da:e5:3e:44:98:8b:2c:86:1c:b1:01:f5:f5:
                    11:9f:fc:df:a8:45:d8:62:2d:68:50:64:b6:8a:61:cb:
                    fc:e5:c1:da:55:c1:af:d2:6c:0a:d0:0f:13:73:dd:65:
                    b8:fb:4c:4d:92:fb:cd:9b:56:33:4c:c4:37:c7:41:47:
                    1a:ca:46:f9:ef:37:32:2c:3d:e3:22:0e:eb:2d:6f:c2:
                    f8:29:ad:cf:39:31:86:4e:fd:de:79:9b:ac:36:36:2b:
                    a7:b4:27:64:17:80:82:78:3d:45:42:1b:57:91:77:fb:
                    92:1b:28:98:e3:4e:65:1a:78:10:7f:0e:e3:52:6a:4b:
                    dc:88:43:f9:cc:85:e8:1d:66:e2:d8:aa:86:ae:46:08:
                    bd:89:b8:ad:d7:01:00:1d:f9:f8:1e:f1:3a:b7:c6:91
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:b0:ac:84:e8:a5:80:e0:00:96:fe:37:84:a3:73:d7:
        10:4f:52:b9:8b:10:0c:2f:c1:6a:6f:9b:9d:f2:6c:f1:
        7d:ab:5a:10:83:57:d4:6c:0b:ef:ee:c6:73:a1:e3:74:
        48:56:3b:2a:0c:11:1b:8f:9e:3c:d1:5d:e5:93:99:c5:
        4d:3d:61:e9:1e:9b:5f:b1:0b:00:e0:1e:81:7a:07:af:
        8e:d9:49:5e:9b:a0:e6:e0:7f:71:c0:cb:df:1f:06:de:
        93:f3:25:22:6e:5c:69:91:44:60:38:12:86:99:b7:57:
        ba:09:12:6a:09:52:2b:2f:2a:62:9d:0a:6e:69:ae:2d:
        75:d9:5d:da:eb:9a:9b:92:bf:00:a5:75:f8:59:f9:49:
        22:92:96:1b:55:c0:16:37:d5:8c:dd:3c:bc:53:7e:b7:
        b7:be:8f:91:7d:22:a9:45:52:e6:8f:c5:5e:e5:2e:56:
        3c:c3:6a:f0:fd:6c:49:f4:83:55:6b:44:2b:21:12:c4:
        73:78:72:ce:d4:ed:48:a5:97:64:36:57:d3:3c:0b:d6:
        9b:b6:85:68:c0:a6:a0:41:c6:cc:be:49:4a:37:9f:5a:
        46:46:83:e9:f1:fa:15:c0:7b:13:11:f6:19:2c:f9:5b:
        f5:3e:db:63:f6:28:09:d1:89:90:97:e2:35:de:b3:1b
    Fingerprint (SHA-256):
        25:63:30:83:30:69:FC:2B:48:BA:B2:B8:42:D5:36:95:24:3C:34:1A:E5:13:A7:4D:9A:76:1B:9D:04:C4:AE:49
    Fingerprint (SHA1):
        3E:0B:EE:E9:4C:AA:75:00:3D:80:9C:80:42:1B:93:3C:D4:31:C9:55
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User1 EE,O=User1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7482: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User1CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7483: AnyPolicy: Verifying certificate(s)  User1CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7484: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User2CA2.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7485: AnyPolicy: Verifying certificate(s)  User2CA2.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.1.0  User3CA3.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182887 (0x25714f67)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:52:08 2016
            Not After : Mon Jun 28 18:52:08 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d6:ad:fa:4a:8f:e3:95:c2:77:cb:b4:89:ca:d0:6b:b5:
                    41:4f:09:14:0e:83:d8:2d:f9:e1:8e:07:d2:f9:0c:6e:
                    e2:be:83:2c:71:1b:d1:74:c7:c0:65:bc:6f:09:d8:6a:
                    95:b1:52:7c:e8:b7:c1:ba:5e:4c:50:0c:6f:53:0f:90:
                    1a:62:00:77:ff:5e:1a:2f:e9:3c:f0:51:b4:43:62:2b:
                    5f:76:53:57:3c:d5:60:cb:ed:7e:40:6e:ec:45:49:87:
                    c6:9a:43:da:e5:3e:44:98:8b:2c:86:1c:b1:01:f5:f5:
                    11:9f:fc:df:a8:45:d8:62:2d:68:50:64:b6:8a:61:cb:
                    fc:e5:c1:da:55:c1:af:d2:6c:0a:d0:0f:13:73:dd:65:
                    b8:fb:4c:4d:92:fb:cd:9b:56:33:4c:c4:37:c7:41:47:
                    1a:ca:46:f9:ef:37:32:2c:3d:e3:22:0e:eb:2d:6f:c2:
                    f8:29:ad:cf:39:31:86:4e:fd:de:79:9b:ac:36:36:2b:
                    a7:b4:27:64:17:80:82:78:3d:45:42:1b:57:91:77:fb:
                    92:1b:28:98:e3:4e:65:1a:78:10:7f:0e:e3:52:6a:4b:
                    dc:88:43:f9:cc:85:e8:1d:66:e2:d8:aa:86:ae:46:08:
                    bd:89:b8:ad:d7:01:00:1d:f9:f8:1e:f1:3a:b7:c6:91
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        84:b0:ac:84:e8:a5:80:e0:00:96:fe:37:84:a3:73:d7:
        10:4f:52:b9:8b:10:0c:2f:c1:6a:6f:9b:9d:f2:6c:f1:
        7d:ab:5a:10:83:57:d4:6c:0b:ef:ee:c6:73:a1:e3:74:
        48:56:3b:2a:0c:11:1b:8f:9e:3c:d1:5d:e5:93:99:c5:
        4d:3d:61:e9:1e:9b:5f:b1:0b:00:e0:1e:81:7a:07:af:
        8e:d9:49:5e:9b:a0:e6:e0:7f:71:c0:cb:df:1f:06:de:
        93:f3:25:22:6e:5c:69:91:44:60:38:12:86:99:b7:57:
        ba:09:12:6a:09:52:2b:2f:2a:62:9d:0a:6e:69:ae:2d:
        75:d9:5d:da:eb:9a:9b:92:bf:00:a5:75:f8:59:f9:49:
        22:92:96:1b:55:c0:16:37:d5:8c:dd:3c:bc:53:7e:b7:
        b7:be:8f:91:7d:22:a9:45:52:e6:8f:c5:5e:e5:2e:56:
        3c:c3:6a:f0:fd:6c:49:f4:83:55:6b:44:2b:21:12:c4:
        73:78:72:ce:d4:ed:48:a5:97:64:36:57:d3:3c:0b:d6:
        9b:b6:85:68:c0:a6:a0:41:c6:cc:be:49:4a:37:9f:5a:
        46:46:83:e9:f1:fa:15:c0:7b:13:11:f6:19:2c:f9:5b:
        f5:3e:db:63:f6:28:09:d1:89:90:97:e2:35:de:b3:1b
    Fingerprint (SHA-256):
        25:63:30:83:30:69:FC:2B:48:BA:B2:B8:42:D5:36:95:24:3C:34:1A:E5:13:A7:4D:9A:76:1B:9D:04:C4:AE:49
    Fingerprint (SHA1):
        3E:0B:EE:E9:4C:AA:75:00:3D:80:9C:80:42:1B:93:3C:D4:31:C9:55
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User3 EE,O=User3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7486: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA - PASSED
chains.sh: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA
vfychain -d AllDB -pp -vv      -o OID.2.0  User3CA3.der  -t RootCA
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. RootCA [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7487: AnyPolicy: Verifying certificate(s)  User3CA3.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #7488: AnyPolicyWithLevel: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182894 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7489: AnyPolicyWithLevel: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #7490: AnyPolicyWithLevel: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7491: AnyPolicyWithLevel: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7492: AnyPolicyWithLevel: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182895   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #7493: AnyPolicyWithLevel: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7494: AnyPolicyWithLevel: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA12DB
certutil -N -d CA12DB -f CA12DB/dbpasswd
chains.sh: #7495: AnyPolicyWithLevel: Creating DB CA12DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA12Req.der
certutil -s "CN=CA12 Intermediate, O=CA12, C=US"  -R -2 -d CA12DB -f CA12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7496: AnyPolicyWithLevel: Creating Intermediate certifiate request CA12Req.der  - PASSED
chains.sh: Creating certficate CA12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA12Req.der -o CA12CA1.der -f CA1DB/dbpasswd -m 628182896   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7497: AnyPolicyWithLevel: Creating certficate CA12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA12CA1.der to CA12DB database
certutil -A -n CA12 -t u,u,u -d CA12DB -f CA12DB/dbpasswd -i CA12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7498: AnyPolicyWithLevel: Importing certificate CA12CA1.der to CA12DB database  - PASSED
chains.sh: Creating DB CA13DB
certutil -N -d CA13DB -f CA13DB/dbpasswd
chains.sh: #7499: AnyPolicyWithLevel: Creating DB CA13DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA13Req.der
certutil -s "CN=CA13 Intermediate, O=CA13, C=US"  -R -2 -d CA13DB -f CA13DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA13Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7500: AnyPolicyWithLevel: Creating Intermediate certifiate request CA13Req.der  - PASSED
chains.sh: Creating certficate CA13CA12.der signed by CA12
certutil -C -c CA12 -v 60 -d CA12DB -i CA13Req.der -o CA13CA12.der -f CA12DB/dbpasswd -m 628182897   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7501: AnyPolicyWithLevel: Creating certficate CA13CA12.der signed by CA12  - PASSED
chains.sh: Importing certificate CA13CA12.der to CA13DB database
certutil -A -n CA13 -t u,u,u -d CA13DB -f CA13DB/dbpasswd -i CA13CA12.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7502: AnyPolicyWithLevel: Importing certificate CA13CA12.der to CA13DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7503: AnyPolicyWithLevel: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7504: AnyPolicyWithLevel: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA13.der signed by CA13
certutil -C -c CA13 -v 60 -d CA13DB -i EE1Req.der -o EE1CA13.der -f CA13DB/dbpasswd -m 628182898   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7505: AnyPolicyWithLevel: Creating certficate EE1CA13.der signed by CA13  - PASSED
chains.sh: Importing certificate EE1CA13.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA13.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7506: AnyPolicyWithLevel: Importing certificate EE1CA13.der to EE1DB database  - PASSED
chains.sh: Creating DB CA22DB
certutil -N -d CA22DB -f CA22DB/dbpasswd
chains.sh: #7507: AnyPolicyWithLevel: Creating DB CA22DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA22Req.der
certutil -s "CN=CA22 Intermediate, O=CA22, C=US"  -R -2 -d CA22DB -f CA22DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA22Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7508: AnyPolicyWithLevel: Creating Intermediate certifiate request CA22Req.der  - PASSED
chains.sh: Creating certficate CA22CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA22Req.der -o CA22CA1.der -f CA1DB/dbpasswd -m 628182899   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7509: AnyPolicyWithLevel: Creating certficate CA22CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA22CA1.der to CA22DB database
certutil -A -n CA22 -t u,u,u -d CA22DB -f CA22DB/dbpasswd -i CA22CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7510: AnyPolicyWithLevel: Importing certificate CA22CA1.der to CA22DB database  - PASSED
chains.sh: Creating DB CA23DB
certutil -N -d CA23DB -f CA23DB/dbpasswd
chains.sh: #7511: AnyPolicyWithLevel: Creating DB CA23DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA23Req.der
certutil -s "CN=CA23 Intermediate, O=CA23, C=US"  -R -2 -d CA23DB -f CA23DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA23Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7512: AnyPolicyWithLevel: Creating Intermediate certifiate request CA23Req.der  - PASSED
chains.sh: Creating certficate CA23CA22.der signed by CA22
certutil -C -c CA22 -v 60 -d CA22DB -i CA23Req.der -o CA23CA22.der -f CA22DB/dbpasswd -m 628182900   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7513: AnyPolicyWithLevel: Creating certficate CA23CA22.der signed by CA22  - PASSED
chains.sh: Importing certificate CA23CA22.der to CA23DB database
certutil -A -n CA23 -t u,u,u -d CA23DB -f CA23DB/dbpasswd -i CA23CA22.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7514: AnyPolicyWithLevel: Importing certificate CA23CA22.der to CA23DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7515: AnyPolicyWithLevel: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7516: AnyPolicyWithLevel: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA23.der signed by CA23
certutil -C -c CA23 -v 60 -d CA23DB -i EE2Req.der -o EE2CA23.der -f CA23DB/dbpasswd -m 628182901   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7517: AnyPolicyWithLevel: Creating certficate EE2CA23.der signed by CA23  - PASSED
chains.sh: Importing certificate EE2CA23.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA23.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7518: AnyPolicyWithLevel: Importing certificate EE2CA23.der to EE2DB database  - PASSED
chains.sh: Creating DB CA32DB
certutil -N -d CA32DB -f CA32DB/dbpasswd
chains.sh: #7519: AnyPolicyWithLevel: Creating DB CA32DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA32Req.der
certutil -s "CN=CA32 Intermediate, O=CA32, C=US"  -R -2 -d CA32DB -f CA32DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA32Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7520: AnyPolicyWithLevel: Creating Intermediate certifiate request CA32Req.der  - PASSED
chains.sh: Creating certficate CA32CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA32Req.der -o CA32CA1.der -f CA1DB/dbpasswd -m 628182902   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
1
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #7521: AnyPolicyWithLevel: Creating certficate CA32CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA32CA1.der to CA32DB database
certutil -A -n CA32 -t u,u,u -d CA32DB -f CA32DB/dbpasswd -i CA32CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7522: AnyPolicyWithLevel: Importing certificate CA32CA1.der to CA32DB database  - PASSED
chains.sh: Creating DB CA33DB
certutil -N -d CA33DB -f CA33DB/dbpasswd
chains.sh: #7523: AnyPolicyWithLevel: Creating DB CA33DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA33Req.der
certutil -s "CN=CA33 Intermediate, O=CA33, C=US"  -R -2 -d CA33DB -f CA33DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA33Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7524: AnyPolicyWithLevel: Creating Intermediate certifiate request CA33Req.der  - PASSED
chains.sh: Creating certficate CA33CA32.der signed by CA32
certutil -C -c CA32 -v 60 -d CA32DB -i CA33Req.der -o CA33CA32.der -f CA32DB/dbpasswd -m 628182903   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7525: AnyPolicyWithLevel: Creating certficate CA33CA32.der signed by CA32  - PASSED
chains.sh: Importing certificate CA33CA32.der to CA33DB database
certutil -A -n CA33 -t u,u,u -d CA33DB -f CA33DB/dbpasswd -i CA33CA32.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7526: AnyPolicyWithLevel: Importing certificate CA33CA32.der to CA33DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #7527: AnyPolicyWithLevel: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US"  -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7528: AnyPolicyWithLevel: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA33.der signed by CA33
certutil -C -c CA33 -v 60 -d CA33DB -i EE3Req.der -o EE3CA33.der -f CA33DB/dbpasswd -m 628182904   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7529: AnyPolicyWithLevel: Creating certficate EE3CA33.der signed by CA33  - PASSED
chains.sh: Importing certificate EE3CA33.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA33.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7530: AnyPolicyWithLevel: Importing certificate EE3CA33.der to EE3DB database  - PASSED
chains.sh: Creating DB CA42DB
certutil -N -d CA42DB -f CA42DB/dbpasswd
chains.sh: #7531: AnyPolicyWithLevel: Creating DB CA42DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA42Req.der
certutil -s "CN=CA42 Intermediate, O=CA42, C=US"  -R -2 -d CA42DB -f CA42DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA42Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7532: AnyPolicyWithLevel: Creating Intermediate certifiate request CA42Req.der  - PASSED
chains.sh: Creating certficate CA42CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA42Req.der -o CA42CA1.der -f CA1DB/dbpasswd -m 628182905   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7533: AnyPolicyWithLevel: Creating certficate CA42CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA42CA1.der to CA42DB database
certutil -A -n CA42 -t u,u,u -d CA42DB -f CA42DB/dbpasswd -i CA42CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7534: AnyPolicyWithLevel: Importing certificate CA42CA1.der to CA42DB database  - PASSED
chains.sh: Creating DB CA43DB
certutil -N -d CA43DB -f CA43DB/dbpasswd
chains.sh: #7535: AnyPolicyWithLevel: Creating DB CA43DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA43Req.der
certutil -s "CN=CA43 Intermediate, O=CA43, C=US"  -R -2 -d CA43DB -f CA43DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA43Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7536: AnyPolicyWithLevel: Creating Intermediate certifiate request CA43Req.der  - PASSED
chains.sh: Creating certficate CA43CA42.der signed by CA42
certutil -C -c CA42 -v 60 -d CA42DB -i CA43Req.der -o CA43CA42.der -f CA42DB/dbpasswd -m 628182906   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7537: AnyPolicyWithLevel: Creating certficate CA43CA42.der signed by CA42  - PASSED
chains.sh: Importing certificate CA43CA42.der to CA43DB database
certutil -A -n CA43 -t u,u,u -d CA43DB -f CA43DB/dbpasswd -i CA43CA42.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7538: AnyPolicyWithLevel: Importing certificate CA43CA42.der to CA43DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #7539: AnyPolicyWithLevel: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US"  -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7540: AnyPolicyWithLevel: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA43.der signed by CA43
certutil -C -c CA43 -v 60 -d CA43DB -i EE4Req.der -o EE4CA43.der -f CA43DB/dbpasswd -m 628182907   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7541: AnyPolicyWithLevel: Creating certficate EE4CA43.der signed by CA43  - PASSED
chains.sh: Importing certificate EE4CA43.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA43.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7542: AnyPolicyWithLevel: Importing certificate EE4CA43.der to EE4DB database  - PASSED
chains.sh: Creating DB CA52DB
certutil -N -d CA52DB -f CA52DB/dbpasswd
chains.sh: #7543: AnyPolicyWithLevel: Creating DB CA52DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA52Req.der
certutil -s "CN=CA52 Intermediate, O=CA52, C=US"  -R -2 -d CA52DB -f CA52DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA52Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7544: AnyPolicyWithLevel: Creating Intermediate certifiate request CA52Req.der  - PASSED
chains.sh: Creating certficate CA52CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA52Req.der -o CA52CA1.der -f CA1DB/dbpasswd -m 628182908   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
y
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7545: AnyPolicyWithLevel: Creating certficate CA52CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA52CA1.der to CA52DB database
certutil -A -n CA52 -t u,u,u -d CA52DB -f CA52DB/dbpasswd -i CA52CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7546: AnyPolicyWithLevel: Importing certificate CA52CA1.der to CA52DB database  - PASSED
chains.sh: Creating DB CA53DB
certutil -N -d CA53DB -f CA53DB/dbpasswd
chains.sh: #7547: AnyPolicyWithLevel: Creating DB CA53DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA53Req.der
certutil -s "CN=CA53 Intermediate, O=CA53, C=US"  -R -2 -d CA53DB -f CA53DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA53Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7548: AnyPolicyWithLevel: Creating Intermediate certifiate request CA53Req.der  - PASSED
chains.sh: Creating certficate CA53CA52.der signed by CA52
certutil -C -c CA52 -v 60 -d CA52DB -i CA53Req.der -o CA53CA52.der -f CA52DB/dbpasswd -m 628182909   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7549: AnyPolicyWithLevel: Creating certficate CA53CA52.der signed by CA52  - PASSED
chains.sh: Importing certificate CA53CA52.der to CA53DB database
certutil -A -n CA53 -t u,u,u -d CA53DB -f CA53DB/dbpasswd -i CA53CA52.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7550: AnyPolicyWithLevel: Importing certificate CA53CA52.der to CA53DB database  - PASSED
chains.sh: Creating DB EE5DB
certutil -N -d EE5DB -f EE5DB/dbpasswd
chains.sh: #7551: AnyPolicyWithLevel: Creating DB EE5DB  - PASSED
chains.sh: Creating EE certifiate request EE5Req.der
certutil -s "CN=EE5 EE, O=EE5, C=US"  -R  -d EE5DB -f EE5DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE5Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7552: AnyPolicyWithLevel: Creating EE certifiate request EE5Req.der  - PASSED
chains.sh: Creating certficate EE5CA53.der signed by CA53
certutil -C -c CA53 -v 60 -d CA53DB -i EE5Req.der -o EE5CA53.der -f CA53DB/dbpasswd -m 628182910   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7553: AnyPolicyWithLevel: Creating certficate EE5CA53.der signed by CA53  - PASSED
chains.sh: Importing certificate EE5CA53.der to EE5DB database
certutil -A -n EE5 -t u,u,u -d EE5DB -f EE5DB/dbpasswd -i EE5CA53.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7554: AnyPolicyWithLevel: Importing certificate EE5CA53.der to EE5DB database  - PASSED
chains.sh: Creating DB CA61DB
certutil -N -d CA61DB -f CA61DB/dbpasswd
chains.sh: #7555: AnyPolicyWithLevel: Creating DB CA61DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA61Req.der
certutil -s "CN=CA61 Intermediate, O=CA61, C=US"  -R -2 -d CA61DB -f CA61DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA61Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7556: AnyPolicyWithLevel: Creating Intermediate certifiate request CA61Req.der  - PASSED
chains.sh: Creating certficate CA61RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA61Req.der -o CA61RootCA.der -f RootCADB/dbpasswd -m 628182911   --extCP --extIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
5
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter the number of certs in the path permitted to use anyPolicy.
(press Enter for 0) > Is this a critical extension [y/N]?
chains.sh: #7557: AnyPolicyWithLevel: Creating certficate CA61RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA61RootCA.der to CA61DB database
certutil -A -n CA61 -t u,u,u -d CA61DB -f CA61DB/dbpasswd -i CA61RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7558: AnyPolicyWithLevel: Importing certificate CA61RootCA.der to CA61DB database  - PASSED
chains.sh: Creating DB CA62DB
certutil -N -d CA62DB -f CA62DB/dbpasswd
chains.sh: #7559: AnyPolicyWithLevel: Creating DB CA62DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA62Req.der
certutil -s "CN=CA62 Intermediate, O=CA62, C=US"  -R -2 -d CA62DB -f CA62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7560: AnyPolicyWithLevel: Creating Intermediate certifiate request CA62Req.der  - PASSED
chains.sh: Creating certficate CA62CA61.der signed by CA61
certutil -C -c CA61 -v 60 -d CA61DB -i CA62Req.der -o CA62CA61.der -f CA61DB/dbpasswd -m 628182912   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7561: AnyPolicyWithLevel: Creating certficate CA62CA61.der signed by CA61  - PASSED
chains.sh: Importing certificate CA62CA61.der to CA62DB database
certutil -A -n CA62 -t u,u,u -d CA62DB -f CA62DB/dbpasswd -i CA62CA61.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7562: AnyPolicyWithLevel: Importing certificate CA62CA61.der to CA62DB database  - PASSED
chains.sh: Creating DB EE62DB
certutil -N -d EE62DB -f EE62DB/dbpasswd
chains.sh: #7563: AnyPolicyWithLevel: Creating DB EE62DB  - PASSED
chains.sh: Creating EE certifiate request EE62Req.der
certutil -s "CN=EE62 EE, O=EE62, C=US"  -R  -d EE62DB -f EE62DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE62Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7564: AnyPolicyWithLevel: Creating EE certifiate request EE62Req.der  - PASSED
chains.sh: Creating certficate EE62CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i EE62Req.der -o EE62CA62.der -f CA62DB/dbpasswd -m 628182913   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7565: AnyPolicyWithLevel: Creating certficate EE62CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate EE62CA62.der to EE62DB database
certutil -A -n EE62 -t u,u,u -d EE62DB -f EE62DB/dbpasswd -i EE62CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7566: AnyPolicyWithLevel: Importing certificate EE62CA62.der to EE62DB database  - PASSED
chains.sh: Creating DB CA63DB
certutil -N -d CA63DB -f CA63DB/dbpasswd
chains.sh: #7567: AnyPolicyWithLevel: Creating DB CA63DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA63Req.der
certutil -s "CN=CA63 Intermediate, O=CA63, C=US"  -R -2 -d CA63DB -f CA63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7568: AnyPolicyWithLevel: Creating Intermediate certifiate request CA63Req.der  - PASSED
chains.sh: Creating certficate CA63CA62.der signed by CA62
certutil -C -c CA62 -v 60 -d CA62DB -i CA63Req.der -o CA63CA62.der -f CA62DB/dbpasswd -m 628182914   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7569: AnyPolicyWithLevel: Creating certficate CA63CA62.der signed by CA62  - PASSED
chains.sh: Importing certificate CA63CA62.der to CA63DB database
certutil -A -n CA63 -t u,u,u -d CA63DB -f CA63DB/dbpasswd -i CA63CA62.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7570: AnyPolicyWithLevel: Importing certificate CA63CA62.der to CA63DB database  - PASSED
chains.sh: Creating DB EE63DB
certutil -N -d EE63DB -f EE63DB/dbpasswd
chains.sh: #7571: AnyPolicyWithLevel: Creating DB EE63DB  - PASSED
chains.sh: Creating EE certifiate request EE63Req.der
certutil -s "CN=EE63 EE, O=EE63, C=US"  -R  -d EE63DB -f EE63DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE63Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7572: AnyPolicyWithLevel: Creating EE certifiate request EE63Req.der  - PASSED
chains.sh: Creating certficate EE63CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i EE63Req.der -o EE63CA63.der -f CA63DB/dbpasswd -m 628182915   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7573: AnyPolicyWithLevel: Creating certficate EE63CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate EE63CA63.der to EE63DB database
certutil -A -n EE63 -t u,u,u -d EE63DB -f EE63DB/dbpasswd -i EE63CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7574: AnyPolicyWithLevel: Importing certificate EE63CA63.der to EE63DB database  - PASSED
chains.sh: Creating DB CA64DB
certutil -N -d CA64DB -f CA64DB/dbpasswd
chains.sh: #7575: AnyPolicyWithLevel: Creating DB CA64DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA64Req.der
certutil -s "CN=CA64 Intermediate, O=CA64, C=US"  -R -2 -d CA64DB -f CA64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7576: AnyPolicyWithLevel: Creating Intermediate certifiate request CA64Req.der  - PASSED
chains.sh: Creating certficate CA64CA63.der signed by CA63
certutil -C -c CA63 -v 60 -d CA63DB -i CA64Req.der -o CA64CA63.der -f CA63DB/dbpasswd -m 628182916   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7577: AnyPolicyWithLevel: Creating certficate CA64CA63.der signed by CA63  - PASSED
chains.sh: Importing certificate CA64CA63.der to CA64DB database
certutil -A -n CA64 -t u,u,u -d CA64DB -f CA64DB/dbpasswd -i CA64CA63.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7578: AnyPolicyWithLevel: Importing certificate CA64CA63.der to CA64DB database  - PASSED
chains.sh: Creating DB EE64DB
certutil -N -d EE64DB -f EE64DB/dbpasswd
chains.sh: #7579: AnyPolicyWithLevel: Creating DB EE64DB  - PASSED
chains.sh: Creating EE certifiate request EE64Req.der
certutil -s "CN=EE64 EE, O=EE64, C=US"  -R  -d EE64DB -f EE64DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE64Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7580: AnyPolicyWithLevel: Creating EE certifiate request EE64Req.der  - PASSED
chains.sh: Creating certficate EE64CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i EE64Req.der -o EE64CA64.der -f CA64DB/dbpasswd -m 628182917   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7581: AnyPolicyWithLevel: Creating certficate EE64CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate EE64CA64.der to EE64DB database
certutil -A -n EE64 -t u,u,u -d EE64DB -f EE64DB/dbpasswd -i EE64CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7582: AnyPolicyWithLevel: Importing certificate EE64CA64.der to EE64DB database  - PASSED
chains.sh: Creating DB CA65DB
certutil -N -d CA65DB -f CA65DB/dbpasswd
chains.sh: #7583: AnyPolicyWithLevel: Creating DB CA65DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA65Req.der
certutil -s "CN=CA65 Intermediate, O=CA65, C=US"  -R -2 -d CA65DB -f CA65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7584: AnyPolicyWithLevel: Creating Intermediate certifiate request CA65Req.der  - PASSED
chains.sh: Creating certficate CA65CA64.der signed by CA64
certutil -C -c CA64 -v 60 -d CA64DB -i CA65Req.der -o CA65CA64.der -f CA64DB/dbpasswd -m 628182918   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7585: AnyPolicyWithLevel: Creating certficate CA65CA64.der signed by CA64  - PASSED
chains.sh: Importing certificate CA65CA64.der to CA65DB database
certutil -A -n CA65 -t u,u,u -d CA65DB -f CA65DB/dbpasswd -i CA65CA64.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7586: AnyPolicyWithLevel: Importing certificate CA65CA64.der to CA65DB database  - PASSED
chains.sh: Creating DB EE65DB
certutil -N -d EE65DB -f EE65DB/dbpasswd
chains.sh: #7587: AnyPolicyWithLevel: Creating DB EE65DB  - PASSED
chains.sh: Creating EE certifiate request EE65Req.der
certutil -s "CN=EE65 EE, O=EE65, C=US"  -R  -d EE65DB -f EE65DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE65Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7588: AnyPolicyWithLevel: Creating EE certifiate request EE65Req.der  - PASSED
chains.sh: Creating certficate EE65CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i EE65Req.der -o EE65CA65.der -f CA65DB/dbpasswd -m 628182919   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7589: AnyPolicyWithLevel: Creating certficate EE65CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate EE65CA65.der to EE65DB database
certutil -A -n EE65 -t u,u,u -d EE65DB -f EE65DB/dbpasswd -i EE65CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7590: AnyPolicyWithLevel: Importing certificate EE65CA65.der to EE65DB database  - PASSED
chains.sh: Creating DB CA66DB
certutil -N -d CA66DB -f CA66DB/dbpasswd
chains.sh: #7591: AnyPolicyWithLevel: Creating DB CA66DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA66Req.der
certutil -s "CN=CA66 Intermediate, O=CA66, C=US"  -R -2 -d CA66DB -f CA66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7592: AnyPolicyWithLevel: Creating Intermediate certifiate request CA66Req.der  - PASSED
chains.sh: Creating certficate CA66CA65.der signed by CA65
certutil -C -c CA65 -v 60 -d CA65DB -i CA66Req.der -o CA66CA65.der -f CA65DB/dbpasswd -m 628182920   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7593: AnyPolicyWithLevel: Creating certficate CA66CA65.der signed by CA65  - PASSED
chains.sh: Importing certificate CA66CA65.der to CA66DB database
certutil -A -n CA66 -t u,u,u -d CA66DB -f CA66DB/dbpasswd -i CA66CA65.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7594: AnyPolicyWithLevel: Importing certificate CA66CA65.der to CA66DB database  - PASSED
chains.sh: Creating DB EE66DB
certutil -N -d EE66DB -f EE66DB/dbpasswd
chains.sh: #7595: AnyPolicyWithLevel: Creating DB EE66DB  - PASSED
chains.sh: Creating EE certifiate request EE66Req.der
certutil -s "CN=EE66 EE, O=EE66, C=US"  -R  -d EE66DB -f EE66DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE66Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7596: AnyPolicyWithLevel: Creating EE certifiate request EE66Req.der  - PASSED
chains.sh: Creating certficate EE66CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i EE66Req.der -o EE66CA66.der -f CA66DB/dbpasswd -m 628182921   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7597: AnyPolicyWithLevel: Creating certficate EE66CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate EE66CA66.der to EE66DB database
certutil -A -n EE66 -t u,u,u -d EE66DB -f EE66DB/dbpasswd -i EE66CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7598: AnyPolicyWithLevel: Importing certificate EE66CA66.der to EE66DB database  - PASSED
chains.sh: Creating DB CA67DB
certutil -N -d CA67DB -f CA67DB/dbpasswd
chains.sh: #7599: AnyPolicyWithLevel: Creating DB CA67DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA67Req.der
certutil -s "CN=CA67 Intermediate, O=CA67, C=US"  -R -2 -d CA67DB -f CA67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7600: AnyPolicyWithLevel: Creating Intermediate certifiate request CA67Req.der  - PASSED
chains.sh: Creating certficate CA67CA66.der signed by CA66
certutil -C -c CA66 -v 60 -d CA66DB -i CA67Req.der -o CA67CA66.der -f CA66DB/dbpasswd -m 628182922   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
any
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: Certificate Policies AnyPolicy
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7601: AnyPolicyWithLevel: Creating certficate CA67CA66.der signed by CA66  - PASSED
chains.sh: Importing certificate CA67CA66.der to CA67DB database
certutil -A -n CA67 -t u,u,u -d CA67DB -f CA67DB/dbpasswd -i CA67CA66.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7602: AnyPolicyWithLevel: Importing certificate CA67CA66.der to CA67DB database  - PASSED
chains.sh: Creating DB EE67DB
certutil -N -d EE67DB -f EE67DB/dbpasswd
chains.sh: #7603: AnyPolicyWithLevel: Creating DB EE67DB  - PASSED
chains.sh: Creating EE certifiate request EE67Req.der
certutil -s "CN=EE67 EE, O=EE67, C=US"  -R  -d EE67DB -f EE67DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE67Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7604: AnyPolicyWithLevel: Creating EE certifiate request EE67Req.der  - PASSED
chains.sh: Creating certficate EE67CA67.der signed by CA67
certutil -C -c CA67 -v 60 -d CA67DB -i EE67Req.der -o EE67CA67.der -f CA67DB/dbpasswd -m 628182923   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7605: AnyPolicyWithLevel: Creating certficate EE67CA67.der signed by CA67  - PASSED
chains.sh: Importing certificate EE67CA67.der to EE67DB database
certutil -A -n EE67 -t u,u,u -d EE67DB -f EE67DB/dbpasswd -i EE67CA67.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7606: AnyPolicyWithLevel: Importing certificate EE67CA67.der to EE67DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7607: AnyPolicyWithLevel: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7608: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7609: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA13 Intermediate,O=CA13,C=US"
Certificate 3 Subject: "CN=CA12 Intermediate,O=CA12,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7610: AnyPolicyWithLevel: Verifying certificate(s)  EE1CA13.der RootCA.der CA1RootCA.der CA12CA1.der CA13CA12.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7611: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7612: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7613: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA23 Intermediate,O=CA23,C=US"
Certificate 3 Subject: "CN=CA22 Intermediate,O=CA22,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7614: AnyPolicyWithLevel: Verifying certificate(s)  EE2CA23.der RootCA.der CA1RootCA.der CA22CA1.der CA23CA22.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7615: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7616: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7617: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA33 Intermediate,O=CA33,C=US"
Certificate 3 Subject: "CN=CA32 Intermediate,O=CA32,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7618: AnyPolicyWithLevel: Verifying certificate(s)  EE3CA33.der RootCA.der CA1RootCA.der CA32CA1.der CA33CA32.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7619: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7620: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA43 Intermediate,O=CA43,C=US"
Certificate 3 Subject: "CN=CA42 Intermediate,O=CA42,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7621: AnyPolicyWithLevel: Verifying certificate(s)  EE4CA43.der RootCA.der CA1RootCA.der CA42CA1.der CA43CA42.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7622: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7623: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.2.5.29.32.0  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7624: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp      -o OID.2.5.29.32.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der
vfychain -d AllDB -pp -vv       EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE5 EE,O=EE5,C=US"
Certificate 2 Subject: "CN=CA53 Intermediate,O=CA53,C=US"
Certificate 3 Subject: "CN=CA52 Intermediate,O=CA52,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7625: AnyPolicyWithLevel: Verifying certificate(s)  EE5CA53.der RootCA.der CA1RootCA.der CA52CA1.der CA53CA52.der with flags -d AllDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE62 EE,O=EE62,C=US"
Certificate 2 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 3 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #7626: AnyPolicyWithLevel: Verifying certificate(s)  EE62CA62.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE63 EE,O=EE63,C=US"
Certificate 2 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 3 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 4 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #7627: AnyPolicyWithLevel: Verifying certificate(s)  EE63CA63.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE64 EE,O=EE64,C=US"
Certificate 2 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 3 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 4 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 5 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #7628: AnyPolicyWithLevel: Verifying certificate(s)  EE64CA64.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE65 EE,O=EE65,C=US"
Certificate 2 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 3 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 4 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 5 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 6 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #7629: AnyPolicyWithLevel: Verifying certificate(s)  EE65CA65.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182894 (0x25714f6e)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 18:53:37 2016
            Not After : Mon Jun 28 18:53:37 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9d:70:eb:ce:e8:eb:fa:47:92:3d:78:5e:33:54:c8:84:
                    7c:f6:21:e8:7a:94:4c:ff:ba:83:ad:3b:25:da:af:df:
                    70:41:be:af:98:0c:d6:5b:48:a3:eb:41:0e:74:71:55:
                    81:61:71:b7:7e:cb:56:c9:15:18:33:a0:20:ac:3d:6f:
                    b0:1d:7d:1c:13:4c:28:89:9f:93:43:b3:ca:52:77:a4:
                    96:34:f4:24:8c:05:b9:35:52:a1:22:b4:be:1b:c2:a7:
                    6b:84:25:16:6f:37:c9:56:f4:46:91:c5:9b:85:dc:fb:
                    73:49:e6:b8:cd:43:ea:a7:a4:f9:9c:5b:03:44:10:b0:
                    ad:ea:ea:f2:7b:5f:f8:c8:a5:24:6d:ac:5e:00:ed:bf:
                    c5:b7:60:6c:d2:eb:0a:17:ca:cf:50:ae:bd:fe:66:0a:
                    23:99:e1:af:c0:fc:ad:68:f6:9a:74:3f:4a:6a:af:6d:
                    f3:0a:ea:e3:62:79:08:21:f0:7f:e7:2b:2e:f9:7d:4b:
                    92:e9:49:68:a9:bd:b8:16:fa:9b:c6:9d:d6:08:32:46:
                    53:95:b2:0b:c5:ec:67:0b:55:d6:10:0f:24:36:61:42:
                    a4:40:bc:f6:7a:78:6c:c6:42:c2:6b:50:13:71:4d:29:
                    ee:9a:e8:6e:60:a0:e1:0a:a5:a2:57:38:b9:71:5b:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        09:bd:35:35:97:23:9d:1a:8b:1e:a8:ad:58:dd:13:12:
        a4:63:e6:45:68:1e:30:c8:12:a7:4f:ae:2f:e4:75:24:
        aa:b7:64:b4:be:a0:74:f7:79:76:2d:bc:17:c3:3d:b7:
        14:2a:69:6b:68:9a:bf:43:33:8a:c4:61:7c:dd:f5:66:
        10:18:3e:9e:24:ed:6e:fb:2b:9f:70:b5:f9:11:98:7c:
        cf:c1:1b:0f:2e:ba:8e:ef:5f:a8:70:93:25:e7:2d:37:
        8c:93:de:ad:ba:6c:d6:2c:99:2e:89:bf:fd:3e:a2:2c:
        8a:42:69:59:a5:bd:72:92:ea:db:bd:18:8b:01:d6:39:
        e2:89:60:24:e5:d1:45:7f:78:ca:aa:b7:e3:5a:5b:18:
        c8:0f:ea:07:87:6c:af:48:4c:be:eb:0d:a7:d1:f0:cc:
        24:42:a9:29:22:20:10:30:82:47:57:c5:a9:54:7a:96:
        07:b8:2b:6c:65:69:37:90:a3:d9:64:19:da:95:56:b0:
        bf:87:43:dc:59:4e:30:5d:97:ca:28:e0:9a:5e:7b:d7:
        13:d6:eb:42:76:d1:15:05:31:62:7f:f6:25:6f:da:44:
        29:13:51:f5:4c:97:54:f5:bd:32:76:44:37:c7:09:8b:
        c7:13:87:64:a0:da:68:84:a4:53:38:9f:83:87:6b:1d
    Fingerprint (SHA-256):
        D8:FC:FC:19:43:86:F0:F8:71:2E:F2:8A:AB:0B:F5:A6:EF:2F:65:07:B4:C4:D6:0C:A1:28:CB:84:DF:ED:54:7F
    Fingerprint (SHA1):
        5E:3E:C5:18:FE:B0:9E:C0:01:E9:E2:D1:49:FE:74:BC:91:68:2F:B2
Certificate 1 Subject: "CN=EE66 EE,O=EE66,C=US"
Certificate 2 Subject: "CN=CA66 Intermediate,O=CA66,C=US"
Certificate 3 Subject: "CN=CA65 Intermediate,O=CA65,C=US"
Certificate 4 Subject: "CN=CA64 Intermediate,O=CA64,C=US"
Certificate 5 Subject: "CN=CA63 Intermediate,O=CA63,C=US"
Certificate 6 Subject: "CN=CA62 Intermediate,O=CA62,C=US"
Certificate 7 Subject: "CN=CA61 Intermediate,O=CA61,C=US"
Returned value is 0, expected result is pass
chains.sh: #7630: AnyPolicyWithLevel: Verifying certificate(s)  EE66CA66.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der
vfychain -d AllDB -pp -vv      -o OID.1.0  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der  -t RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 8. CN=RootCA ROOT CA,O=RootCA,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7631: AnyPolicyWithLevel: Verifying certificate(s)  EE67CA67.der RootCA.der CA61RootCA.der CA62CA61.der CA63CA62.der CA64CA63.der CA65CA64.der CA66CA65.der CA67CA66.der with flags -d AllDB -pp      -o OID.1.0  -t RootCA.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7632: explicitPolicy: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182924 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7633: explicitPolicy: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7634: explicitPolicy: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB nonEVCADB
certutil -N -d nonEVCADB -f nonEVCADB/dbpasswd
chains.sh: #7635: explicitPolicy: Creating DB nonEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request nonEVCAReq.der
certutil -s "CN=nonEVCA Intermediate, O=nonEVCA, C=US"  -R -2 -d nonEVCADB -f nonEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o nonEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7636: explicitPolicy: Creating Intermediate certifiate request nonEVCAReq.der  - PASSED
chains.sh: Creating certficate nonEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i nonEVCAReq.der -o nonEVCARoot.der -f RootDB/dbpasswd -m 628182925   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7637: explicitPolicy: Creating certficate nonEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate nonEVCARoot.der to nonEVCADB database
certutil -A -n nonEVCA -t u,u,u -d nonEVCADB -f nonEVCADB/dbpasswd -i nonEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7638: explicitPolicy: Importing certificate nonEVCARoot.der to nonEVCADB database  - PASSED
chains.sh: Creating DB EVCADB
certutil -N -d EVCADB -f EVCADB/dbpasswd
chains.sh: #7639: explicitPolicy: Creating DB EVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request EVCAReq.der
certutil -s "CN=EVCA Intermediate, O=EVCA, C=US"  -R -2 -d EVCADB -f EVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7640: explicitPolicy: Creating Intermediate certifiate request EVCAReq.der  - PASSED
chains.sh: Creating certficate EVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i EVCAReq.der -o EVCARoot.der -f RootDB/dbpasswd -m 628182926   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7641: explicitPolicy: Creating certficate EVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate EVCARoot.der to EVCADB database
certutil -A -n EVCA -t u,u,u -d EVCADB -f EVCADB/dbpasswd -i EVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7642: explicitPolicy: Importing certificate EVCARoot.der to EVCADB database  - PASSED
chains.sh: Creating DB otherEVCADB
certutil -N -d otherEVCADB -f otherEVCADB/dbpasswd
chains.sh: #7643: explicitPolicy: Creating DB otherEVCADB  - PASSED
chains.sh: Creating Intermediate certifiate request otherEVCAReq.der
certutil -s "CN=otherEVCA Intermediate, O=otherEVCA, C=US"  -R -2 -d otherEVCADB -f otherEVCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o otherEVCAReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7644: explicitPolicy: Creating Intermediate certifiate request otherEVCAReq.der  - PASSED
chains.sh: Creating certficate otherEVCARoot.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i otherEVCAReq.der -o otherEVCARoot.der -f RootDB/dbpasswd -m 628182927   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7645: explicitPolicy: Creating certficate otherEVCARoot.der signed by Root  - PASSED
chains.sh: Importing certificate otherEVCARoot.der to otherEVCADB database
certutil -A -n otherEVCA -t u,u,u -d otherEVCADB -f otherEVCADB/dbpasswd -i otherEVCARoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7646: explicitPolicy: Importing certificate otherEVCARoot.der to otherEVCADB database  - PASSED
chains.sh: Creating DB validEVDB
certutil -N -d validEVDB -f validEVDB/dbpasswd
chains.sh: #7647: explicitPolicy: Creating DB validEVDB  - PASSED
chains.sh: Creating EE certifiate request validEVReq.der
certutil -s "CN=validEV EE, O=validEV, C=US"  -R  -d validEVDB -f validEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o validEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7648: explicitPolicy: Creating EE certifiate request validEVReq.der  - PASSED
chains.sh: Creating certficate validEVEVCA.der signed by EVCA
certutil -C -c EVCA -v 60 -d EVCADB -i validEVReq.der -o validEVEVCA.der -f EVCADB/dbpasswd -m 628182928   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7649: explicitPolicy: Creating certficate validEVEVCA.der signed by EVCA  - PASSED
chains.sh: Importing certificate validEVEVCA.der to validEVDB database
certutil -A -n validEV -t u,u,u -d validEVDB -f validEVDB/dbpasswd -i validEVEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7650: explicitPolicy: Importing certificate validEVEVCA.der to validEVDB database  - PASSED
chains.sh: Creating DB invalidEVDB
certutil -N -d invalidEVDB -f invalidEVDB/dbpasswd
chains.sh: #7651: explicitPolicy: Creating DB invalidEVDB  - PASSED
chains.sh: Creating EE certifiate request invalidEVReq.der
certutil -s "CN=invalidEV EE, O=invalidEV, C=US"  -R  -d invalidEVDB -f invalidEVDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o invalidEVReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7652: explicitPolicy: Creating EE certifiate request invalidEVReq.der  - PASSED
chains.sh: Creating certficate invalidEVnonEVCA.der signed by nonEVCA
certutil -C -c nonEVCA -v 60 -d nonEVCADB -i invalidEVReq.der -o invalidEVnonEVCA.der -f nonEVCADB/dbpasswd -m 628182929   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7653: explicitPolicy: Creating certficate invalidEVnonEVCA.der signed by nonEVCA  - PASSED
chains.sh: Importing certificate invalidEVnonEVCA.der to invalidEVDB database
certutil -A -n invalidEV -t u,u,u -d invalidEVDB -f invalidEVDB/dbpasswd -i invalidEVnonEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7654: explicitPolicy: Importing certificate invalidEVnonEVCA.der to invalidEVDB database  - PASSED
chains.sh: Creating DB wrongEVOIDDB
certutil -N -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd
chains.sh: #7655: explicitPolicy: Creating DB wrongEVOIDDB  - PASSED
chains.sh: Creating EE certifiate request wrongEVOIDReq.der
certutil -s "CN=wrongEVOID EE, O=wrongEVOID, C=US"  -R  -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o wrongEVOIDReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7656: explicitPolicy: Creating EE certifiate request wrongEVOIDReq.der  - PASSED
chains.sh: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA
certutil -C -c otherEVCA -v 60 -d otherEVCADB -i wrongEVOIDReq.der -o wrongEVOIDotherEVCA.der -f otherEVCADB/dbpasswd -m 628182930   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7657: explicitPolicy: Creating certficate wrongEVOIDotherEVCA.der signed by otherEVCA  - PASSED
chains.sh: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database
certutil -A -n wrongEVOID -t u,u,u -d wrongEVOIDDB -f wrongEVOIDDB/dbpasswd -i wrongEVOIDotherEVCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7658: explicitPolicy: Importing certificate wrongEVOIDotherEVCA.der to wrongEVOIDDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7659: explicitPolicy: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182924 (0x25714f8c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:57:18 2016
            Not After : Mon Jun 28 18:57:18 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:0a:14:27:d5:ce:68:8c:0c:f8:9f:ee:39:98:c9:a7:
                    1f:81:31:74:9a:4d:b4:25:f2:99:8e:9a:42:53:44:6e:
                    0f:23:27:d8:37:93:69:4b:6e:ed:6e:19:2a:5a:be:b8:
                    4c:20:53:60:2a:f0:c6:25:a4:df:cc:3b:86:43:8e:84:
                    01:d0:6f:52:c1:68:27:c4:e4:fd:eb:82:31:bd:c8:6e:
                    84:7e:a0:5d:dd:d6:57:69:28:62:65:5e:c2:70:d4:b8:
                    65:2f:dc:e5:ee:b3:64:ee:0a:ef:29:34:e7:09:46:cf:
                    1d:6d:94:7d:b3:ed:71:67:9d:d0:ec:ea:11:e0:2c:81:
                    01:28:d7:85:57:30:eb:57:c6:28:5d:c9:a1:a8:07:cc:
                    e2:44:89:a0:f6:7a:71:82:79:9c:54:c2:e1:89:7a:1f:
                    d7:f3:56:67:b1:02:82:a4:72:97:09:fa:da:f3:eb:ee:
                    c0:be:d4:3b:19:44:25:1e:10:7b:d7:f8:8c:c2:7d:e1:
                    10:af:2a:2d:cf:e2:08:d2:6d:dd:e2:fc:50:c9:48:48:
                    1e:55:0f:94:8b:10:f5:c6:36:ad:39:2b:ec:3b:1c:15:
                    1f:68:0c:89:54:ff:31:af:b9:88:d2:20:d0:52:0e:87:
                    51:75:63:48:23:5e:cb:5c:98:79:21:a9:e4:2e:e7:73
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0b:57:e8:83:b7:df:ad:41:52:37:b7:12:9b:7f:a8:f9:
        7b:b5:cf:77:4b:44:19:7c:0d:03:61:54:fe:45:78:00:
        83:65:8c:f0:cb:58:b2:8e:9f:b4:40:ff:26:17:05:8b:
        2f:4c:8a:42:85:cc:90:4f:65:5d:2a:17:0f:3f:4f:8d:
        69:5f:41:a7:8b:91:1e:7b:b6:80:44:33:13:aa:0a:7a:
        a4:bc:27:b8:93:b1:45:09:89:95:fc:4d:38:7e:78:19:
        38:e0:da:7f:f5:c5:02:c8:2f:c2:6f:1f:fb:0d:98:7b:
        f5:4d:07:ef:3d:15:8e:36:15:a3:d7:8a:15:1e:b6:a6:
        ba:0a:2e:2a:ac:4e:00:87:ec:49:9a:ef:9c:7d:ab:94:
        94:70:40:6d:4e:c8:9b:47:36:e0:a5:d0:69:5a:a0:f6:
        e3:16:75:9e:6e:35:bb:51:fd:d0:77:b7:32:8d:12:5b:
        2c:23:71:68:b4:7e:f6:84:2c:2c:45:44:12:d4:2e:72:
        6e:76:f5:7d:b3:7d:cd:15:bd:69:c0:4b:7f:27:36:fb:
        8d:4d:6f:d9:2c:12:79:0e:f1:38:f8:48:06:20:c3:fd:
        2b:1b:a9:ff:f6:d3:7f:50:b5:30:5a:44:99:c0:05:ab:
        df:81:07:e3:fd:ee:33:bd:e5:8a:f2:36:9c:67:0a:59
    Fingerprint (SHA-256):
        9A:F3:01:0B:09:FF:F2:53:FF:37:AD:92:97:9B:33:7B:61:B0:20:16:5D:43:C3:90:B7:F7:61:AF:D7:EB:28:03
    Fingerprint (SHA1):
        AC:27:B2:BC:5E:24:5C:2F:83:DE:F8:67:4D:9D:E5:69:5E:1B:19:55
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #7660: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7661: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=Root ROOT CA,O=Root,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7662: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der Root.der with flags -d AllDB -pp      -o OID.1.0  -t Root.der - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "C,C,C" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #7663: explicitPolicy: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  validEVEVCA.der EVCARoot.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182924 (0x25714f8c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:57:18 2016
            Not After : Mon Jun 28 18:57:18 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:0a:14:27:d5:ce:68:8c:0c:f8:9f:ee:39:98:c9:a7:
                    1f:81:31:74:9a:4d:b4:25:f2:99:8e:9a:42:53:44:6e:
                    0f:23:27:d8:37:93:69:4b:6e:ed:6e:19:2a:5a:be:b8:
                    4c:20:53:60:2a:f0:c6:25:a4:df:cc:3b:86:43:8e:84:
                    01:d0:6f:52:c1:68:27:c4:e4:fd:eb:82:31:bd:c8:6e:
                    84:7e:a0:5d:dd:d6:57:69:28:62:65:5e:c2:70:d4:b8:
                    65:2f:dc:e5:ee:b3:64:ee:0a:ef:29:34:e7:09:46:cf:
                    1d:6d:94:7d:b3:ed:71:67:9d:d0:ec:ea:11:e0:2c:81:
                    01:28:d7:85:57:30:eb:57:c6:28:5d:c9:a1:a8:07:cc:
                    e2:44:89:a0:f6:7a:71:82:79:9c:54:c2:e1:89:7a:1f:
                    d7:f3:56:67:b1:02:82:a4:72:97:09:fa:da:f3:eb:ee:
                    c0:be:d4:3b:19:44:25:1e:10:7b:d7:f8:8c:c2:7d:e1:
                    10:af:2a:2d:cf:e2:08:d2:6d:dd:e2:fc:50:c9:48:48:
                    1e:55:0f:94:8b:10:f5:c6:36:ad:39:2b:ec:3b:1c:15:
                    1f:68:0c:89:54:ff:31:af:b9:88:d2:20:d0:52:0e:87:
                    51:75:63:48:23:5e:cb:5c:98:79:21:a9:e4:2e:e7:73
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        0b:57:e8:83:b7:df:ad:41:52:37:b7:12:9b:7f:a8:f9:
        7b:b5:cf:77:4b:44:19:7c:0d:03:61:54:fe:45:78:00:
        83:65:8c:f0:cb:58:b2:8e:9f:b4:40:ff:26:17:05:8b:
        2f:4c:8a:42:85:cc:90:4f:65:5d:2a:17:0f:3f:4f:8d:
        69:5f:41:a7:8b:91:1e:7b:b6:80:44:33:13:aa:0a:7a:
        a4:bc:27:b8:93:b1:45:09:89:95:fc:4d:38:7e:78:19:
        38:e0:da:7f:f5:c5:02:c8:2f:c2:6f:1f:fb:0d:98:7b:
        f5:4d:07:ef:3d:15:8e:36:15:a3:d7:8a:15:1e:b6:a6:
        ba:0a:2e:2a:ac:4e:00:87:ec:49:9a:ef:9c:7d:ab:94:
        94:70:40:6d:4e:c8:9b:47:36:e0:a5:d0:69:5a:a0:f6:
        e3:16:75:9e:6e:35:bb:51:fd:d0:77:b7:32:8d:12:5b:
        2c:23:71:68:b4:7e:f6:84:2c:2c:45:44:12:d4:2e:72:
        6e:76:f5:7d:b3:7d:cd:15:bd:69:c0:4b:7f:27:36:fb:
        8d:4d:6f:d9:2c:12:79:0e:f1:38:f8:48:06:20:c3:fd:
        2b:1b:a9:ff:f6:d3:7f:50:b5:30:5a:44:99:c0:05:ab:
        df:81:07:e3:fd:ee:33:bd:e5:8a:f2:36:9c:67:0a:59
    Fingerprint (SHA-256):
        9A:F3:01:0B:09:FF:F2:53:FF:37:AD:92:97:9B:33:7B:61:B0:20:16:5D:43:C3:90:B7:F7:61:AF:D7:EB:28:03
    Fingerprint (SHA1):
        AC:27:B2:BC:5E:24:5C:2F:83:DE:F8:67:4D:9D:E5:69:5E:1B:19:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=validEV EE,O=validEV,C=US"
Certificate 2 Subject: "CN=EVCA Intermediate,O=EVCA,C=US"
Returned value is 0, expected result is pass
chains.sh: #7664: explicitPolicy: Verifying certificate(s)  validEVEVCA.der EVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  invalidEVnonEVCA.der nonEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7665: explicitPolicy: Verifying certificate(s)  invalidEVnonEVCA.der nonEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0 
vfychain -d AllDB -pp -vv      -o OID.1.0  wrongEVOIDotherEVCA.der otherEVCARoot.der 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7666: explicitPolicy: Verifying certificate(s)  wrongEVOIDotherEVCA.der otherEVCARoot.der with flags -d AllDB -pp      -o OID.1.0  - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7667: Mapping: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182931 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7668: Mapping: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7669: Mapping: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7670: Mapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7671: Mapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182932   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7672: Mapping: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7673: Mapping: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7674: Mapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7675: Mapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182933   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7676: Mapping: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7677: Mapping: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #7678: Mapping: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7679: Mapping: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182934   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7680: Mapping: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7681: Mapping: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7682: Mapping: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #7683: Mapping: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #7684: Mapping: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #7685: Mapping: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182931 (0x25714f93)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:06 2016
            Not After : Mon Jun 28 18:58:06 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d4:1e:47:f1:c0:c9:1a:69:ce:8a:cb:6e:d5:a8:a1:7f:
                    0a:b8:08:41:66:ca:fc:f2:71:26:4a:99:85:d2:6b:56:
                    40:ec:6f:77:6c:13:87:24:20:52:f0:d7:a4:67:c0:04:
                    d2:90:d7:48:a1:dc:0b:f4:c0:51:72:7a:b7:87:5d:1f:
                    c5:8d:f6:1c:a1:ae:62:6d:4b:f4:e4:76:60:d1:cb:68:
                    c6:17:b1:6a:d9:2e:10:bb:45:6f:0e:01:98:be:d0:42:
                    95:a4:70:76:8d:85:09:4d:60:32:f1:cd:4a:78:b0:5c:
                    2a:6f:dc:2d:38:a2:bc:f3:22:2f:f3:62:48:01:5c:ce:
                    13:76:04:0b:85:9e:cb:1c:2b:ae:21:e3:fa:16:b7:39:
                    b9:cf:9a:f6:db:52:f7:49:c3:1f:de:c0:0d:46:61:c3:
                    6d:bd:68:9f:95:da:2a:df:1b:52:3f:af:be:52:cd:e3:
                    6c:b6:35:3e:4c:f4:f7:29:80:1a:89:e9:71:48:7f:de:
                    67:e5:e7:48:74:2a:94:3f:7b:94:e8:4c:b7:1b:14:5d:
                    e1:c9:9b:8a:62:a6:31:5f:f0:91:27:9f:a3:93:88:20:
                    f1:ee:3b:a4:ad:6e:0f:e3:59:f0:71:1a:f8:65:65:6b:
                    c6:48:58:02:69:56:db:d3:19:d8:7d:c3:0b:4f:75:99
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        94:22:4f:58:8d:bc:78:7c:ce:44:55:27:15:33:d6:46:
        eb:71:0a:24:ab:11:b1:93:1e:99:85:5d:4c:b3:d4:e4:
        24:c8:54:b1:ba:14:bd:fa:36:c5:5f:a7:c1:00:96:c5:
        91:6d:32:6e:67:35:f9:1a:e0:fe:cb:df:4b:b5:07:50:
        b3:bb:83:dc:8b:58:e8:8d:3b:6e:d4:07:9b:76:59:97:
        c5:59:3a:21:82:3f:f3:ba:e2:41:54:69:8d:57:30:ce:
        dc:6d:02:18:c0:c2:ef:37:bb:8e:c4:e3:25:be:86:ef:
        f3:c9:b7:b8:81:3a:e9:3d:72:99:11:52:42:31:d1:3f:
        6e:93:f8:a5:d8:79:a4:48:50:79:ff:c8:cf:a6:97:a0:
        6f:c3:52:b8:01:cf:08:90:1e:d3:cd:a8:3b:78:ab:d8:
        ce:58:ed:3a:f8:0e:a2:c8:67:51:43:df:8b:22:bc:9e:
        ac:6e:ac:fe:d7:ef:3d:bf:53:6a:02:8d:6f:b5:69:0b:
        5a:80:f8:da:5b:e7:b4:96:0f:ef:c3:d9:28:cd:d1:34:
        b9:bb:c8:18:df:71:d3:a7:dd:1c:1a:11:1f:51:be:3f:
        f8:f1:d6:8c:81:65:39:c1:3e:d2:14:3e:bf:aa:32:a2:
        56:66:99:2f:d3:d1:3c:93:91:82:c8:c1:35:76:6a:da
    Fingerprint (SHA-256):
        CF:23:8B:78:B1:33:34:54:BF:CB:BC:52:10:91:08:40:C7:39:3A:AC:C4:31:B0:8C:E3:40:12:82:1A:79:C3:F8
    Fingerprint (SHA1):
        30:5D:22:78:28:DA:E4:AD:3E:F6:B5:7F:4E:5E:87:E2:A8:FB:D8:CB
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7686: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7687: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7688: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182932 (0x25714f94)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:18 2016
            Not After : Mon Jun 28 18:58:18 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ca:b8:39:c2:33:7b:0a:74:1f:d9:80:61:cc:7e:e3:06:
                    1c:25:7d:ff:e4:d1:49:ce:af:dc:3b:67:73:06:03:92:
                    fa:34:2c:bb:77:c1:19:03:6b:ef:a8:a8:9c:da:64:69:
                    b7:4c:71:4b:27:e3:b5:97:37:9d:cc:ac:65:1b:91:cf:
                    2a:59:37:86:8c:ce:6d:91:e8:fb:18:90:97:4c:23:c4:
                    17:75:13:3d:b2:a2:ad:70:b1:4a:5f:44:57:1a:67:aa:
                    4d:61:ed:34:c8:12:97:7f:fb:bc:97:ac:21:3d:c3:81:
                    65:5e:66:e9:e6:93:73:8f:0b:95:93:42:72:e8:00:60:
                    11:16:5b:bc:77:4d:5a:ca:e6:b2:b6:f1:18:8d:64:33:
                    26:d6:b0:d0:81:60:6f:8f:e6:3d:0c:82:b7:0b:5a:a4:
                    a6:a7:01:df:4d:c7:42:22:cb:e6:9e:39:42:40:ad:08:
                    31:fa:b0:ed:6f:60:7e:01:29:26:17:3e:01:d6:8f:8b:
                    f4:a8:dc:56:78:8c:cd:f8:aa:08:c1:54:fa:76:27:4d:
                    8d:b5:2d:31:5e:76:4a:43:dd:30:43:15:e9:d5:da:ab:
                    a3:12:3b:3f:a1:72:ed:56:6a:43:f6:b5:3b:74:ab:2e:
                    45:c1:9a:bc:02:7d:f7:81:19:a4:23:42:f7:20:7f:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:c7:7e:bf:a2:03:17:10:55:34:f3:89:5e:3f:f4:3c:
        e9:a0:04:b1:3c:84:0a:c5:05:a7:24:7d:45:e7:79:73:
        c4:88:8b:29:75:88:8a:94:1c:21:0a:0a:0e:53:e5:d1:
        6f:42:d5:9b:b0:61:eb:a2:76:fb:b5:93:7d:bd:90:c1:
        40:4f:4a:a3:69:5f:75:49:c4:71:d8:85:86:8b:e1:1a:
        f5:2b:5d:5a:eb:a1:41:1c:13:21:29:69:0d:41:31:a9:
        7a:9b:d1:fa:5b:43:e7:e4:00:d4:0f:68:84:c8:ae:b4:
        35:43:ec:98:db:06:61:e6:b6:4b:f6:ec:4e:5c:d2:c4:
        e8:1c:76:8a:b3:ff:d7:ec:2a:66:33:ef:75:00:ce:18:
        1c:a0:1f:52:35:7b:bb:45:bc:38:cc:b9:94:40:ff:da:
        b7:6a:31:e7:e6:69:97:03:40:29:46:e6:9d:61:93:45:
        25:ed:33:12:48:ce:47:10:72:c7:89:0d:04:18:ae:d5:
        3f:09:8c:e8:22:fe:1a:1d:82:8f:52:e8:b5:08:3c:60:
        f8:f4:46:8e:a4:53:51:13:b2:a6:16:30:ee:ed:ed:b6:
        be:a9:ed:12:92:31:1f:ac:ed:98:c0:5c:50:cb:8b:29:
        64:6d:b6:f7:54:f8:da:bc:8b:b8:a3:36:b4:98:c7:66
    Fingerprint (SHA-256):
        F6:B1:05:94:16:13:0A:96:6E:D0:D5:D9:61:91:61:22:74:C4:E3:4C:19:85:46:B9:9D:88:BE:09:E8:51:96:DD
    Fingerprint (SHA1):
        98:38:DB:C9:29:4B:46:D0:DF:A1:73:6D:3E:62:E3:FD:D4:9E:1B:47
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7689: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA2.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7690: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA2.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182933 (0x25714f95)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:23 2016
            Not After : Mon Jun 28 18:58:23 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d7:78:2d:cc:ee:2b:69:f7:10:85:bd:17:a4:f6:ee:21:
                    d2:51:f2:b0:00:5a:51:f7:49:59:7b:1a:6c:ed:14:9d:
                    82:28:d6:42:80:33:b5:d9:aa:fa:fc:f1:28:18:27:3e:
                    fb:3b:1f:9d:3e:4c:7a:1b:d4:4f:07:d0:79:11:77:8d:
                    ca:b2:91:fa:34:d6:0a:32:39:67:02:78:db:a5:4d:1c:
                    56:de:ca:3b:63:0b:87:ce:e4:16:bd:f0:a0:22:c1:fa:
                    25:a8:f0:c6:9a:b2:21:c1:a2:94:a4:24:9f:4b:fe:12:
                    08:d0:eb:fa:14:73:43:c1:bb:89:7c:5a:42:51:06:d6:
                    20:f1:c2:c5:a7:18:96:59:73:69:90:06:16:e8:ae:40:
                    37:cb:b9:8f:22:0d:51:7a:e0:95:3a:27:e8:5a:79:c4:
                    d7:48:f7:70:17:cb:9d:c1:d8:4c:3b:ee:b2:1c:31:65:
                    3d:b0:73:cd:05:2a:6a:0f:e4:f2:17:31:2a:68:5e:a7:
                    c8:31:98:a0:e9:55:12:6d:cd:d4:de:4d:d9:e2:aa:a2:
                    7d:df:47:1d:f2:80:c4:56:a3:f5:c0:0b:a2:66:84:ba:
                    8a:df:9a:0e:d4:f5:9f:82:a9:66:98:97:3e:2e:e6:2c:
                    c5:43:84:20:f1:d0:f8:5f:fc:76:44:90:90:2b:39:8f
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        45:9b:cc:d3:38:78:b3:15:c6:50:ed:f2:9c:79:f6:ea:
        c7:80:74:c4:7d:bc:ae:01:d3:13:95:c9:75:3b:2b:66:
        f8:2c:bc:e8:83:06:30:51:74:fd:db:17:b6:1d:eb:b3:
        fd:5d:a5:d9:37:e2:2a:ad:24:d9:d7:1f:24:52:fe:1e:
        83:0c:39:b9:a2:93:32:fa:87:18:e4:a2:aa:50:df:bc:
        aa:90:7b:f4:e6:5e:63:ae:25:8e:3b:e5:14:23:25:0e:
        ba:37:f1:df:84:21:a3:57:2e:3d:4a:2a:6b:fb:c5:32:
        f3:0f:1d:10:ef:83:27:47:73:84:e8:10:b7:30:c7:16:
        5d:51:34:b5:78:6a:6d:57:33:8c:eb:12:c1:0b:98:28:
        d4:be:77:5a:ba:3a:49:a1:ff:6c:f6:6b:60:60:54:4d:
        cb:ec:6a:c3:7f:ef:a6:65:d0:43:88:0c:62:10:45:18:
        4c:4e:4c:39:86:5a:47:2c:d9:d8:9c:a2:74:db:75:56:
        45:90:7a:18:df:c1:1c:be:b9:f3:ed:08:8e:76:95:d1:
        e2:00:d5:8a:e0:54:63:cf:4e:5b:e5:5d:66:34:d6:b0:
        30:2c:7d:64:2c:3c:ca:0a:fd:86:d1:cd:bc:aa:f0:12:
        4c:db:73:65:02:36:9c:93:9a:d1:e5:e0:91:09:67:94
    Fingerprint (SHA-256):
        C8:90:73:31:44:EB:7F:96:55:A3:C0:77:A8:4C:B6:CA:72:96:F2:19:17:9A:19:65:BA:ED:1E:03:42:50:5D:3C
    Fingerprint (SHA1):
        35:AD:A8:E5:E0:AE:4D:94:9F:52:51:B2:92:B5:4F:C3:CE:18:F7:7D
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Returned value is 0, expected result is pass
chains.sh: #7691: Mapping: Verifying certificate(s)  UserCA2.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7692: Mapping2: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182935 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7693: Mapping2: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7694: Mapping2: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7695: Mapping2: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7696: Mapping2: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182936   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7697: Mapping2: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7698: Mapping2: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7699: Mapping2: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7700: Mapping2: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182937   --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
n
n
OID.1.0
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7701: Mapping2: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7702: Mapping2: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #7703: Mapping2: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US"  -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7704: Mapping2: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i CA3Req.der -o CA3CA2.der -f CA2DB/dbpasswd -m 628182938   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7705: Mapping2: Creating certficate CA3CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate CA3CA2.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7706: Mapping2: Importing certificate CA3CA2.der to CA3DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #7707: Mapping2: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7708: Mapping2: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i UserReq.der -o UserCA3.der -f CA3DB/dbpasswd -m 628182939   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7709: Mapping2: Creating certficate UserCA3.der signed by CA3  - PASSED
chains.sh: Importing certificate UserCA3.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7710: Mapping2: Importing certificate UserCA3.der to UserDB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7711: Mapping2: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "" -d AllDB -f AllDB/dbpasswd -i Root.der
chains.sh: #7712: Mapping2: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA1Root.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1Root.der
chains.sh: #7713: Mapping2: Importing certificate CA1Root.der to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA1.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA1.der
chains.sh: #7714: Mapping2: Importing certificate CA2CA1.der to AllDB database  - PASSED
chains.sh: Importing certificate CA3CA2.der to AllDB database
certutil -A -n CA3  -t "" -d AllDB -f AllDB/dbpasswd -i CA3CA2.der
chains.sh: #7715: Mapping2: Importing certificate CA3CA2.der to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t Root
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182935 (0x25714f97)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:45 2016
            Not After : Mon Jun 28 18:58:45 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ed:28:fd:36:b5:76:af:59:60:d3:f6:02:cc:8a:1d:a3:
                    4a:3d:83:5a:cf:b5:90:0d:05:ad:31:19:6e:03:b7:af:
                    ad:4c:c1:23:8e:2a:f9:41:0e:d7:64:ce:b9:6f:4c:72:
                    8e:ed:d9:21:09:ce:56:8f:db:ef:aa:9b:e4:32:ac:0c:
                    dd:65:ff:79:c6:61:19:6c:3a:0e:79:47:bd:92:5a:92:
                    f8:af:ca:c4:e2:e8:c1:9b:83:4c:a3:a1:a5:38:28:0c:
                    3e:84:a0:65:31:55:ec:dc:98:df:15:dc:f0:b7:c3:7e:
                    39:62:e3:cd:57:c0:9f:80:96:e8:3d:92:d8:de:d3:54:
                    36:76:90:66:37:7e:da:61:7b:61:3f:bb:44:e0:56:57:
                    21:0f:ae:63:86:0f:c3:f6:8b:dd:f6:b5:8c:67:d6:88:
                    ff:ab:85:3e:78:fb:12:63:32:ff:da:0a:af:05:65:79:
                    f6:1c:4b:77:6a:01:9b:fc:ed:0b:84:d7:35:ae:da:09:
                    8b:d5:f2:3b:b0:08:2b:81:27:9b:1c:d6:2e:64:89:ba:
                    be:30:62:ad:c3:24:32:9f:3f:1c:f9:b1:ff:79:0f:1c:
                    77:5d:90:17:fb:59:63:7c:09:e4:aa:50:86:ea:e8:8f:
                    14:5a:06:d1:9c:97:02:f7:2b:62:6c:68:07:91:22:bb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        ad:35:2a:8b:af:60:30:50:26:6f:29:7b:54:4e:a9:16:
        0c:27:d8:85:24:1d:83:d3:d9:68:f0:58:d7:db:7e:0f:
        ce:0d:16:20:ae:4d:e9:6b:39:e7:16:4f:6f:b8:ad:63:
        d0:f9:c6:d9:43:41:5d:75:60:fa:38:0d:cd:a0:b0:be:
        82:d6:08:c9:52:c9:c4:fe:13:1e:78:42:8c:27:c1:62:
        e1:5b:3b:85:54:86:cc:d3:47:d1:e2:78:07:82:f7:bd:
        d0:07:f8:1b:9a:44:8b:dc:ab:e5:98:4b:bd:42:83:16:
        95:e5:42:97:10:bf:5c:ab:23:a1:d0:2d:33:38:be:c4:
        aa:01:22:ce:e8:9f:7f:49:bd:dd:49:bd:05:b3:7c:72:
        88:a8:10:57:61:52:e4:02:19:27:46:2f:71:58:b6:15:
        32:6c:42:5c:e4:c3:8e:df:03:c1:db:ed:76:61:81:65:
        f4:b8:45:f3:41:6a:e5:0c:7b:89:39:53:8f:41:37:50:
        75:4a:9c:bb:13:1f:b4:f0:2c:ab:39:4f:f0:06:64:35:
        0a:bf:e6:f2:f6:15:a3:a8:a3:e7:87:31:f6:9a:fb:b7:
        2f:bf:f1:81:3e:a2:90:8b:8f:2a:1e:21:19:37:e9:a0:
        91:1e:16:70:5b:ee:2a:a3:e2:75:6a:ac:11:d7:4c:18
    Fingerprint (SHA-256):
        95:C6:2F:EF:1E:06:9A:6A:B2:09:F5:B8:A8:8C:CA:A6:5D:3E:25:2F:5B:75:A6:A2:90:F9:A0:EA:61:08:40:9B
    Fingerprint (SHA1):
        6C:C8:0B:47:3D:B6:7F:0A:3E:91:A4:5D:31:C6:C4:8A:C3:94:B8:6B
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 4 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7716: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t Root
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. Root [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7717: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t Root - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA1
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182936 (0x25714f98)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:52 2016
            Not After : Mon Jun 28 18:58:52 2021
        Subject: "CN=CA1 Intermediate,O=CA1,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ba:1e:35:2e:8b:20:3e:c0:43:56:3e:d9:52:7a:9f:82:
                    06:7e:6c:9e:68:99:dc:c2:3c:89:48:b5:45:94:00:fa:
                    c0:14:13:69:b3:c0:9a:d6:20:45:39:85:98:d4:60:b5:
                    a0:e9:25:22:35:10:25:04:4d:03:9d:84:09:c5:b1:37:
                    cd:44:75:2d:d4:3a:70:86:1f:de:e7:ab:f2:57:cf:2d:
                    46:47:12:b3:11:b5:0e:3c:d6:e1:9c:3e:b2:21:6c:3d:
                    4b:30:6c:14:5f:1b:2c:dc:7b:ad:63:65:63:7d:d8:70:
                    68:c1:06:21:b8:a3:da:18:b6:52:4f:d1:18:45:bc:16:
                    c6:f6:19:fb:50:b5:82:f3:74:dd:4e:50:b2:10:1f:40:
                    dc:75:6f:cc:0f:e9:d5:30:d2:62:33:e8:39:d2:70:3f:
                    2d:99:79:9d:fe:45:7e:50:2a:e2:a8:3d:4d:84:97:68:
                    fa:fa:4f:f2:f5:c6:40:62:d0:86:97:01:83:ec:5e:4a:
                    0c:4d:15:95:7d:95:a3:2c:24:8c:ef:39:68:77:a4:6e:
                    74:96:2a:c0:a9:51:9d:d4:ff:cf:5b:b3:97:35:45:1a:
                    52:ce:1f:5b:13:62:0a:da:f9:ab:11:5d:6a:b5:00:d5:
                    b3:dc:91:1e:fd:d9:45:73:ad:31:d9:0f:b6:45:c7:29
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policies
            Data: 
                Policy Name: User Defined Policy OID
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        25:44:2d:75:f5:05:db:51:79:11:f5:86:29:3a:4c:88:
        ef:9e:db:f7:cd:19:bf:a5:ec:68:9f:26:51:a7:86:cd:
        0e:86:77:0b:18:ef:0e:8f:e8:0e:29:6a:52:af:6b:37:
        8b:49:73:c9:b6:09:e6:94:c8:f0:c2:27:17:57:f1:82:
        8e:da:96:48:19:c7:9c:62:9c:ea:da:e2:3a:d5:57:13:
        c0:f8:a2:93:68:c2:d3:74:5d:c8:27:d9:0d:44:a4:45:
        11:0f:21:12:2e:89:6e:fb:52:22:5c:38:33:89:10:63:
        f0:b5:2d:1d:ad:7b:c5:0f:a6:e5:e8:76:4b:14:a9:98:
        a2:77:88:67:b0:45:9b:db:66:bc:66:f3:ea:87:5a:ff:
        73:5d:e1:22:49:39:08:74:f3:8a:be:7f:96:60:10:28:
        dd:f6:53:8d:44:e2:ca:93:6c:5b:2f:6d:4e:80:44:5d:
        48:4b:24:7b:e3:64:fd:2d:c6:5e:5e:81:d8:6d:b7:38:
        f9:bf:9f:21:75:48:d3:39:e5:88:77:f0:3c:8b:2e:df:
        93:89:68:95:2c:c7:a9:57:04:6d:52:ca:36:28:81:f7:
        91:e0:a0:bb:12:44:64:30:c6:7f:e7:1c:ad:5b:75:68:
        6a:8c:35:90:6e:3c:1f:bd:bc:aa:a5:0b:ac:5f:53:10
    Fingerprint (SHA-256):
        42:F5:3C:C2:D9:83:A3:F7:33:84:AD:D1:CD:41:5A:D0:E0:CB:1F:CE:EA:F1:EF:9C:DA:1E:E6:45:95:1B:1D:A4
    Fingerprint (SHA1):
        5A:E2:D2:7E:E3:B0:EE:3C:43:A2:50:64:E6:6F:CB:AF:3F:CE:AC:80
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Certificate 3 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7718: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA1
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. CA1 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7719: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA1 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.0  UserCA3.der  -t CA2
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA2 [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7720: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.0  -t CA2 - PASSED
chains.sh: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2
vfychain -d AllDB -pp -vv      -o OID.1.1  UserCA3.der  -t CA2
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182937 (0x25714f99)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 18:58:59 2016
            Not After : Mon Jun 28 18:58:59 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    ab:4a:3f:6d:c3:35:8f:b0:d7:fc:01:41:98:70:13:c3:
                    37:16:50:8f:e1:a5:98:a3:9e:81:c1:6f:4f:43:97:08:
                    a4:67:b9:50:6a:8f:c4:30:c5:cd:7e:3d:8a:85:a9:ee:
                    65:04:2f:82:3d:95:ac:3e:05:76:e6:3d:b6:ab:3e:d0:
                    dc:74:2f:91:b4:9c:6c:2c:60:57:67:ab:99:29:a8:33:
                    62:9b:e6:51:8f:b3:83:4c:a2:0d:e9:cb:c8:f7:41:3d:
                    03:fe:ad:dc:6e:26:14:8e:f2:4a:07:0f:67:22:a7:97:
                    52:0c:ab:c3:4c:76:7c:03:ad:2d:78:f9:eb:47:2d:e8:
                    2a:18:1c:97:df:51:ac:bd:f1:17:f8:8b:7b:e1:44:87:
                    65:1e:5f:89:4a:5e:fb:16:1b:20:eb:1e:1c:ff:d4:5b:
                    0f:5d:9d:36:a0:36:7e:c4:1c:f0:9e:9c:31:32:66:0c:
                    26:68:d5:47:05:78:70:2e:1b:48:29:32:1d:f8:eb:36:
                    ac:4e:d6:fa:02:89:23:a9:6b:f7:ef:e2:2c:25:2c:49:
                    a8:ea:66:76:86:e6:28:44:b5:cf:29:29:55:b4:fb:d2:
                    75:9a:f8:e2:09:1b:a0:6a:62:29:26:e8:83:25:49:ce:
                    50:19:88:b0:ad:73:d4:28:e1:97:25:8e:2e:3c:e5:23
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Policy Mappings
            Data: Sequence {
                Sequence {
                    OID.1.0
                    User Defined Policy OID
                }
            }
            Name: Certificate Policies
            Data: 
                Policy Name: OID.1.0
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7f:f1:ce:50:24:02:fe:60:32:0e:f1:55:6c:27:94:2d:
        68:ce:47:2c:ff:7a:cc:5e:b2:97:87:d4:99:aa:9a:49:
        77:fc:cc:e9:ca:af:32:ce:76:60:b1:0b:7d:b5:7c:12:
        da:6f:b7:05:e4:33:2d:e9:6c:fa:c0:c7:2b:22:3d:3b:
        b1:c7:92:a4:0c:25:7e:56:63:a0:9d:ce:41:fd:94:8f:
        d5:3c:7c:ad:01:33:3d:fd:18:ef:4e:d1:90:f7:e0:22:
        e9:89:30:b9:f3:94:59:c7:d8:2a:e2:d4:09:3a:2e:bc:
        ae:2e:99:ef:32:9d:1d:6f:17:8f:74:96:14:fa:8f:32:
        ab:e5:94:18:9c:59:7e:c5:c1:5a:51:87:3c:23:ef:2e:
        d0:5e:16:3d:34:a8:ec:49:3b:a9:89:d0:b6:78:0a:f9:
        a6:e0:a2:52:b9:d7:db:5c:75:82:da:18:3b:49:aa:45:
        dc:16:be:9c:26:60:e6:da:af:0b:84:07:0f:c4:6d:51:
        21:42:d8:ad:96:f9:15:7f:40:aa:e6:e2:4d:81:e1:b3:
        cb:8d:7c:e8:41:0e:70:f4:fc:e9:a2:28:34:d0:aa:c6:
        23:6d:1a:e0:a6:84:cd:0b:7e:72:03:a4:ae:59:1c:1f:
        85:6a:22:1b:30:da:f9:04:0f:39:dc:f8:53:ad:db:40
    Fingerprint (SHA-256):
        B0:24:86:16:FB:D4:1A:EF:69:2C:0A:47:C9:58:AE:E0:93:FB:6B:0A:4B:87:A0:66:63:7C:9F:9E:63:D0:E5:F9
    Fingerprint (SHA1):
        BA:B0:83:FC:44:99:23:C5:6A:3A:3C:29:68:9D:48:1C:47:7E:B1:B6
    Certificate Trust Flags:
        SSL Flags:
        Email Flags:
        Object Signing Flags:
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #7721: Mapping2: Verifying certificate(s)  UserCA3.der with flags -d AllDB -pp      -o OID.1.1  -t CA2 - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7722: AIA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182940 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7723: AIA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7724: AIA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7725: AIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7726: AIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182941   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7727: AIA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7728: AIA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7729: AIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7730: AIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182942   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA1Root-628182719.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7731: AIA: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7732: AIA: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB UserDB
certutil -N -d UserDB -f UserDB/dbpasswd
chains.sh: #7733: AIA: Creating DB UserDB  - PASSED
chains.sh: Creating EE certifiate request UserReq.der
certutil -s "CN=User EE, O=User, C=US"  -R  -d UserDB -f UserDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o UserReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7734: AIA: Creating EE certifiate request UserReq.der  - PASSED
chains.sh: Creating certficate UserCA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i UserReq.der -o UserCA2.der -f CA2DB/dbpasswd -m 628182943   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7735: AIA: Creating certficate UserCA2.der signed by CA2  - PASSED
chains.sh: Importing certificate UserCA2.der to UserDB database
certutil -A -n User -t u,u,u -d UserDB -f UserDB/dbpasswd -i UserCA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7736: AIA: Importing certificate UserCA2.der to UserDB database  - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der
vfychain -d UserDB -pp -vv       UserCA2.der CA2CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA2 Intermediate,O=CA2,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA1 Intermediate,O=CA1,C=US
Returned value is 1, expected result is fail
chains.sh: #7737: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der
vfychain -d UserDB -pp -vv   -f    UserCA2.der CA2CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182940 (0x25714f9c)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 18:59:39 2016
            Not After : Mon Jun 28 18:59:39 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b3:35:ed:a2:b9:fd:cc:44:23:7e:23:0b:a1:a5:76:f4:
                    d9:3c:82:0c:85:c6:81:10:4a:b1:af:c2:f4:53:d0:3a:
                    c7:03:9c:01:ad:b2:3f:0a:6f:56:d5:fd:d5:d0:8a:40:
                    6d:fc:28:2e:65:cd:26:5c:c4:c2:f3:ee:69:40:19:ee:
                    52:c4:29:60:0c:92:e1:b5:52:71:0a:38:8c:13:23:45:
                    ff:5a:1d:79:3b:10:1a:7e:44:ad:ff:ef:30:7b:27:24:
                    46:54:e2:e8:6f:07:a0:d3:d0:4d:99:2b:de:ed:ef:e5:
                    86:bc:2f:85:b2:5f:19:77:2a:7a:0b:c4:82:bb:7a:07:
                    28:32:d3:f4:b6:f0:77:1a:56:3b:2c:75:95:33:8b:4d:
                    a2:82:32:05:6e:40:5a:e1:cd:b2:68:ac:6e:08:4f:db:
                    f3:8d:c6:4b:78:99:2e:7a:8e:ac:eb:5f:96:ee:93:37:
                    78:68:6a:9d:42:66:28:b7:d3:3b:76:3e:a0:26:47:5b:
                    53:9a:b1:82:1b:93:10:e4:68:7b:74:6e:16:fe:c8:34:
                    e5:21:f1:f7:4d:0a:c4:fb:94:9c:cb:dd:5a:be:a1:44:
                    6b:7e:41:87:66:04:89:a1:72:16:2e:84:c3:85:61:de:
                    27:ef:4d:5b:4e:89:46:a1:7d:97:1f:5b:da:7e:ac:65
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:f6:03:0e:26:d0:1a:83:c8:29:d9:ff:2d:eb:61:4d:
        0b:a4:b7:fc:89:27:3d:5e:b7:1a:58:90:c5:49:ac:aa:
        a9:37:ce:71:75:0b:a2:66:2a:fa:8a:1d:ee:4b:3c:b3:
        cc:e9:b9:38:70:b5:4d:59:81:6b:97:c5:11:5d:2e:f3:
        d4:28:49:6f:66:b3:ad:e5:da:4c:c9:69:97:28:b5:ea:
        5a:f7:56:86:c3:72:5d:18:31:92:4d:57:08:c5:02:1b:
        95:70:e6:ed:50:b9:7f:37:d8:b8:72:06:0d:a0:48:61:
        89:e7:b4:20:d8:aa:51:18:3c:4e:73:c8:24:b7:4d:2c:
        56:c6:49:3b:36:36:79:33:ed:44:04:29:0a:04:ea:28:
        1b:5d:de:43:da:01:2e:af:df:6e:59:e1:10:cd:f6:f7:
        69:d1:08:64:00:d6:ca:0d:73:a6:dd:ee:7f:a7:cc:44:
        fc:53:2b:4d:20:81:db:35:9e:4a:db:96:6a:aa:42:ab:
        bd:c8:eb:96:e2:ea:65:96:03:61:89:07:ee:c5:2a:bd:
        1c:9b:50:d0:9a:22:66:d1:60:22:1f:e0:93:02:d6:51:
        1f:be:5c:29:95:a3:3d:72:5d:cc:05:31:91:16:02:87:
        ff:c3:19:3d:82:a2:d9:71:d2:1f:9a:63:18:10:09:d6
    Fingerprint (SHA-256):
        05:72:80:F6:E5:03:11:70:6B:0D:A6:1E:DE:73:F6:32:ED:35:86:73:A0:71:E2:88:5A:C7:C3:54:2A:F9:5A:23
    Fingerprint (SHA1):
        9D:30:55:21:BB:65:A3:A5:A7:53:E2:78:44:A0:36:A8:B9:FB:BA:55
Certificate 1 Subject: "CN=User EE,O=User,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7738: AIA: Verifying certificate(s)  UserCA2.der CA2CA1.der with flags -d UserDB -pp   -f    -t Root.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #7739: BridgeWithAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182944 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7740: BridgeWithAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #7741: BridgeWithAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #7742: BridgeWithAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182945 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7743: BridgeWithAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #7744: BridgeWithAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #7745: BridgeWithAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7746: BridgeWithAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182946 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7747: BridgeWithAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7748: BridgeWithAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182947 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7749: BridgeWithAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7750: BridgeWithAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #7751: BridgeWithAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7752: BridgeWithAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7753: BridgeWithAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182948   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628182720.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7754: BridgeWithAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7755: BridgeWithAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7756: BridgeWithAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7757: BridgeWithAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182949   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7758: BridgeWithAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7759: BridgeWithAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #7760: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182944 (0x25714fa0)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 19:00:03 2016
            Not After : Mon Jun 28 19:00:03 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e4:dc:3b:33:da:24:ac:b3:df:de:c9:a1:76:1f:c8:54:
                    03:f8:64:9c:11:6e:a2:03:08:69:73:c7:47:17:2d:b3:
                    ef:a6:f5:cd:c6:d0:27:e7:61:bc:cb:c6:1a:73:be:31:
                    b5:5d:a4:bc:f5:14:a9:93:cf:32:56:b0:7e:13:f6:86:
                    ee:52:6d:68:a1:58:a6:d1:63:c1:6b:b0:7d:7c:16:80:
                    77:43:d3:43:80:05:2f:a5:89:cb:29:a1:28:16:15:33:
                    67:03:23:f0:7c:8a:bf:ce:06:55:63:e7:ad:96:9c:89:
                    de:b9:b8:12:0a:5e:d4:df:c3:21:a9:00:c4:66:bf:41:
                    2a:6c:93:8a:68:0c:fe:2a:c2:f7:be:86:9b:7d:24:6e:
                    d7:7e:9d:0f:fc:cc:e6:6d:e9:e1:6d:dc:e2:0d:42:51:
                    2f:d3:bf:c3:c8:72:fe:b8:f0:85:d1:61:af:92:7f:e1:
                    b1:3a:97:a5:99:ab:2b:d8:23:76:d5:65:5c:78:b0:c6:
                    4d:a6:17:a4:62:bf:06:1e:8c:54:02:4b:f4:20:7f:9f:
                    64:66:79:ed:dd:3b:bb:1b:88:9b:2e:4c:32:8e:83:c0:
                    8e:18:ea:99:f5:88:37:80:4d:57:8d:13:bf:73:fa:74:
                    23:08:fe:98:88:72:56:31:12:45:5a:04:2d:1f:16:bf
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7a:8e:8b:60:a3:34:01:ef:5d:bf:d6:2b:56:f1:7b:41:
        3f:c6:22:53:05:43:8b:95:99:b0:a6:ad:17:aa:0d:65:
        e8:61:da:99:61:fd:5b:5a:44:2a:8f:c9:64:6a:a1:81:
        40:7f:35:24:44:d2:66:f6:11:9b:cd:bb:f6:8e:bb:0f:
        20:fe:c0:59:b9:1d:d7:99:9a:3a:45:6b:12:4a:25:26:
        70:1e:5d:23:b5:12:b0:89:f4:cd:7e:51:4e:03:c9:23:
        9b:2a:0b:63:05:d2:b8:cd:8b:82:35:a6:99:59:39:29:
        89:39:e9:fb:c9:87:c6:fe:d6:fc:ce:ef:a5:dd:64:9f:
        56:da:28:2b:e9:dc:5b:8b:26:82:ef:60:9d:68:34:bb:
        59:1e:08:d8:5b:f1:c3:9c:8e:d0:13:13:44:20:33:86:
        bf:1a:24:50:74:03:25:9e:b7:97:6f:e1:41:18:a7:d6:
        08:cd:0b:3f:d8:38:0d:2b:a6:fd:37:04:fd:f3:19:3d:
        14:20:1e:32:fa:64:b5:df:8b:e4:61:57:1e:40:34:67:
        50:16:5f:e3:c7:d1:db:3b:0a:50:86:aa:81:da:5c:a6:
        e0:1a:1f:f9:bd:3a:ad:5c:b7:7a:83:54:3a:97:61:c7:
        06:77:c2:43:5b:da:02:a9:f2:41:a0:37:ac:a7:5b:e7
    Fingerprint (SHA-256):
        6B:9D:E8:AB:85:08:AB:25:27:0A:15:74:E0:1B:B2:A1:D3:29:BF:09:A3:8D:3D:88:42:D9:F5:20:A6:E3:08:D4
    Fingerprint (SHA1):
        1F:41:B7:6C:55:2A:AC:0F:2D:88:B1:8B:F3:4B:84:5A:67:CB:F3:BB
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7761: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182945 (0x25714fa1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:00:10 2016
            Not After : Mon Jun 28 19:00:10 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    af:d9:8a:d6:61:31:bc:65:59:2a:eb:b9:4c:d1:fe:f4:
                    c6:c5:a6:3e:4c:71:6d:f6:8a:06:cc:61:a4:22:4d:9d:
                    74:87:23:02:bc:56:ce:8f:1e:92:84:8b:35:a7:68:6f:
                    c0:2a:67:0e:45:d6:f6:b3:c3:1e:95:5c:8d:bc:7c:cb:
                    03:69:99:bb:58:5a:c9:5b:61:84:2b:e8:01:46:f2:b7:
                    0e:43:42:3e:0c:55:d3:0f:37:81:cf:15:2f:a5:a0:91:
                    2e:ac:7e:00:15:2e:a0:be:36:f3:1c:a9:53:11:fb:fa:
                    58:80:6d:88:2b:53:3a:85:68:40:42:4b:6d:e2:4f:79:
                    88:b8:4d:a4:a1:dd:2b:c8:66:96:c1:a3:15:bd:83:ac:
                    df:f8:a1:a7:85:d9:00:0d:bf:4b:62:86:9c:f8:70:30:
                    b9:17:9e:fc:39:b0:33:76:cb:eb:ad:6c:8c:40:ed:39:
                    c4:26:38:7b:c4:f5:0c:36:9a:56:5a:ec:aa:b1:cb:b2:
                    5d:b6:24:c8:ad:3b:7c:d4:56:80:55:c8:80:45:7b:a3:
                    18:a1:30:f9:62:68:a4:ff:ca:c3:17:15:a8:cb:b1:3f:
                    41:5e:ae:bf:82:d6:e2:91:44:bd:c4:c2:b3:d2:bc:78:
                    bf:8a:0f:6e:50:d3:82:42:4d:52:59:24:98:bb:9e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:d3:8c:85:ce:c3:5e:f0:63:12:22:25:54:40:56:64:
        ae:b8:3c:05:4c:3a:e3:76:d2:30:61:79:03:bc:82:ab:
        23:7d:a5:c3:2e:dc:62:3a:0a:74:63:6f:99:a5:bb:d4:
        8c:2c:cd:b3:ed:c8:4d:31:6a:a8:cc:41:e7:7f:ee:47:
        51:f6:7e:3c:bb:41:0d:be:85:c3:66:6e:94:82:27:78:
        65:0f:54:2c:38:6f:ea:d1:c0:64:1b:42:ab:8f:f3:4e:
        5d:17:b7:67:7f:74:52:11:de:25:af:c6:ae:2c:7e:15:
        ad:64:23:43:41:a6:77:c8:a4:66:a0:79:d7:c6:b6:bd:
        12:1d:b3:ac:b0:8d:c8:1b:37:4b:14:2d:aa:2a:9e:f4:
        fd:3d:f1:60:26:af:ff:e3:6d:b6:93:88:cc:92:0c:e9:
        06:cf:f8:f3:6e:84:af:e9:ca:9d:48:16:b6:07:9b:30:
        31:f9:3c:e3:3c:5b:fa:de:f1:d0:a1:fc:7c:a3:92:0b:
        87:fa:20:28:e4:5f:7d:ae:b6:a2:75:43:46:4d:d2:93:
        e5:51:f3:62:89:2d:fa:ec:83:4d:f3:29:d3:f8:d8:2f:
        c2:74:8d:d2:a0:de:a2:b8:4c:68:c0:51:f6:fe:06:16:
        08:93:41:9d:9c:ce:0e:67:d1:d6:75:c4:d2:7a:4e:b0
    Fingerprint (SHA-256):
        4F:AA:C9:90:B5:27:C6:92:47:11:0F:FE:C5:0B:8D:9B:7F:55:18:F3:DB:F3:C8:6F:9D:39:EB:79:36:B7:AB:CC
    Fingerprint (SHA1):
        A8:87:1E:4B:05:75:30:59:30:2A:6A:CC:85:13:15:CC:6C:C3:76:D1
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7762: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182945 (0x25714fa1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:00:10 2016
            Not After : Mon Jun 28 19:00:10 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    af:d9:8a:d6:61:31:bc:65:59:2a:eb:b9:4c:d1:fe:f4:
                    c6:c5:a6:3e:4c:71:6d:f6:8a:06:cc:61:a4:22:4d:9d:
                    74:87:23:02:bc:56:ce:8f:1e:92:84:8b:35:a7:68:6f:
                    c0:2a:67:0e:45:d6:f6:b3:c3:1e:95:5c:8d:bc:7c:cb:
                    03:69:99:bb:58:5a:c9:5b:61:84:2b:e8:01:46:f2:b7:
                    0e:43:42:3e:0c:55:d3:0f:37:81:cf:15:2f:a5:a0:91:
                    2e:ac:7e:00:15:2e:a0:be:36:f3:1c:a9:53:11:fb:fa:
                    58:80:6d:88:2b:53:3a:85:68:40:42:4b:6d:e2:4f:79:
                    88:b8:4d:a4:a1:dd:2b:c8:66:96:c1:a3:15:bd:83:ac:
                    df:f8:a1:a7:85:d9:00:0d:bf:4b:62:86:9c:f8:70:30:
                    b9:17:9e:fc:39:b0:33:76:cb:eb:ad:6c:8c:40:ed:39:
                    c4:26:38:7b:c4:f5:0c:36:9a:56:5a:ec:aa:b1:cb:b2:
                    5d:b6:24:c8:ad:3b:7c:d4:56:80:55:c8:80:45:7b:a3:
                    18:a1:30:f9:62:68:a4:ff:ca:c3:17:15:a8:cb:b1:3f:
                    41:5e:ae:bf:82:d6:e2:91:44:bd:c4:c2:b3:d2:bc:78:
                    bf:8a:0f:6e:50:d3:82:42:4d:52:59:24:98:bb:9e:57
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:d3:8c:85:ce:c3:5e:f0:63:12:22:25:54:40:56:64:
        ae:b8:3c:05:4c:3a:e3:76:d2:30:61:79:03:bc:82:ab:
        23:7d:a5:c3:2e:dc:62:3a:0a:74:63:6f:99:a5:bb:d4:
        8c:2c:cd:b3:ed:c8:4d:31:6a:a8:cc:41:e7:7f:ee:47:
        51:f6:7e:3c:bb:41:0d:be:85:c3:66:6e:94:82:27:78:
        65:0f:54:2c:38:6f:ea:d1:c0:64:1b:42:ab:8f:f3:4e:
        5d:17:b7:67:7f:74:52:11:de:25:af:c6:ae:2c:7e:15:
        ad:64:23:43:41:a6:77:c8:a4:66:a0:79:d7:c6:b6:bd:
        12:1d:b3:ac:b0:8d:c8:1b:37:4b:14:2d:aa:2a:9e:f4:
        fd:3d:f1:60:26:af:ff:e3:6d:b6:93:88:cc:92:0c:e9:
        06:cf:f8:f3:6e:84:af:e9:ca:9d:48:16:b6:07:9b:30:
        31:f9:3c:e3:3c:5b:fa:de:f1:d0:a1:fc:7c:a3:92:0b:
        87:fa:20:28:e4:5f:7d:ae:b6:a2:75:43:46:4d:d2:93:
        e5:51:f3:62:89:2d:fa:ec:83:4d:f3:29:d3:f8:d8:2f:
        c2:74:8d:d2:a0:de:a2:b8:4c:68:c0:51:f6:fe:06:16:
        08:93:41:9d:9c:ce:0e:67:d1:d6:75:c4:d2:7a:4e:b0
    Fingerprint (SHA-256):
        4F:AA:C9:90:B5:27:C6:92:47:11:0F:FE:C5:0B:8D:9B:7F:55:18:F3:DB:F3:C8:6F:9D:39:EB:79:36:B7:AB:CC
    Fingerprint (SHA1):
        A8:87:1E:4B:05:75:30:59:30:2A:6A:CC:85:13:15:CC:6C:C3:76:D1
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7763: BridgeWithAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #7764: BridgeWithHalfAIA: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182950 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7765: BridgeWithHalfAIA: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #7766: BridgeWithHalfAIA: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #7767: BridgeWithHalfAIA: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182951 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7768: BridgeWithHalfAIA: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #7769: BridgeWithHalfAIA: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #7770: BridgeWithHalfAIA: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7771: BridgeWithHalfAIA: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i BridgeReq.der -o BridgeArmy.der -f ArmyDB/dbpasswd -m 628182952 -7 Bridge@Army  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7772: BridgeWithHalfAIA: Creating certficate BridgeArmy.der signed by Army  - PASSED
chains.sh: Importing certificate BridgeArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7773: BridgeWithHalfAIA: Importing certificate BridgeArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i BridgeReq.der -o BridgeNavy.der -f NavyDB/dbpasswd -m 628182953 -7 Bridge@Navy  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7774: BridgeWithHalfAIA: Creating certficate BridgeNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate BridgeNavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7775: BridgeWithHalfAIA: Importing certificate BridgeNavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@Army,Bridge@Navy" -d BridgeDB > Bridge.p7
chains.sh: #7776: BridgeWithHalfAIA: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7777: BridgeWithHalfAIA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7778: BridgeWithHalfAIA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182954   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-Bridge-628182721.p7
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7779: BridgeWithHalfAIA: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7780: BridgeWithHalfAIA: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7781: BridgeWithHalfAIA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7782: BridgeWithHalfAIA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182955   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7783: BridgeWithHalfAIA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7784: BridgeWithHalfAIA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7785: BridgeWithHalfAIA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7786: BridgeWithHalfAIA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628182956   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-BridgeNavy-628182722.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7787: BridgeWithHalfAIA: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7788: BridgeWithHalfAIA: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7789: BridgeWithHalfAIA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7790: BridgeWithHalfAIA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182957   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7791: BridgeWithHalfAIA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7792: BridgeWithHalfAIA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der
vfychain -d EE1DB -pp -vv       EE1CA1.der CA1Bridge.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=CA1 Intermediate,O=CA1,C=US [Certificate Authority]:
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=Bridge Bridge,O=Bridge,C=US
Returned value is 1, expected result is fail
chains.sh: #7793: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp       -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182950 (0x25714fa6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 19:00:45 2016
            Not After : Mon Jun 28 19:00:45 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:a2:63:72:ba:80:0e:97:b3:e1:8f:4a:5e:84:50:48:
                    b4:b5:71:0e:b6:17:fb:9e:59:5a:b5:07:ac:ca:d9:16:
                    45:f8:e3:96:f5:5b:e5:e4:6e:de:24:58:9d:55:2f:16:
                    51:bc:04:90:cb:44:e7:37:d3:60:f9:b3:b9:59:44:bc:
                    ad:f9:79:90:9b:a0:1e:03:1e:37:5c:5a:41:05:dd:b0:
                    72:79:77:0e:55:09:8e:1d:bc:d2:0c:1f:31:a9:7b:8f:
                    f3:03:a7:42:41:d5:27:bc:2a:c0:a7:be:4f:a6:59:33:
                    4e:dd:d3:b1:ca:99:e5:90:e2:0d:3e:b4:0e:94:21:aa:
                    24:5b:b9:06:62:f3:48:03:1c:d7:97:67:52:7e:7c:e8:
                    0c:44:70:f8:2c:7f:f1:0a:a2:c9:15:75:79:3e:f6:69:
                    ba:2b:1b:70:e0:4e:35:b4:62:2c:b1:00:b0:29:fb:9b:
                    90:ff:97:54:5b:72:d9:c9:84:71:d6:17:ee:46:23:e0:
                    71:b8:55:2c:e6:73:f5:b6:9a:76:a1:8a:d4:6a:11:02:
                    b1:8f:e4:82:be:ef:64:0a:b7:c5:8d:7d:41:d7:c0:4c:
                    a7:d4:1d:05:21:bc:2b:6b:e7:07:62:42:23:32:18:0a:
                    d2:8a:8c:f9:0e:4c:f3:ff:9d:e7:72:8e:9d:08:a5:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        31:10:65:c7:17:fe:42:83:16:3f:90:c9:d5:55:c8:a9:
        fa:e4:ab:df:20:33:0b:7b:be:1e:66:58:17:ce:1a:51:
        de:7e:d2:70:7b:9c:c0:08:74:67:41:a8:c2:56:cd:29:
        ec:21:ee:69:c3:7f:84:8f:03:b4:0e:92:9a:52:57:22:
        3c:e4:55:fa:86:cf:73:70:8d:13:74:11:a2:ce:c9:38:
        20:6e:69:7b:9b:09:c5:c0:44:ac:10:97:05:b6:13:d9:
        50:69:50:78:55:38:f7:68:52:56:1e:2c:6e:8c:e5:3b:
        36:65:25:4c:75:f0:51:c2:cf:78:83:73:e6:16:60:2f:
        eb:56:34:e9:69:0d:98:15:b3:22:10:b5:50:88:b9:c8:
        b3:2e:9c:b3:4e:a7:0d:2d:7d:b3:59:a4:1c:cf:2d:98:
        0c:52:36:7a:8d:79:d5:d5:19:19:27:fb:cb:4c:32:47:
        66:67:8e:56:53:91:42:f6:04:92:dd:f9:42:cb:6a:a2:
        38:7e:80:f2:74:83:de:fd:e6:58:35:f3:b5:87:72:f0:
        af:28:67:65:29:42:d7:8d:a4:5e:f9:18:a2:32:2e:25:
        3e:02:4b:1f:b0:aa:88:09:2e:b3:e8:06:a2:c7:11:0e:
        b4:4f:c1:a4:31:9b:33:12:44:8e:2f:ab:10:81:f2:20
    Fingerprint (SHA-256):
        57:EE:71:59:A2:00:5C:DB:0B:E2:5E:AC:C6:B2:00:07:12:A2:D8:55:7C:4A:AA:B4:57:6D:14:19:AA:F2:E8:13
    Fingerprint (SHA1):
        94:EC:BE:B9:97:4D:A6:9A:B5:47:87:28:E6:A1:80:06:E8:E1:E0:7A
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7794: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182951 (0x25714fa7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:01 2016
            Not After : Mon Jun 28 19:01:01 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b0:de:c2:4e:a9:e8:a9:a2:00:a8:dd:cf:0d:98:02:5f:
                    74:3c:f9:ce:ef:8a:a0:1f:da:d9:fb:f1:af:bc:04:40:
                    04:e6:b4:60:69:fc:7d:34:43:e9:36:15:11:e7:f0:38:
                    bc:02:84:72:63:dd:f9:9d:51:01:17:0b:bd:2b:31:59:
                    51:a5:d4:f2:4b:b3:67:5e:66:81:2e:77:4b:a6:7e:52:
                    2c:1e:0b:bb:74:df:1f:c9:34:74:6b:cf:26:5b:fa:df:
                    75:07:48:ad:65:61:3a:65:4a:4f:3a:2a:7e:91:1c:59:
                    dd:50:bb:46:cc:26:f2:a0:fd:12:8f:3d:b5:91:1d:10:
                    e4:7a:4a:b7:7b:c7:10:a1:c9:4c:66:1d:18:f7:c5:53:
                    9d:9a:61:3f:07:57:34:04:6f:f7:cc:d9:0b:92:5f:2f:
                    8e:bd:8a:32:31:97:d4:8e:4e:96:b0:89:1c:7b:8f:fe:
                    a0:85:d7:3a:0c:c7:a5:fb:e2:4c:fe:1a:78:d2:bb:0b:
                    1c:a1:d2:23:f0:d8:c0:83:b7:52:ed:ba:76:0f:c9:35:
                    21:b1:19:93:0f:4e:08:b6:10:c4:8c:17:2a:29:31:c8:
                    c7:8f:5c:d5:e7:60:c9:f3:0a:60:c0:ab:4a:67:c1:0a:
                    f9:52:06:8b:ab:49:81:76:13:6c:4a:77:2a:a6:c2:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:66:8c:91:92:4f:bf:25:3b:3e:fa:3b:f5:92:5f:41:
        1b:d8:16:50:6e:cc:e8:bf:f8:9e:e9:10:38:5c:c0:f7:
        59:a1:f9:0c:4e:3f:40:22:ed:8c:8c:47:d3:28:46:a4:
        6c:47:6d:ca:81:e1:d6:10:89:d5:02:60:5b:31:56:4e:
        74:c5:27:df:ab:bf:f5:66:ce:82:6d:f9:57:59:40:5a:
        e2:58:58:36:aa:95:ac:83:40:f2:5b:92:8b:ee:fa:9d:
        17:14:00:94:df:b4:2b:cd:f2:0b:82:19:12:a7:8f:79:
        8a:96:fa:57:71:ae:3f:15:60:ef:13:76:64:6d:79:e1:
        85:53:00:6f:37:fa:71:46:47:06:1a:18:e6:a2:53:c4:
        ff:d0:c5:bf:75:17:2f:98:9e:de:c1:9f:f4:b0:79:a3:
        14:1c:46:77:45:f8:2d:1f:ef:16:f5:dd:23:1e:74:41:
        8d:fb:50:f1:16:5d:2b:87:56:e3:c5:f9:6f:ab:49:ac:
        e4:8a:df:9b:69:6e:f0:53:32:c0:10:21:20:e3:9c:f4:
        d5:71:c2:f8:cc:e2:bf:bc:4f:03:ea:48:da:c8:bb:7a:
        3f:ab:ad:68:90:8c:d7:fc:1a:36:de:0d:d1:18:4e:bb:
        86:08:cd:e9:53:fe:93:b7:07:0f:f7:57:ed:6d:86:61
    Fingerprint (SHA-256):
        AE:45:6A:91:E8:F9:98:51:1F:3C:B4:2F:F6:C9:6C:F3:59:29:2A:44:EA:98:79:81:8D:74:6F:25:16:E9:0F:A0
    Fingerprint (SHA1):
        19:4E:A8:DE:3E:78:CB:57:9E:9C:06:FA:04:94:14:FE:50:2A:CC:21
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7795: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE1CA1.der CA1Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182951 (0x25714fa7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:01 2016
            Not After : Mon Jun 28 19:01:01 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b0:de:c2:4e:a9:e8:a9:a2:00:a8:dd:cf:0d:98:02:5f:
                    74:3c:f9:ce:ef:8a:a0:1f:da:d9:fb:f1:af:bc:04:40:
                    04:e6:b4:60:69:fc:7d:34:43:e9:36:15:11:e7:f0:38:
                    bc:02:84:72:63:dd:f9:9d:51:01:17:0b:bd:2b:31:59:
                    51:a5:d4:f2:4b:b3:67:5e:66:81:2e:77:4b:a6:7e:52:
                    2c:1e:0b:bb:74:df:1f:c9:34:74:6b:cf:26:5b:fa:df:
                    75:07:48:ad:65:61:3a:65:4a:4f:3a:2a:7e:91:1c:59:
                    dd:50:bb:46:cc:26:f2:a0:fd:12:8f:3d:b5:91:1d:10:
                    e4:7a:4a:b7:7b:c7:10:a1:c9:4c:66:1d:18:f7:c5:53:
                    9d:9a:61:3f:07:57:34:04:6f:f7:cc:d9:0b:92:5f:2f:
                    8e:bd:8a:32:31:97:d4:8e:4e:96:b0:89:1c:7b:8f:fe:
                    a0:85:d7:3a:0c:c7:a5:fb:e2:4c:fe:1a:78:d2:bb:0b:
                    1c:a1:d2:23:f0:d8:c0:83:b7:52:ed:ba:76:0f:c9:35:
                    21:b1:19:93:0f:4e:08:b6:10:c4:8c:17:2a:29:31:c8:
                    c7:8f:5c:d5:e7:60:c9:f3:0a:60:c0:ab:4a:67:c1:0a:
                    f9:52:06:8b:ab:49:81:76:13:6c:4a:77:2a:a6:c2:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:66:8c:91:92:4f:bf:25:3b:3e:fa:3b:f5:92:5f:41:
        1b:d8:16:50:6e:cc:e8:bf:f8:9e:e9:10:38:5c:c0:f7:
        59:a1:f9:0c:4e:3f:40:22:ed:8c:8c:47:d3:28:46:a4:
        6c:47:6d:ca:81:e1:d6:10:89:d5:02:60:5b:31:56:4e:
        74:c5:27:df:ab:bf:f5:66:ce:82:6d:f9:57:59:40:5a:
        e2:58:58:36:aa:95:ac:83:40:f2:5b:92:8b:ee:fa:9d:
        17:14:00:94:df:b4:2b:cd:f2:0b:82:19:12:a7:8f:79:
        8a:96:fa:57:71:ae:3f:15:60:ef:13:76:64:6d:79:e1:
        85:53:00:6f:37:fa:71:46:47:06:1a:18:e6:a2:53:c4:
        ff:d0:c5:bf:75:17:2f:98:9e:de:c1:9f:f4:b0:79:a3:
        14:1c:46:77:45:f8:2d:1f:ef:16:f5:dd:23:1e:74:41:
        8d:fb:50:f1:16:5d:2b:87:56:e3:c5:f9:6f:ab:49:ac:
        e4:8a:df:9b:69:6e:f0:53:32:c0:10:21:20:e3:9c:f4:
        d5:71:c2:f8:cc:e2:bf:bc:4f:03:ea:48:da:c8:bb:7a:
        3f:ab:ad:68:90:8c:d7:fc:1a:36:de:0d:d1:18:4e:bb:
        86:08:cd:e9:53:fe:93:b7:07:0f:f7:57:ed:6d:86:61
    Fingerprint (SHA-256):
        AE:45:6A:91:E8:F9:98:51:1F:3C:B4:2F:F6:C9:6C:F3:59:29:2A:44:EA:98:79:81:8D:74:6F:25:16:E9:0F:A0
    Fingerprint (SHA1):
        19:4E:A8:DE:3E:78:CB:57:9E:9C:06:FA:04:94:14:FE:50:2A:CC:21
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7796: BridgeWithHalfAIA: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der BridgeArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. CN=EE2 EE,O=EE2,C=US :
  ERROR -8179: Peer's Certificate issuer is not recognized.
    CN=CA2 Intermediate,O=CA2,C=US
Returned value is 1, expected result is fail
chains.sh: #7797: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182950 (0x25714fa6)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 19:00:45 2016
            Not After : Mon Jun 28 19:00:45 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    a0:a2:63:72:ba:80:0e:97:b3:e1:8f:4a:5e:84:50:48:
                    b4:b5:71:0e:b6:17:fb:9e:59:5a:b5:07:ac:ca:d9:16:
                    45:f8:e3:96:f5:5b:e5:e4:6e:de:24:58:9d:55:2f:16:
                    51:bc:04:90:cb:44:e7:37:d3:60:f9:b3:b9:59:44:bc:
                    ad:f9:79:90:9b:a0:1e:03:1e:37:5c:5a:41:05:dd:b0:
                    72:79:77:0e:55:09:8e:1d:bc:d2:0c:1f:31:a9:7b:8f:
                    f3:03:a7:42:41:d5:27:bc:2a:c0:a7:be:4f:a6:59:33:
                    4e:dd:d3:b1:ca:99:e5:90:e2:0d:3e:b4:0e:94:21:aa:
                    24:5b:b9:06:62:f3:48:03:1c:d7:97:67:52:7e:7c:e8:
                    0c:44:70:f8:2c:7f:f1:0a:a2:c9:15:75:79:3e:f6:69:
                    ba:2b:1b:70:e0:4e:35:b4:62:2c:b1:00:b0:29:fb:9b:
                    90:ff:97:54:5b:72:d9:c9:84:71:d6:17:ee:46:23:e0:
                    71:b8:55:2c:e6:73:f5:b6:9a:76:a1:8a:d4:6a:11:02:
                    b1:8f:e4:82:be:ef:64:0a:b7:c5:8d:7d:41:d7:c0:4c:
                    a7:d4:1d:05:21:bc:2b:6b:e7:07:62:42:23:32:18:0a:
                    d2:8a:8c:f9:0e:4c:f3:ff:9d:e7:72:8e:9d:08:a5:ad
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        31:10:65:c7:17:fe:42:83:16:3f:90:c9:d5:55:c8:a9:
        fa:e4:ab:df:20:33:0b:7b:be:1e:66:58:17:ce:1a:51:
        de:7e:d2:70:7b:9c:c0:08:74:67:41:a8:c2:56:cd:29:
        ec:21:ee:69:c3:7f:84:8f:03:b4:0e:92:9a:52:57:22:
        3c:e4:55:fa:86:cf:73:70:8d:13:74:11:a2:ce:c9:38:
        20:6e:69:7b:9b:09:c5:c0:44:ac:10:97:05:b6:13:d9:
        50:69:50:78:55:38:f7:68:52:56:1e:2c:6e:8c:e5:3b:
        36:65:25:4c:75:f0:51:c2:cf:78:83:73:e6:16:60:2f:
        eb:56:34:e9:69:0d:98:15:b3:22:10:b5:50:88:b9:c8:
        b3:2e:9c:b3:4e:a7:0d:2d:7d:b3:59:a4:1c:cf:2d:98:
        0c:52:36:7a:8d:79:d5:d5:19:19:27:fb:cb:4c:32:47:
        66:67:8e:56:53:91:42:f6:04:92:dd:f9:42:cb:6a:a2:
        38:7e:80:f2:74:83:de:fd:e6:58:35:f3:b5:87:72:f0:
        af:28:67:65:29:42:d7:8d:a4:5e:f9:18:a2:32:2e:25:
        3e:02:4b:1f:b0:aa:88:09:2e:b3:e8:06:a2:c7:11:0e:
        b4:4f:c1:a4:31:9b:33:12:44:8e:2f:ab:10:81:f2:20
    Fingerprint (SHA-256):
        57:EE:71:59:A2:00:5C:DB:0B:E2:5E:AC:C6:B2:00:07:12:A2:D8:55:7C:4A:AA:B4:57:6D:14:19:AA:F2:E8:13
    Fingerprint (SHA1):
        94:EC:BE:B9:97:4D:A6:9A:B5:47:87:28:E6:A1:80:06:E8:E1:E0:7A
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7798: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182951 (0x25714fa7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:01 2016
            Not After : Mon Jun 28 19:01:01 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b0:de:c2:4e:a9:e8:a9:a2:00:a8:dd:cf:0d:98:02:5f:
                    74:3c:f9:ce:ef:8a:a0:1f:da:d9:fb:f1:af:bc:04:40:
                    04:e6:b4:60:69:fc:7d:34:43:e9:36:15:11:e7:f0:38:
                    bc:02:84:72:63:dd:f9:9d:51:01:17:0b:bd:2b:31:59:
                    51:a5:d4:f2:4b:b3:67:5e:66:81:2e:77:4b:a6:7e:52:
                    2c:1e:0b:bb:74:df:1f:c9:34:74:6b:cf:26:5b:fa:df:
                    75:07:48:ad:65:61:3a:65:4a:4f:3a:2a:7e:91:1c:59:
                    dd:50:bb:46:cc:26:f2:a0:fd:12:8f:3d:b5:91:1d:10:
                    e4:7a:4a:b7:7b:c7:10:a1:c9:4c:66:1d:18:f7:c5:53:
                    9d:9a:61:3f:07:57:34:04:6f:f7:cc:d9:0b:92:5f:2f:
                    8e:bd:8a:32:31:97:d4:8e:4e:96:b0:89:1c:7b:8f:fe:
                    a0:85:d7:3a:0c:c7:a5:fb:e2:4c:fe:1a:78:d2:bb:0b:
                    1c:a1:d2:23:f0:d8:c0:83:b7:52:ed:ba:76:0f:c9:35:
                    21:b1:19:93:0f:4e:08:b6:10:c4:8c:17:2a:29:31:c8:
                    c7:8f:5c:d5:e7:60:c9:f3:0a:60:c0:ab:4a:67:c1:0a:
                    f9:52:06:8b:ab:49:81:76:13:6c:4a:77:2a:a6:c2:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:66:8c:91:92:4f:bf:25:3b:3e:fa:3b:f5:92:5f:41:
        1b:d8:16:50:6e:cc:e8:bf:f8:9e:e9:10:38:5c:c0:f7:
        59:a1:f9:0c:4e:3f:40:22:ed:8c:8c:47:d3:28:46:a4:
        6c:47:6d:ca:81:e1:d6:10:89:d5:02:60:5b:31:56:4e:
        74:c5:27:df:ab:bf:f5:66:ce:82:6d:f9:57:59:40:5a:
        e2:58:58:36:aa:95:ac:83:40:f2:5b:92:8b:ee:fa:9d:
        17:14:00:94:df:b4:2b:cd:f2:0b:82:19:12:a7:8f:79:
        8a:96:fa:57:71:ae:3f:15:60:ef:13:76:64:6d:79:e1:
        85:53:00:6f:37:fa:71:46:47:06:1a:18:e6:a2:53:c4:
        ff:d0:c5:bf:75:17:2f:98:9e:de:c1:9f:f4:b0:79:a3:
        14:1c:46:77:45:f8:2d:1f:ef:16:f5:dd:23:1e:74:41:
        8d:fb:50:f1:16:5d:2b:87:56:e3:c5:f9:6f:ab:49:ac:
        e4:8a:df:9b:69:6e:f0:53:32:c0:10:21:20:e3:9c:f4:
        d5:71:c2:f8:cc:e2:bf:bc:4f:03:ea:48:da:c8:bb:7a:
        3f:ab:ad:68:90:8c:d7:fc:1a:36:de:0d:d1:18:4e:bb:
        86:08:cd:e9:53:fe:93:b7:07:0f:f7:57:ed:6d:86:61
    Fingerprint (SHA-256):
        AE:45:6A:91:E8:F9:98:51:1F:3C:B4:2F:F6:C9:6C:F3:59:29:2A:44:EA:98:79:81:8D:74:6F:25:16:E9:0F:A0
    Fingerprint (SHA1):
        19:4E:A8:DE:3E:78:CB:57:9E:9C:06:FA:04:94:14:FE:50:2A:CC:21
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7799: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der
vfychain -d EE1DB -pp -vv   -f    EE2CA2.der CA2Bridge.der BridgeArmy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182951 (0x25714fa7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:01 2016
            Not After : Mon Jun 28 19:01:01 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b0:de:c2:4e:a9:e8:a9:a2:00:a8:dd:cf:0d:98:02:5f:
                    74:3c:f9:ce:ef:8a:a0:1f:da:d9:fb:f1:af:bc:04:40:
                    04:e6:b4:60:69:fc:7d:34:43:e9:36:15:11:e7:f0:38:
                    bc:02:84:72:63:dd:f9:9d:51:01:17:0b:bd:2b:31:59:
                    51:a5:d4:f2:4b:b3:67:5e:66:81:2e:77:4b:a6:7e:52:
                    2c:1e:0b:bb:74:df:1f:c9:34:74:6b:cf:26:5b:fa:df:
                    75:07:48:ad:65:61:3a:65:4a:4f:3a:2a:7e:91:1c:59:
                    dd:50:bb:46:cc:26:f2:a0:fd:12:8f:3d:b5:91:1d:10:
                    e4:7a:4a:b7:7b:c7:10:a1:c9:4c:66:1d:18:f7:c5:53:
                    9d:9a:61:3f:07:57:34:04:6f:f7:cc:d9:0b:92:5f:2f:
                    8e:bd:8a:32:31:97:d4:8e:4e:96:b0:89:1c:7b:8f:fe:
                    a0:85:d7:3a:0c:c7:a5:fb:e2:4c:fe:1a:78:d2:bb:0b:
                    1c:a1:d2:23:f0:d8:c0:83:b7:52:ed:ba:76:0f:c9:35:
                    21:b1:19:93:0f:4e:08:b6:10:c4:8c:17:2a:29:31:c8:
                    c7:8f:5c:d5:e7:60:c9:f3:0a:60:c0:ab:4a:67:c1:0a:
                    f9:52:06:8b:ab:49:81:76:13:6c:4a:77:2a:a6:c2:af
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1c:66:8c:91:92:4f:bf:25:3b:3e:fa:3b:f5:92:5f:41:
        1b:d8:16:50:6e:cc:e8:bf:f8:9e:e9:10:38:5c:c0:f7:
        59:a1:f9:0c:4e:3f:40:22:ed:8c:8c:47:d3:28:46:a4:
        6c:47:6d:ca:81:e1:d6:10:89:d5:02:60:5b:31:56:4e:
        74:c5:27:df:ab:bf:f5:66:ce:82:6d:f9:57:59:40:5a:
        e2:58:58:36:aa:95:ac:83:40:f2:5b:92:8b:ee:fa:9d:
        17:14:00:94:df:b4:2b:cd:f2:0b:82:19:12:a7:8f:79:
        8a:96:fa:57:71:ae:3f:15:60:ef:13:76:64:6d:79:e1:
        85:53:00:6f:37:fa:71:46:47:06:1a:18:e6:a2:53:c4:
        ff:d0:c5:bf:75:17:2f:98:9e:de:c1:9f:f4:b0:79:a3:
        14:1c:46:77:45:f8:2d:1f:ef:16:f5:dd:23:1e:74:41:
        8d:fb:50:f1:16:5d:2b:87:56:e3:c5:f9:6f:ab:49:ac:
        e4:8a:df:9b:69:6e:f0:53:32:c0:10:21:20:e3:9c:f4:
        d5:71:c2:f8:cc:e2:bf:bc:4f:03:ea:48:da:c8:bb:7a:
        3f:ab:ad:68:90:8c:d7:fc:1a:36:de:0d:d1:18:4e:bb:
        86:08:cd:e9:53:fe:93:b7:07:0f:f7:57:ed:6d:86:61
    Fingerprint (SHA-256):
        AE:45:6A:91:E8:F9:98:51:1F:3C:B4:2F:F6:C9:6C:F3:59:29:2A:44:EA:98:79:81:8D:74:6F:25:16:E9:0F:A0
    Fingerprint (SHA1):
        19:4E:A8:DE:3E:78:CB:57:9E:9C:06:FA:04:94:14:FE:50:2A:CC:21
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Returned value is 0, expected result is pass
chains.sh: #7800: BridgeWithHalfAIA: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeArmy.der with flags -d EE1DB -pp   -f    -t Navy.der - PASSED
chains.sh: Creating DB ArmyDB
certutil -N -d ArmyDB -f ArmyDB/dbpasswd
chains.sh: #7801: BridgeWithPolicyExtensionAndMapping: Creating DB ArmyDB  - PASSED
chains.sh: Creating Root CA Army
certutil -s "CN=Army ROOT CA, O=Army, C=US" -S -n Army  -t CTu,CTu,CTu -v 600 -x -d ArmyDB -1 -2 -5 -f ArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182958 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7802: BridgeWithPolicyExtensionAndMapping: Creating Root CA Army  - PASSED
chains.sh: Exporting Root CA Army.der
certutil -L -d ArmyDB -r -n Army -o Army.der
chains.sh: #7803: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Army.der  - PASSED
chains.sh: Creating DB NavyDB
certutil -N -d NavyDB -f NavyDB/dbpasswd
chains.sh: #7804: BridgeWithPolicyExtensionAndMapping: Creating DB NavyDB  - PASSED
chains.sh: Creating Root CA Navy
certutil -s "CN=Navy ROOT CA, O=Navy, C=US" -S -n Navy  -t CTu,CTu,CTu -v 600 -x -d NavyDB -1 -2 -5 -f NavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182959 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7805: BridgeWithPolicyExtensionAndMapping: Creating Root CA Navy  - PASSED
chains.sh: Exporting Root CA Navy.der
certutil -L -d NavyDB -r -n Navy -o Navy.der
chains.sh: #7806: BridgeWithPolicyExtensionAndMapping: Exporting Root CA Navy.der  - PASSED
chains.sh: Creating DB CAArmyDB
certutil -N -d CAArmyDB -f CAArmyDB/dbpasswd
chains.sh: #7807: BridgeWithPolicyExtensionAndMapping: Creating DB CAArmyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CAArmyReq.der
certutil -s "CN=CAArmy Intermediate, O=CAArmy, C=US"  -R -2 -d CAArmyDB -f CAArmyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CAArmyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7808: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CAArmyReq.der  - PASSED
chains.sh: Creating certficate CAArmyArmy.der signed by Army
certutil -C -c Army -v 60 -d ArmyDB -i CAArmyReq.der -o CAArmyArmy.der -f ArmyDB/dbpasswd -m 628182960   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7809: BridgeWithPolicyExtensionAndMapping: Creating certficate CAArmyArmy.der signed by Army  - PASSED
chains.sh: Importing certificate CAArmyArmy.der to CAArmyDB database
certutil -A -n CAArmy -t u,u,u -d CAArmyDB -f CAArmyDB/dbpasswd -i CAArmyArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7810: BridgeWithPolicyExtensionAndMapping: Importing certificate CAArmyArmy.der to CAArmyDB database  - PASSED
chains.sh: Creating DB CANavyDB
certutil -N -d CANavyDB -f CANavyDB/dbpasswd
chains.sh: #7811: BridgeWithPolicyExtensionAndMapping: Creating DB CANavyDB  - PASSED
chains.sh: Creating Intermediate certifiate request CANavyReq.der
certutil -s "CN=CANavy Intermediate, O=CANavy, C=US"  -R -2 -d CANavyDB -f CANavyDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CANavyReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7812: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CANavyReq.der  - PASSED
chains.sh: Creating certficate CANavyNavy.der signed by Navy
certutil -C -c Navy -v 60 -d NavyDB -i CANavyReq.der -o CANavyNavy.der -f NavyDB/dbpasswd -m 628182961   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7813: BridgeWithPolicyExtensionAndMapping: Creating certficate CANavyNavy.der signed by Navy  - PASSED
chains.sh: Importing certificate CANavyNavy.der to CANavyDB database
certutil -A -n CANavy -t u,u,u -d CANavyDB -f CANavyDB/dbpasswd -i CANavyNavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7814: BridgeWithPolicyExtensionAndMapping: Importing certificate CANavyNavy.der to CANavyDB database  - PASSED
chains.sh: Creating DB BridgeDB
certutil -N -d BridgeDB -f BridgeDB/dbpasswd
chains.sh: #7815: BridgeWithPolicyExtensionAndMapping: Creating DB BridgeDB  - PASSED
chains.sh: Creating Bridge certifiate request BridgeReq.der
certutil -s "CN=Bridge Bridge, O=Bridge, C=US"  -R -2 -d BridgeDB -f BridgeDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o BridgeReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7816: BridgeWithPolicyExtensionAndMapping: Creating Bridge certifiate request BridgeReq.der  - PASSED
chains.sh: Creating certficate BridgeCAArmy.der signed by CAArmy
certutil -C -c CAArmy -v 60 -d CAArmyDB -i BridgeReq.der -o BridgeCAArmy.der -f CAArmyDB/dbpasswd -m 628182962 -7 Bridge@CAArmy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.1.1
1
n
n
n
OID.1.1
OID.2.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7817: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCAArmy.der signed by CAArmy  - PASSED
chains.sh: Importing certificate BridgeCAArmy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCAArmy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7818: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCAArmy.der to BridgeDB database  - PASSED
chains.sh: Creating certficate BridgeCANavy.der signed by CANavy
certutil -C -c CANavy -v 60 -d CANavyDB -i BridgeReq.der -o BridgeCANavy.der -f CANavyDB/dbpasswd -m 628182963 -7 Bridge@CANavy  --extCP --extPM < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
y
OID.2.1
1
n
n
n
OID.2.1
OID.1.1
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
Enter an Object Identifier (dotted decimal format) for Issuer Domain Policy > Enter an Object Identifier for Subject Domain Policy > Enter another Policy Mapping [y/N]
Is this a critical extension [y/N]?
chains.sh: #7819: BridgeWithPolicyExtensionAndMapping: Creating certficate BridgeCANavy.der signed by CANavy  - PASSED
chains.sh: Importing certificate BridgeCANavy.der to BridgeDB database
certutil -A -n Bridge -t u,u,u -d BridgeDB -f BridgeDB/dbpasswd -i BridgeCANavy.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7820: BridgeWithPolicyExtensionAndMapping: Importing certificate BridgeCANavy.der to BridgeDB database  - PASSED
chains.sh: Generating PKCS7 package from BridgeDB database
cmsutil -O -r "Bridge@CAArmy,Bridge@CANavy" -d BridgeDB > Bridge.p7
chains.sh: #7821: BridgeWithPolicyExtensionAndMapping: Generating PKCS7 package from BridgeDB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7822: BridgeWithPolicyExtensionAndMapping: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7823: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA1Req.der -o CA1Bridge.der -f BridgeDB/dbpasswd -m 628182964   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.1
1
n
y
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7824: BridgeWithPolicyExtensionAndMapping: Creating certficate CA1Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA1Bridge.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7825: BridgeWithPolicyExtensionAndMapping: Importing certificate CA1Bridge.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7826: BridgeWithPolicyExtensionAndMapping: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7827: BridgeWithPolicyExtensionAndMapping: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Bridge.der signed by Bridge
certutil -C -c Bridge -v 60 -d BridgeDB -i CA2Req.der -o CA2Bridge.der -f BridgeDB/dbpasswd -m 628182965   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.1.0
1
n
y
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.1.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7828: BridgeWithPolicyExtensionAndMapping: Creating certficate CA2Bridge.der signed by Bridge  - PASSED
chains.sh: Importing certificate CA2Bridge.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Bridge.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7829: BridgeWithPolicyExtensionAndMapping: Importing certificate CA2Bridge.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7830: BridgeWithPolicyExtensionAndMapping: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7831: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182966   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.1
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.1
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7832: BridgeWithPolicyExtensionAndMapping: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7833: BridgeWithPolicyExtensionAndMapping: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7834: BridgeWithPolicyExtensionAndMapping: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7835: BridgeWithPolicyExtensionAndMapping: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182967   --extCP < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
OID.2.0
1
n
n
n
===
Enter a CertPolicy Object Identifier (dotted decimal format)
or "any" for AnyPolicy: > Choose the type of qualifier for policy: OID.2.0
	1 - CPS Pointer qualifier
	2 - User notice qualifier
	Any other number to finish
		Choice:  > Enter CPS pointer URI:  > Enter another policy qualifier [y/N]
Enter another PolicyInformation field [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7836: BridgeWithPolicyExtensionAndMapping: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7837: BridgeWithPolicyExtensionAndMapping: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7838: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182958 (0x25714fae)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Army ROOT CA,O=Army,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:37 2016
            Not After : Mon Jun 28 19:01:37 2066
        Subject: "CN=Army ROOT CA,O=Army,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b2:de:bb:2a:07:ac:3d:fd:90:38:dc:b0:7a:c9:ba:b6:
                    27:c8:96:8f:7b:c5:84:3b:5a:39:d5:b0:62:58:2a:34:
                    e9:93:ed:e4:66:05:83:4b:76:c0:cc:00:07:32:ab:24:
                    2f:30:2a:64:87:5b:1e:45:b0:0c:c8:f6:91:1e:93:63:
                    6b:27:7f:22:64:d2:d3:53:35:ad:2c:b2:26:e8:70:02:
                    45:10:ff:48:2d:9c:36:80:0b:30:e8:bc:74:b2:43:e7:
                    f5:6b:d1:7f:0a:45:eb:f1:9c:ad:5d:f8:c5:5d:e4:21:
                    76:a8:ea:dd:e8:24:34:31:b4:49:fb:fe:60:e9:40:9e:
                    5e:54:df:84:f6:dc:a5:71:7c:40:f4:cc:69:14:a8:49:
                    fd:a3:78:46:41:af:bb:48:53:ad:6e:80:a9:e2:67:6b:
                    4f:a2:40:22:ad:90:36:b6:32:17:fc:c9:de:20:94:f3:
                    21:3e:bd:a1:37:17:15:ac:b8:46:48:76:4c:e8:df:af:
                    c6:e2:88:e6:5f:16:8d:38:0b:10:e4:bb:1a:0a:2c:87:
                    0d:60:9c:9e:9a:42:9c:a1:d3:a7:bf:46:de:29:df:66:
                    04:04:e8:30:1f:f8:48:cb:bc:f5:61:e5:d8:b6:a0:8a:
                    4c:f0:f1:72:b6:e3:0f:85:ee:05:8f:dc:94:d5:ce:b1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        1d:a9:bf:8b:d9:d2:3e:34:31:fa:aa:7f:e7:01:e0:25:
        66:27:5d:d6:8f:aa:b7:4f:28:2c:7d:f3:ed:6a:97:1f:
        ee:d4:6d:12:65:92:59:e8:f2:af:93:6d:ff:b9:69:8b:
        59:82:41:34:7c:d7:35:32:ce:b6:d1:da:41:f6:04:01:
        7a:12:a5:a8:24:f9:ac:6e:d9:c8:f4:e2:3c:85:3f:b6:
        cb:8f:df:52:83:34:a2:04:54:0b:95:18:98:ef:b2:a9:
        c1:95:41:d1:2a:da:11:b3:2b:d7:71:7e:43:a3:c9:0c:
        90:3e:54:a0:d8:7e:a4:43:98:ac:b0:3e:e4:13:ff:ee:
        f8:d3:02:69:71:7f:b9:54:37:74:de:41:44:10:8f:38:
        ad:55:90:1a:38:ba:9a:32:79:dd:0a:f7:f8:b1:e8:97:
        b9:a7:3b:cd:0b:9f:16:69:19:c7:d7:3c:86:43:71:7a:
        61:98:98:bb:e9:70:61:16:f2:ac:72:cf:3b:a5:8f:ef:
        c3:c0:2e:24:58:4d:28:dc:5d:e5:1e:dc:fa:59:f1:50:
        bf:3f:b3:a0:11:f3:51:c7:38:f8:74:99:5a:74:50:11:
        08:b8:9b:24:97:7e:5a:14:ee:78:e4:d6:2a:b6:d3:c1:
        a8:5a:be:b1:11:56:c6:b4:2d:c0:e0:8a:db:3e:35:4b
    Fingerprint (SHA-256):
        D6:33:23:29:91:6F:94:5E:8B:30:1D:1A:14:78:C5:37:F5:C0:50:C1:F6:E6:46:2E:9A:E7:A2:DA:FF:8D:C0:1D
    Fingerprint (SHA1):
        32:52:B9:88:60:21:9E:E9:59:99:35:1E:9B:86:9B:77:EB:14:AE:7F
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CAArmy Intermediate,O=CAArmy,C=US"
Returned value is 0, expected result is pass
chains.sh: #7839: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7840: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7841: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7842: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7843: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7844: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7845: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE1CA1.der CA1Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7846: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7847: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.1.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182959 (0x25714faf)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Navy ROOT CA,O=Navy,C=US"
        Validity:
            Not Before: Tue Jun 28 19:01:43 2016
            Not After : Mon Jun 28 19:01:43 2066
        Subject: "CN=Navy ROOT CA,O=Navy,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:79:5d:00:63:3f:f4:01:84:87:8e:65:4e:a2:59:fa:
                    1f:f5:94:d7:f8:98:04:92:22:57:a6:f8:97:5b:dd:4c:
                    d1:70:43:c1:3e:f2:6f:0e:9d:9c:54:e1:e8:ac:29:5e:
                    ff:3d:39:ea:c6:30:0e:42:0c:11:40:e1:4e:d3:01:db:
                    d3:bd:96:83:16:b4:a1:53:4a:56:45:3d:8b:2a:9b:b4:
                    8f:93:27:4a:6b:6d:be:b1:09:06:7a:c1:18:0c:89:dd:
                    32:8d:b0:0d:f3:62:c1:28:d3:72:24:b6:48:d3:18:a4:
                    09:56:84:a2:b6:c7:27:00:a8:e9:61:ce:ec:48:69:15:
                    48:38:f3:e5:fc:cf:64:7e:21:7c:90:46:6a:b1:6a:04:
                    bb:9b:8c:60:51:6b:12:c7:d0:16:09:d9:03:b3:84:59:
                    f4:57:fd:cb:c2:27:f1:85:3f:11:36:69:52:53:3a:ad:
                    7d:23:30:a7:23:38:e3:bd:f0:4e:3d:f1:55:0e:24:d2:
                    45:cb:85:b0:40:5e:24:21:99:ea:d6:b3:c6:8a:98:9f:
                    30:d7:87:ed:71:da:e2:d8:3e:ad:e1:a8:d7:15:4c:9a:
                    be:ff:7b:c2:b7:fa:6d:40:0e:e8:fd:d8:89:f8:36:48:
                    f3:33:1a:64:68:d2:7b:81:ec:42:aa:cb:7b:6f:04:75
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        7d:7a:48:77:03:17:bc:90:4e:64:87:18:d5:bc:3b:15:
        d6:c7:af:96:c7:1e:36:94:63:67:49:c1:60:84:61:06:
        61:c5:e7:2e:45:f8:61:41:b2:e1:51:44:78:be:08:c6:
        41:a7:a3:f7:c8:8a:52:15:0b:4f:14:28:6a:d3:a0:eb:
        47:3b:f8:5e:55:a4:14:45:72:c1:5a:09:86:2b:b7:e8:
        08:1d:ab:80:d9:79:d6:24:24:34:36:31:4d:9a:e0:72:
        0a:01:1b:5d:23:43:59:0c:24:21:fc:24:7c:cb:a7:0d:
        9b:d5:d7:6d:20:41:42:89:2a:6a:31:af:27:26:44:1f:
        b6:8f:ac:51:65:45:a0:c9:00:70:4b:f8:03:18:ba:3d:
        95:c2:6c:06:7c:7b:19:63:a6:54:46:1b:9f:3a:38:a4:
        cd:c4:03:62:e2:17:47:39:e9:ce:a2:27:7e:b5:e1:f9:
        cf:aa:51:c5:67:49:0a:da:d3:53:a2:6e:98:ab:f6:e3:
        2a:8d:06:6f:06:b5:ab:9d:12:d7:bb:6d:eb:78:ba:96:
        ba:49:19:86:5b:b2:4a:93:9e:35:23:0e:27:8d:f4:22:
        84:48:b4:c1:3b:7c:6e:37:3c:fb:44:3e:a7:1b:b9:54:
        65:a6:26:a5:f0:95:ae:9b:ad:7e:39:65:20:8a:22:f1
    Fingerprint (SHA-256):
        AA:AC:5E:50:98:E1:29:16:D0:09:C2:01:6F:DB:1B:46:E7:10:F1:3B:4E:8E:C7:CB:A0:02:C5:00:42:EA:68:85
    Fingerprint (SHA1):
        1F:0B:25:FF:03:C4:AC:FB:2E:21:5F:49:11:7D:20:3C:C3:84:1B:0F
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=Bridge Bridge,O=Bridge,C=US"
Certificate 4 Subject: "CN=CANavy Intermediate,O=CANavy,C=US"
Returned value is 0, expected result is pass
chains.sh: #7848: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.0  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der  -t Navy.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Navy ROOT CA,O=Navy,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7849: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCANavy.der CANavyNavy.der with flags  -pp      -o OID.2.1  -t Navy.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der
vfychain  -pp -vv      -o OID.1.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7850: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der
vfychain  -pp -vv      -o OID.1.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7851: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.1.1  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der
vfychain  -pp -vv      -o OID.2.0  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7852: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.0  -t Army.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der
vfychain  -pp -vv      -o OID.2.1  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der  -t Army.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 4. CN=Army ROOT CA,O=Army,C=US [Certificate Authority]:
  ERROR -8032: Cert chain fails policy validation
Returned value is 1, expected result is fail
chains.sh: #7853: BridgeWithPolicyExtensionAndMapping: Verifying certificate(s)  EE2CA2.der CA2Bridge.der BridgeCAArmy.der CAArmyArmy.der with flags  -pp      -o OID.2.1  -t Army.der - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7854: RealCerts: Creating DB AllDB  - PASSED
chains.sh: Importing certificate TestCA.ca.cert to AllDB database
certutil -A -n TestCA.ca  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestCA.ca.cert
chains.sh: #7855: RealCerts: Importing certificate TestCA.ca.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser50.cert to AllDB database
certutil -A -n TestUser50  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert
chains.sh: #7856: RealCerts: Importing certificate TestUser50.cert to AllDB database  - PASSED
chains.sh: Importing certificate TestUser51.cert to AllDB database
certutil -A -n TestUser51  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert
chains.sh: #7857: RealCerts: Importing certificate TestUser51.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalRootCA.cert to AllDB database
certutil -A -n PayPalRootCA  -t "CT,C,C" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalRootCA.cert
chains.sh: #7858: RealCerts: Importing certificate PayPalRootCA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalICA.cert to AllDB database
certutil -A -n PayPalICA  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalICA.cert
chains.sh: #7859: RealCerts: Importing certificate PayPalICA.cert to AllDB database  - PASSED
chains.sh: Importing certificate PayPalEE.cert to AllDB database
certutil -A -n PayPalEE  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert
chains.sh: #7860: RealCerts: Importing certificate PayPalEE.cert to AllDB database  - PASSED
chains.sh: Importing certificate BrAirWaysBadSig.cert to AllDB database
certutil -A -n BrAirWaysBadSig  -t "" -d AllDB -f AllDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert
chains.sh: #7861: RealCerts: Importing certificate BrAirWaysBadSig.cert to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser50.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser50,E=TestUser50@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7862: RealCerts: Verifying certificate(s)  TestUser50.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/TestUser51.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Feb 20 16:25:05 2013
            Not After : Tue Feb 20 16:25:05 2063
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c4:58:78:2a:a3:8a:14:49:b6:2d:13:eb:e2:b0:e5:6a:
                    02:ff:7f:a3:29:87:eb:50:34:c0:2e:26:92:a0:ce:75:
                    28:86:62:62:88:0a:c5:a0:35:37:f4:f9:cc:a2:07:9c:
                    90:8b:0f:6b:c6:3b:b8:cb:6c:ad:bd:08:0a:3c:0d:be:
                    92:b6:be:72:ee:c3:53:10:04:bc:4d:c9:12:2c:3d:c8:
                    e8:66:01:fe:13:d3:94:ad:4a:be:ea:52:44:bb:c1:e2:
                    7b:c8:50:57:7b:ea:a0:eb:24:ba:7f:89:b8:12:57:a1:
                    cd:e0:5c:01:37:a7:27:85:b4:97:fd:99:56:85:40:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        ba:fc:34:78:a1:c1:07:50:6c:48:42:c8:dd:fa:8c:59:
        d8:af:3d:4c:87:b8:54:93:20:63:e1:16:18:a7:fa:aa:
        b3:92:c4:1a:a6:e6:b8:9c:db:c0:c2:88:d3:c4:9d:c8:
        8b:26:b0:d0:6e:e8:be:8a:a5:83:e6:88:b7:0c:9a:d2:
        b7:0f:fd:32:77:a9:84:6d:9c:84:6f:b1:2e:49:20:eb:
        be:5d:5d:e6:a7:0a:f2:b5:5e:8e:fc:62:b2:30:43:b9:
        4b:05:b4:79:e8:cb:63:43:f9:6e:ca:42:1c:7e:ec:bd:
        37:84:8f:b7:bd:1f:d5:b3:dd:fe:01:98:78:37:45:65
    Fingerprint (SHA-256):
        E0:53:A5:70:5A:29:33:E1:E2:BB:1C:6E:CC:90:1C:74:EF:78:9B:7C:B9:C0:EB:47:23:E5:9D:3E:99:EF:41:65
    Fingerprint (SHA1):
        1A:47:38:A7:FC:C0:BC:A3:03:B4:7E:9A:24:73:96:37:A9:AB:66:40
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=TestUser51,E=TestUser51@bogus.com,O=BOGUS NSS,L=Mo
    untain View,ST=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #7863: RealCerts: Verifying certificate(s)  TestUser51.cert with flags -d AllDB -pp       - PASSED
chains.sh: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1 
vfychain -d AllDB -pp -vv      -o OID.2.16.840.1.114412.1.1  /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/PayPalEE.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=
            DigiCert Inc,C=US"
        Validity:
            Not Before: Fri Nov 10 00:00:00 2006
            Not After : Mon Nov 10 00:00:00 2031
        Subject: "CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O
            =DigiCert Inc,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c6:cc:e5:73:e6:fb:d4:bb:e5:2d:2d:32:a6:df:e5:81:
                    3f:c9:cd:25:49:b6:71:2a:c3:d5:94:34:67:a2:0a:1c:
                    b0:5f:69:a6:40:b1:c4:b7:b2:8f:d0:98:a4:a9:41:59:
                    3a:d3:dc:94:d6:3c:db:74:38:a4:4a:cc:4d:25:82:f7:
                    4a:a5:53:12:38:ee:f3:49:6d:71:91:7e:63:b6:ab:a6:
                    5f:c3:a4:84:f8:4f:62:51:be:f8:c5:ec:db:38:92:e3:
                    06:e5:08:91:0c:c4:28:41:55:fb:cb:5a:89:15:7e:71:
                    e8:35:bf:4d:72:09:3d:be:3a:38:50:5b:77:31:1b:8d:
                    b3:c7:24:45:9a:a7:ac:6d:00:14:5a:04:b7:ba:13:eb:
                    51:0a:98:41:41:22:4e:65:61:87:81:41:50:a6:79:5c:
                    89:de:19:4a:57:d5:2e:e6:5d:1c:53:2c:7e:98:cd:1a:
                    06:16:a4:68:73:d0:34:04:13:5c:a1:71:d3:5a:7c:55:
                    db:5e:64:e1:37:87:30:56:04:e5:11:b4:29:80:12:f1:
                    79:39:88:a2:02:11:7c:27:66:b7:88:b7:78:f2:ca:0a:
                    a8:38:ab:0a:64:c2:bf:66:5d:95:84:c1:a1:25:1e:87:
                    5d:1a:50:0b:20:12:cc:41:bb:6e:0b:51:38:b8:4b:cb
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Certificate Signing
                    CRL Signing
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
            Name: Certificate Subject Key ID
            Data:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
            Name: Certificate Authority Key Identifier
            Key ID:
                b1:3e:c3:69:03:f8:bf:47:01:d4:98:26:1a:08:02:ef:
                63:64:2b:c3
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        1c:1a:06:97:dc:d7:9c:9f:3c:88:66:06:08:57:21:db:
        21:47:f8:2a:67:aa:bf:18:32:76:40:10:57:c1:8a:f3:
        7a:d9:11:65:8e:35:fa:9e:fc:45:b5:9e:d9:4c:31:4b:
        b8:91:e8:43:2c:8e:b3:78:ce:db:e3:53:79:71:d6:e5:
        21:94:01:da:55:87:9a:24:64:f6:8a:66:cc:de:9c:37:
        cd:a8:34:b1:69:9b:23:c8:9e:78:22:2b:70:43:e3:55:
        47:31:61:19:ef:58:c5:85:2f:4e:30:f6:a0:31:16:23:
        c8:e7:e2:65:16:33:cb:bf:1a:1b:a0:3d:f8:ca:5e:8b:
        31:8b:60:08:89:2d:0c:06:5c:52:b7:c4:f9:0a:98:d1:
        15:5f:9f:12:be:7c:36:63:38:bd:44:a4:7f:e4:26:2b:
        0a:c4:97:69:0d:e9:8c:e2:c0:10:57:b8:c8:76:12:91:
        55:f2:48:69:d8:bc:2a:02:5b:0f:44:d4:20:31:db:f4:
        ba:70:26:5d:90:60:9e:bc:4b:17:09:2f:b4:cb:1e:43:
        68:c9:07:27:c1:d2:5c:f7:ea:21:b9:68:12:9c:3c:9c:
        bf:9e:fc:80:5c:9b:63:cd:ec:47:aa:25:27:67:a0:37:
        f3:00:82:7d:54:d7:a9:f8:e9:2e:13:a3:77:e8:1f:4a
    Fingerprint (SHA-256):
        74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF
    Fingerprint (SHA1):
        5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=paypal.com,OU=PayPal Production,O="PayPal, Inc.",L
    =San Jose,ST=California,C=US"
Certificate 2 Subject: "CN=DigiCert SHA2 High Assurance Server CA,OU=www.digi
    cert.com,O=DigiCert Inc,C=US"
Returned value is 0, expected result is pass
chains.sh: #7864: RealCerts: Verifying certificate(s)  PayPalEE.cert with flags -d AllDB -pp      -o OID.2.16.840.1.114412.1.1  - PASSED
chains.sh: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp      
vfychain -d AllDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/BrAirWaysBadSig.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 0. BrAirWaysBadSig :
  ERROR -8181: Peer's Certificate has expired.
Returned value is 1, expected result is fail
chains.sh: #7865: RealCerts: Verifying certificate(s)  BrAirWaysBadSig.cert with flags -d AllDB -pp       - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7866: DSA: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root -k dsa -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182968 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7867: DSA: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7868: DSA: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7869: DSA: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US" -k dsa -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7870: DSA: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA1Req.der -o CA1Root.der -f RootDB/dbpasswd -m 628182969   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7871: DSA: Creating certficate CA1Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA1Root.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7872: DSA: Importing certificate CA1Root.der to CA1DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7873: DSA: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US" -k dsa -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7874: DSA: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE1Req.der -o EE1CA1.der -f CA1DB/dbpasswd -m 628182970   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7875: DSA: Creating certficate EE1CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE1CA1.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7876: DSA: Importing certificate EE1CA1.der to EE1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7877: DSA: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US" -k dsa -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7878: DSA: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA2Req.der -o CA2Root.der -f RootDB/dbpasswd -m 628182971   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7879: DSA: Creating certficate CA2Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA2Root.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7880: DSA: Importing certificate CA2Root.der to CA2DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7881: DSA: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US" -k rsa -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7882: DSA: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE2Req.der -o EE2CA2.der -f CA2DB/dbpasswd -m 628182972   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7883: DSA: Creating certficate EE2CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE2CA2.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7884: DSA: Importing certificate EE2CA2.der to EE2DB database  - PASSED
chains.sh: Creating DB CA3DB
certutil -N -d CA3DB -f CA3DB/dbpasswd
chains.sh: #7885: DSA: Creating DB CA3DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA3Req.der
certutil -s "CN=CA3 Intermediate, O=CA3, C=US" -k rsa -R -2 -d CA3DB -f CA3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7886: DSA: Creating Intermediate certifiate request CA3Req.der  - PASSED
chains.sh: Creating certficate CA3Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA3Req.der -o CA3Root.der -f RootDB/dbpasswd -m 628182973   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7887: DSA: Creating certficate CA3Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA3Root.der to CA3DB database
certutil -A -n CA3 -t u,u,u -d CA3DB -f CA3DB/dbpasswd -i CA3Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7888: DSA: Importing certificate CA3Root.der to CA3DB database  - PASSED
chains.sh: Creating DB EE3DB
certutil -N -d EE3DB -f EE3DB/dbpasswd
chains.sh: #7889: DSA: Creating DB EE3DB  - PASSED
chains.sh: Creating EE certifiate request EE3Req.der
certutil -s "CN=EE3 EE, O=EE3, C=US" -k dsa -R  -d EE3DB -f EE3DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE3Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7890: DSA: Creating EE certifiate request EE3Req.der  - PASSED
chains.sh: Creating certficate EE3CA3.der signed by CA3
certutil -C -c CA3 -v 60 -d CA3DB -i EE3Req.der -o EE3CA3.der -f CA3DB/dbpasswd -m 628182974   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7891: DSA: Creating certficate EE3CA3.der signed by CA3  - PASSED
chains.sh: Importing certificate EE3CA3.der to EE3DB database
certutil -A -n EE3 -t u,u,u -d EE3DB -f EE3DB/dbpasswd -i EE3CA3.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7892: DSA: Importing certificate EE3CA3.der to EE3DB database  - PASSED
chains.sh: Creating DB CA4DB
certutil -N -d CA4DB -f CA4DB/dbpasswd
chains.sh: #7893: DSA: Creating DB CA4DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA4Req.der
certutil -s "CN=CA4 Intermediate, O=CA4, C=US" -k rsa -R -2 -d CA4DB -f CA4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7894: DSA: Creating Intermediate certifiate request CA4Req.der  - PASSED
chains.sh: Creating certficate CA4Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA4Req.der -o CA4Root.der -f RootDB/dbpasswd -m 628182975   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7895: DSA: Creating certficate CA4Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA4Root.der to CA4DB database
certutil -A -n CA4 -t u,u,u -d CA4DB -f CA4DB/dbpasswd -i CA4Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7896: DSA: Importing certificate CA4Root.der to CA4DB database  - PASSED
chains.sh: Creating DB EE4DB
certutil -N -d EE4DB -f EE4DB/dbpasswd
chains.sh: #7897: DSA: Creating DB EE4DB  - PASSED
chains.sh: Creating EE certifiate request EE4Req.der
certutil -s "CN=EE4 EE, O=EE4, C=US" -k rsa -R  -d EE4DB -f EE4DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE4Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7898: DSA: Creating EE certifiate request EE4Req.der  - PASSED
chains.sh: Creating certficate EE4CA4.der signed by CA4
certutil -C -c CA4 -v 60 -d CA4DB -i EE4Req.der -o EE4CA4.der -f CA4DB/dbpasswd -m 628182976   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7899: DSA: Creating certficate EE4CA4.der signed by CA4  - PASSED
chains.sh: Importing certificate EE4CA4.der to EE4DB database
certutil -A -n EE4 -t u,u,u -d EE4DB -f EE4DB/dbpasswd -i EE4CA4.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7900: DSA: Importing certificate EE4CA4.der to EE4DB database  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7901: DSA: Creating DB AllDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE1CA1.der CA1Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182968 (0x25714fb8)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:07 2016
            Not After : Mon Jun 28 19:03:07 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:91:91:78:c5:98:af:97:42:36:32:3f:ab:c2:5c:8b:
                    4c:53:ea:c4:28:9a:40:33:22:c4:46:d8:02:0e:b8:1c:
                    5e:ad:d1:f2:7f:1a:2e:4b:c9:99:75:4a:52:56:da:79:
                    02:e2:3b:30:31:1c:89:e9:60:70:1c:ae:5a:9e:73:ac:
                    c6:e7:da:60:1b:0b:b2:c4:b3:f9:91:1f:9e:cb:3d:a1:
                    6f:d0:da:56:59:30:03:89:77:a3:a0:bf:92:35:d2:60:
                    99:e3:b2:5b:12:af:04:2e:13:7c:b8:41:a3:5b:86:a0:
                    dc:32:17:49:eb:cb:51:74:c8:c5:36:6a:0f:3f:8e:a8:
                    ae:51:4b:ed:87:81:4c:5f:db:e2:3c:15:70:b0:c2:37:
                    3b:b5:88:67:dc:cc:d4:02:e0:0e:8b:cb:db:54:bf:83:
                    65:3a:d9:99:6e:6e:db:ea:63:62:f3:c5:d0:d9:fc:18:
                    a7:f9:85:79:36:41:d2:07:68:00:e7:b1:4d:25:18:ba:
                    b6:38:45:a6:3d:9f:24:f6:a0:6b:90:6e:27:1e:a5:57:
                    ec:32:cf:99:92:64:fe:43:62:af:0b:ba:1e:f5:35:f2:
                    98:25:57:f9:fb:fc:b1:f9:22:37:1c:a2:9e:e0:56:dc:
                    27:2d:f3:37:fe:e8:47:fb:d0:ac:41:58:06:21:82:f3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:28:63:77:3e:0a:f4:57:52:bc:dd:03:72:
        c2:f8:fb:a8:9d:8f:f6:e8:72:46:68:98:62:28:89:41:
        02:1d:00:af:74:81:bc:49:37:86:3d:c8:66:87:1b:47:
        f4:e2:10:f4:8e:3f:33:e8:7c:93:96:d8:75:3f:15
    Fingerprint (SHA-256):
        D6:F4:FC:FE:14:0F:1D:19:42:C9:68:31:AA:02:16:71:50:BF:A1:75:47:27:FB:4D:85:1B:65:45:01:39:6D:54
    Fingerprint (SHA1):
        3E:44:53:4D:80:17:4C:7D:49:E8:DD:62:0A:8A:65:A8:72:46:EC:62
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #7902: DSA: Verifying certificate(s)  EE1CA1.der CA1Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE2CA2.der CA2Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182968 (0x25714fb8)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:07 2016
            Not After : Mon Jun 28 19:03:07 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:91:91:78:c5:98:af:97:42:36:32:3f:ab:c2:5c:8b:
                    4c:53:ea:c4:28:9a:40:33:22:c4:46:d8:02:0e:b8:1c:
                    5e:ad:d1:f2:7f:1a:2e:4b:c9:99:75:4a:52:56:da:79:
                    02:e2:3b:30:31:1c:89:e9:60:70:1c:ae:5a:9e:73:ac:
                    c6:e7:da:60:1b:0b:b2:c4:b3:f9:91:1f:9e:cb:3d:a1:
                    6f:d0:da:56:59:30:03:89:77:a3:a0:bf:92:35:d2:60:
                    99:e3:b2:5b:12:af:04:2e:13:7c:b8:41:a3:5b:86:a0:
                    dc:32:17:49:eb:cb:51:74:c8:c5:36:6a:0f:3f:8e:a8:
                    ae:51:4b:ed:87:81:4c:5f:db:e2:3c:15:70:b0:c2:37:
                    3b:b5:88:67:dc:cc:d4:02:e0:0e:8b:cb:db:54:bf:83:
                    65:3a:d9:99:6e:6e:db:ea:63:62:f3:c5:d0:d9:fc:18:
                    a7:f9:85:79:36:41:d2:07:68:00:e7:b1:4d:25:18:ba:
                    b6:38:45:a6:3d:9f:24:f6:a0:6b:90:6e:27:1e:a5:57:
                    ec:32:cf:99:92:64:fe:43:62:af:0b:ba:1e:f5:35:f2:
                    98:25:57:f9:fb:fc:b1:f9:22:37:1c:a2:9e:e0:56:dc:
                    27:2d:f3:37:fe:e8:47:fb:d0:ac:41:58:06:21:82:f3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:28:63:77:3e:0a:f4:57:52:bc:dd:03:72:
        c2:f8:fb:a8:9d:8f:f6:e8:72:46:68:98:62:28:89:41:
        02:1d:00:af:74:81:bc:49:37:86:3d:c8:66:87:1b:47:
        f4:e2:10:f4:8e:3f:33:e8:7c:93:96:d8:75:3f:15
    Fingerprint (SHA-256):
        D6:F4:FC:FE:14:0F:1D:19:42:C9:68:31:AA:02:16:71:50:BF:A1:75:47:27:FB:4D:85:1B:65:45:01:39:6D:54
    Fingerprint (SHA1):
        3E:44:53:4D:80:17:4C:7D:49:E8:DD:62:0A:8A:65:A8:72:46:EC:62
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Returned value is 0, expected result is pass
chains.sh: #7903: DSA: Verifying certificate(s)  EE2CA2.der CA2Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE3CA3.der CA3Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182968 (0x25714fb8)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:07 2016
            Not After : Mon Jun 28 19:03:07 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:91:91:78:c5:98:af:97:42:36:32:3f:ab:c2:5c:8b:
                    4c:53:ea:c4:28:9a:40:33:22:c4:46:d8:02:0e:b8:1c:
                    5e:ad:d1:f2:7f:1a:2e:4b:c9:99:75:4a:52:56:da:79:
                    02:e2:3b:30:31:1c:89:e9:60:70:1c:ae:5a:9e:73:ac:
                    c6:e7:da:60:1b:0b:b2:c4:b3:f9:91:1f:9e:cb:3d:a1:
                    6f:d0:da:56:59:30:03:89:77:a3:a0:bf:92:35:d2:60:
                    99:e3:b2:5b:12:af:04:2e:13:7c:b8:41:a3:5b:86:a0:
                    dc:32:17:49:eb:cb:51:74:c8:c5:36:6a:0f:3f:8e:a8:
                    ae:51:4b:ed:87:81:4c:5f:db:e2:3c:15:70:b0:c2:37:
                    3b:b5:88:67:dc:cc:d4:02:e0:0e:8b:cb:db:54:bf:83:
                    65:3a:d9:99:6e:6e:db:ea:63:62:f3:c5:d0:d9:fc:18:
                    a7:f9:85:79:36:41:d2:07:68:00:e7:b1:4d:25:18:ba:
                    b6:38:45:a6:3d:9f:24:f6:a0:6b:90:6e:27:1e:a5:57:
                    ec:32:cf:99:92:64:fe:43:62:af:0b:ba:1e:f5:35:f2:
                    98:25:57:f9:fb:fc:b1:f9:22:37:1c:a2:9e:e0:56:dc:
                    27:2d:f3:37:fe:e8:47:fb:d0:ac:41:58:06:21:82:f3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:28:63:77:3e:0a:f4:57:52:bc:dd:03:72:
        c2:f8:fb:a8:9d:8f:f6:e8:72:46:68:98:62:28:89:41:
        02:1d:00:af:74:81:bc:49:37:86:3d:c8:66:87:1b:47:
        f4:e2:10:f4:8e:3f:33:e8:7c:93:96:d8:75:3f:15
    Fingerprint (SHA-256):
        D6:F4:FC:FE:14:0F:1D:19:42:C9:68:31:AA:02:16:71:50:BF:A1:75:47:27:FB:4D:85:1B:65:45:01:39:6D:54
    Fingerprint (SHA1):
        3E:44:53:4D:80:17:4C:7D:49:E8:DD:62:0A:8A:65:A8:72:46:EC:62
Certificate 1 Subject: "CN=EE3 EE,O=EE3,C=US"
Certificate 2 Subject: "CN=CA3 Intermediate,O=CA3,C=US"
Returned value is 0, expected result is pass
chains.sh: #7904: DSA: Verifying certificate(s)  EE3CA3.der CA3Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der
vfychain -d AllDB -pp -vv       EE4CA4.der CA4Root.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182968 (0x25714fb8)
        Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:07 2016
            Not After : Mon Jun 28 19:03:07 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: ANSI X9.57 DSA Signature
                Args:
                    30:82:02:28:02:82:01:01:00:c6:2a:47:73:ea:78:fa:
                    65:47:69:39:10:08:55:6a:dd:bf:77:e1:9a:69:73:ba:
                    66:37:08:93:9e:db:5d:01:08:b8:3a:73:e9:85:5f:a7:
                    2b:63:7f:d0:c6:4c:dc:fc:8b:a6:03:c9:9c:80:5e:ec:
                    c6:21:23:f7:8e:a4:7b:77:83:02:44:f8:05:d7:36:52:
                    13:57:78:97:f3:7b:cf:1f:c9:2a:a4:71:9d:a8:d8:5d:
                    c5:3b:64:3a:72:60:62:b0:b8:f3:b1:e7:b9:76:df:74:
                    be:87:6a:d2:f1:a9:44:8b:63:76:4f:5d:21:63:b5:4f:
                    3c:7b:61:b2:f3:ea:c5:d8:ef:30:50:59:33:61:c0:f3:
                    6e:21:cf:15:35:4a:87:2b:c3:f6:5a:1f:24:22:c5:eb:
                    47:34:4a:1b:b5:2e:71:52:8f:2d:7d:a9:96:8a:7c:61:
                    db:c0:dc:f1:ca:28:69:1c:97:ad:ea:0d:9e:02:e6:e5:
                    7d:ad:e0:42:91:4d:fa:e2:81:16:2b:c2:96:3b:32:8c:
                    20:69:8b:5b:17:3c:f9:13:6c:98:27:1c:ca:cf:33:aa:
                    93:21:af:17:6e:5e:00:37:d9:34:8a:47:d2:1c:67:32:
                    60:b6:c7:b0:fd:32:90:93:32:aa:11:ba:23:19:39:6a:
                    42:7c:1f:b7:28:db:64:ad:d9:02:1d:00:e6:a3:c9:c6:
                    51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:1e:ba:4e:e6:
                    c8:90:98:1d:3a:95:f4:f1:02:82:01:00:70:32:58:5d:
                    b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:ac:18:41:64:
                    b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:1f:38:63:5e:
                    0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:92:16:06:59:
                    29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:7e:7b:1e:8b:
                    47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:3a:41:d4:f3:
                    1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:ed:6f:67:b0:
                    c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:1c:6e:2e:48:
                    ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:f5:39:d8:92:
                    90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:89:ea:94:2b:
                    56:33:73:58:48:bf:23:72:19:5f:19:ac:ff:09:c8:cd:
                    ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:85:cd:88:fe:
                    d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:c6:70:6b:ba:
                    77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:be:bd:71:ba:
                    0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:cd:bb:65:12:
                    cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:57:dd:77:32:
                    f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
            DSA Public Key:
                Prime:
                    c6:2a:47:73:ea:78:fa:65:47:69:39:10:08:55:6a:dd:
                    bf:77:e1:9a:69:73:ba:66:37:08:93:9e:db:5d:01:08:
                    b8:3a:73:e9:85:5f:a7:2b:63:7f:d0:c6:4c:dc:fc:8b:
                    a6:03:c9:9c:80:5e:ec:c6:21:23:f7:8e:a4:7b:77:83:
                    02:44:f8:05:d7:36:52:13:57:78:97:f3:7b:cf:1f:c9:
                    2a:a4:71:9d:a8:d8:5d:c5:3b:64:3a:72:60:62:b0:b8:
                    f3:b1:e7:b9:76:df:74:be:87:6a:d2:f1:a9:44:8b:63:
                    76:4f:5d:21:63:b5:4f:3c:7b:61:b2:f3:ea:c5:d8:ef:
                    30:50:59:33:61:c0:f3:6e:21:cf:15:35:4a:87:2b:c3:
                    f6:5a:1f:24:22:c5:eb:47:34:4a:1b:b5:2e:71:52:8f:
                    2d:7d:a9:96:8a:7c:61:db:c0:dc:f1:ca:28:69:1c:97:
                    ad:ea:0d:9e:02:e6:e5:7d:ad:e0:42:91:4d:fa:e2:81:
                    16:2b:c2:96:3b:32:8c:20:69:8b:5b:17:3c:f9:13:6c:
                    98:27:1c:ca:cf:33:aa:93:21:af:17:6e:5e:00:37:d9:
                    34:8a:47:d2:1c:67:32:60:b6:c7:b0:fd:32:90:93:32:
                    aa:11:ba:23:19:39:6a:42:7c:1f:b7:28:db:64:ad:d9
                Subprime:
                    e6:a3:c9:c6:51:92:8b:b3:98:8f:97:b8:31:0d:4a:03:
                    1e:ba:4e:e6:c8:90:98:1d:3a:95:f4:f1
                Base:
                    70:32:58:5d:b3:bf:c3:62:63:0b:f8:a5:e1:ed:eb:79:
                    ac:18:41:64:b3:da:4c:a7:92:63:b1:33:7c:cb:43:dc:
                    1f:38:63:5e:0e:6d:45:d1:c9:67:f3:cf:3d:2d:16:4e:
                    92:16:06:59:29:89:6f:54:ff:c5:71:c8:3a:95:84:b6:
                    7e:7b:1e:8b:47:9d:7a:3a:36:9b:70:2f:d1:bd:ef:e8:
                    3a:41:d4:f3:1f:81:c7:1f:96:7c:30:ab:f4:7a:ac:93:
                    ed:6f:67:b0:c9:5b:f3:83:9d:a0:d7:b9:01:ed:28:ae:
                    1c:6e:2e:48:ac:9f:7d:f3:00:48:ee:0e:fb:7e:5e:cb:
                    f5:39:d8:92:90:61:2d:1e:3c:d3:55:0d:34:d1:81:c4:
                    89:ea:94:2b:56:33:73:58:48:bf:23:72:19:5f:19:ac:
                    ff:09:c8:cd:ab:71:ef:9e:20:fd:e3:b8:27:9e:65:b1:
                    85:cd:88:fe:d4:d7:64:4d:e1:e8:a6:e5:96:c8:5d:9c:
                    c6:70:6b:ba:77:4e:90:4a:b0:96:c5:a0:9e:2c:01:03:
                    be:bd:71:ba:0a:6f:9f:e5:db:04:08:f2:9e:0f:1b:ac:
                    cd:bb:65:12:cf:77:c9:7d:be:94:4b:9c:5b:de:0d:fa:
                    57:dd:77:32:f0:5b:34:fd:19:95:33:60:87:e2:a2:f4
                PublicValue:
                    50:91:91:78:c5:98:af:97:42:36:32:3f:ab:c2:5c:8b:
                    4c:53:ea:c4:28:9a:40:33:22:c4:46:d8:02:0e:b8:1c:
                    5e:ad:d1:f2:7f:1a:2e:4b:c9:99:75:4a:52:56:da:79:
                    02:e2:3b:30:31:1c:89:e9:60:70:1c:ae:5a:9e:73:ac:
                    c6:e7:da:60:1b:0b:b2:c4:b3:f9:91:1f:9e:cb:3d:a1:
                    6f:d0:da:56:59:30:03:89:77:a3:a0:bf:92:35:d2:60:
                    99:e3:b2:5b:12:af:04:2e:13:7c:b8:41:a3:5b:86:a0:
                    dc:32:17:49:eb:cb:51:74:c8:c5:36:6a:0f:3f:8e:a8:
                    ae:51:4b:ed:87:81:4c:5f:db:e2:3c:15:70:b0:c2:37:
                    3b:b5:88:67:dc:cc:d4:02:e0:0e:8b:cb:db:54:bf:83:
                    65:3a:d9:99:6e:6e:db:ea:63:62:f3:c5:d0:d9:fc:18:
                    a7:f9:85:79:36:41:d2:07:68:00:e7:b1:4d:25:18:ba:
                    b6:38:45:a6:3d:9f:24:f6:a0:6b:90:6e:27:1e:a5:57:
                    ec:32:cf:99:92:64:fe:43:62:af:0b:ba:1e:f5:35:f2:
                    98:25:57:f9:fb:fc:b1:f9:22:37:1c:a2:9e:e0:56:dc:
                    27:2d:f3:37:fe:e8:47:fb:d0:ac:41:58:06:21:82:f3
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: ANSI X9.57 DSA Signature with SHA-1 Digest
    Signature:
        30:3d:02:1c:28:63:77:3e:0a:f4:57:52:bc:dd:03:72:
        c2:f8:fb:a8:9d:8f:f6:e8:72:46:68:98:62:28:89:41:
        02:1d:00:af:74:81:bc:49:37:86:3d:c8:66:87:1b:47:
        f4:e2:10:f4:8e:3f:33:e8:7c:93:96:d8:75:3f:15
    Fingerprint (SHA-256):
        D6:F4:FC:FE:14:0F:1D:19:42:C9:68:31:AA:02:16:71:50:BF:A1:75:47:27:FB:4D:85:1B:65:45:01:39:6D:54
    Fingerprint (SHA1):
        3E:44:53:4D:80:17:4C:7D:49:E8:DD:62:0A:8A:65:A8:72:46:EC:62
Certificate 1 Subject: "CN=EE4 EE,O=EE4,C=US"
Certificate 2 Subject: "CN=CA4 Intermediate,O=CA4,C=US"
Returned value is 0, expected result is pass
chains.sh: #7905: DSA: Verifying certificate(s)  EE4CA4.der CA4Root.der with flags -d AllDB -pp       -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7906: Revocation: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 10 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7907: Revocation: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7908: Revocation: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #7909: Revocation: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7910: Revocation: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 11   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7911: Revocation: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7912: Revocation: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7913: Revocation: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7914: Revocation: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 12   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7915: Revocation: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7916: Revocation: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #7917: Revocation: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7918: Revocation: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 13   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7919: Revocation: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7920: Revocation: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB EE12DB
certutil -N -d EE12DB -f EE12DB/dbpasswd
chains.sh: #7921: Revocation: Creating DB EE12DB  - PASSED
chains.sh: Creating EE certifiate request EE12Req.der
certutil -s "CN=EE12 EE, O=EE12, C=US"  -R  -d EE12DB -f EE12DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE12Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7922: Revocation: Creating EE certifiate request EE12Req.der  - PASSED
chains.sh: Creating certficate EE12CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE12Req.der -o EE12CA1.der -f CA1DB/dbpasswd -m 14   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7923: Revocation: Creating certficate EE12CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE12CA1.der to EE12DB database
certutil -A -n EE12 -t u,u,u -d EE12DB -f EE12DB/dbpasswd -i EE12CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7924: Revocation: Importing certificate EE12CA1.der to EE12DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7925: Revocation: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7926: Revocation: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 15   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7927: Revocation: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7928: Revocation: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #7929: Revocation: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7930: Revocation: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 16   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7931: Revocation: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7932: Revocation: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628190440Z
nextupdate=20170628190440Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 19:04:40 2016
    Next Update: Wed Jun 28 19:04:40 2017
    CRL Extensions:
chains.sh: #7933: Revocation: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628190440Z
nextupdate=20170628190440Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 19:04:40 2016
    Next Update: Wed Jun 28 19:04:40 2017
    CRL Extensions:
chains.sh: #7934: Revocation: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628190441Z
nextupdate=20170628190441Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 19:04:41 2016
    Next Update: Wed Jun 28 19:04:41 2017
    CRL Extensions:
chains.sh: #7935: Revocation: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628190441Z
nextupdate=20170628190441Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 19:04:41 2016
    Next Update: Wed Jun 28 19:04:41 2017
    CRL Extensions:
chains.sh: #7936: Revocation: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 14 issued by CA1
crlutil -M -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628190442Z
addcert 14 20160628190442Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 19:04:42 2016
    Next Update: Wed Jun 28 19:04:41 2017
    Entry 1 (0x1):
        Serial Number: 14 (0xe)
        Revocation Date: Tue Jun 28 19:04:42 2016
    CRL Extensions:
chains.sh: #7937: Revocation: Revoking certificate with SN 14 issued by CA1  - PASSED
chains.sh: Revoking certificate with SN 15 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628190443Z
addcert 15 20160628190443Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 19:04:43 2016
    Next Update: Wed Jun 28 19:04:40 2017
    Entry 1 (0x1):
        Serial Number: 15 (0xf)
        Revocation Date: Tue Jun 28 19:04:43 2016
    CRL Extensions:
chains.sh: #7938: Revocation: Revoking certificate with SN 15 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7939: Revocation: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7940: Revocation: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #7941: Revocation: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA0Root.der to AllDB database
certutil -A -n CA0  -t "" -d AllDB -f AllDB/dbpasswd -i CA0Root.der
chains.sh: #7942: Revocation: Importing certificate CA0Root.der to AllDB database  - PASSED
chains.sh: Importing CRL CA0.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA0.crl
chains.sh: #7943: Revocation: Importing CRL CA0.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA1CA0.der to AllDB database
certutil -A -n CA1  -t "" -d AllDB -f AllDB/dbpasswd -i CA1CA0.der
chains.sh: #7944: Revocation: Importing certificate CA1CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA1.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA1.crl
chains.sh: #7945: Revocation: Importing CRL CA1.crl to AllDB database  - PASSED
chains.sh: Importing certificate CA2CA0.der to AllDB database
certutil -A -n CA2  -t "" -d AllDB -f AllDB/dbpasswd -i CA2CA0.der
chains.sh: #7946: Revocation: Importing certificate CA2CA0.der to AllDB database  - PASSED
chains.sh: Importing CRL CA2.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i CA2.crl
chains.sh: #7947: Revocation: Importing CRL CA2.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:57 2016
            Not After : Mon Jun 28 19:03:57 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:b7:6e:01:d9:1e:d9:15:69:bd:ea:e9:49:19:a4:7b:
                    fd:98:5d:8e:66:fb:a8:e2:f8:34:f6:49:10:70:5e:76:
                    f4:47:85:86:6c:17:36:cf:6d:d3:9e:fa:6e:f3:35:42:
                    95:5d:be:ed:4f:68:d0:16:12:98:f0:7c:b8:92:83:38:
                    7d:40:b2:4d:ea:67:2b:3a:0c:52:9f:b5:c9:d6:b5:c3:
                    ea:f9:83:f7:34:b7:fa:2a:6c:03:23:9e:39:d8:4f:6f:
                    7e:91:b6:53:f5:88:68:12:1d:dc:3b:34:27:a5:df:b7:
                    64:3d:c4:c8:68:0a:a3:b4:dc:3f:71:03:c6:44:57:c0:
                    b7:42:6f:ec:6f:ca:e2:56:ae:76:54:ee:3e:49:9c:18:
                    66:e8:de:b6:66:da:a2:1e:f5:56:51:bf:df:83:52:ca:
                    f7:4a:68:d5:1f:fb:1b:0b:65:2f:fd:fc:f5:53:32:33:
                    59:fb:e0:2e:31:86:2b:66:4d:86:3c:35:98:a0:47:b1:
                    0f:80:f2:a3:66:4f:dd:41:b4:a4:d4:26:4e:f6:30:6c:
                    f9:d3:f1:b3:d7:e8:6f:3e:a4:36:98:3b:de:c4:cb:25:
                    c9:10:0c:cd:5a:af:7a:a5:68:b0:9b:0e:5e:b2:65:1f:
                    d6:3d:8b:8c:a6:df:b5:ae:88:6d:ee:6b:1e:fa:4d:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        67:80:bd:eb:69:24:c0:bc:c3:a9:58:c5:89:31:72:35:
        ac:84:f3:06:a4:45:30:09:f5:51:a5:07:f3:2e:a7:22:
        85:fa:64:cf:6c:f5:61:af:6c:46:17:79:91:88:a1:95:
        01:77:80:26:0f:cd:81:1a:d9:a4:7e:21:0c:03:62:5d:
        b7:13:fe:f1:3a:b4:25:75:33:73:ea:27:46:df:b8:6d:
        8b:47:5f:36:f1:20:d0:23:9a:51:01:89:1a:3a:43:1d:
        3d:a7:f1:b8:0a:88:81:15:10:20:dc:9f:4a:1f:07:af:
        ea:af:2d:f8:63:97:3d:54:f3:64:7a:2a:71:da:ff:dd:
        84:25:5f:53:7c:09:91:f4:4f:ed:aa:b6:4a:16:10:0f:
        3c:67:72:ae:fe:2d:5e:a8:13:e5:8d:fa:b3:10:d6:58:
        60:2a:6e:4f:d5:87:fc:0d:3b:6a:9a:84:67:b2:54:e6:
        5b:14:20:54:78:89:cd:f2:13:55:cf:f4:49:aa:33:12:
        5d:5d:bd:a9:9e:a5:b1:34:7b:89:57:3a:d7:9b:13:57:
        8d:89:e0:13:68:53:07:9c:82:30:5a:41:6c:83:72:27:
        d0:89:26:db:5f:43:2b:b3:ba:e5:bc:97:af:39:65:1c:
        2b:c4:d9:f6:4a:04:b0:0c:20:61:81:33:a2:e7:de:64
    Fingerprint (SHA-256):
        3F:C6:72:EA:F5:6B:37:80:AC:08:71:DA:BC:A8:E3:C5:55:F4:8C:0E:0A:C6:35:9C:06:3E:55:D6:C3:F8:06:9D
    Fingerprint (SHA1):
        40:46:58:A4:93:78:CB:E5:01:C4:AD:43:C0:3C:95:C8:6C:3A:86:A0
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7948: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -m crl     EE12CA1.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7949: Revocation: Verifying certificate(s)  EE12CA1.der with flags -d AllDB -pp   -g leaf -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE11CA1.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10 (0xa)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:03:57 2016
            Not After : Mon Jun 28 19:03:57 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c1:b7:6e:01:d9:1e:d9:15:69:bd:ea:e9:49:19:a4:7b:
                    fd:98:5d:8e:66:fb:a8:e2:f8:34:f6:49:10:70:5e:76:
                    f4:47:85:86:6c:17:36:cf:6d:d3:9e:fa:6e:f3:35:42:
                    95:5d:be:ed:4f:68:d0:16:12:98:f0:7c:b8:92:83:38:
                    7d:40:b2:4d:ea:67:2b:3a:0c:52:9f:b5:c9:d6:b5:c3:
                    ea:f9:83:f7:34:b7:fa:2a:6c:03:23:9e:39:d8:4f:6f:
                    7e:91:b6:53:f5:88:68:12:1d:dc:3b:34:27:a5:df:b7:
                    64:3d:c4:c8:68:0a:a3:b4:dc:3f:71:03:c6:44:57:c0:
                    b7:42:6f:ec:6f:ca:e2:56:ae:76:54:ee:3e:49:9c:18:
                    66:e8:de:b6:66:da:a2:1e:f5:56:51:bf:df:83:52:ca:
                    f7:4a:68:d5:1f:fb:1b:0b:65:2f:fd:fc:f5:53:32:33:
                    59:fb:e0:2e:31:86:2b:66:4d:86:3c:35:98:a0:47:b1:
                    0f:80:f2:a3:66:4f:dd:41:b4:a4:d4:26:4e:f6:30:6c:
                    f9:d3:f1:b3:d7:e8:6f:3e:a4:36:98:3b:de:c4:cb:25:
                    c9:10:0c:cd:5a:af:7a:a5:68:b0:9b:0e:5e:b2:65:1f:
                    d6:3d:8b:8c:a6:df:b5:ae:88:6d:ee:6b:1e:fa:4d:d1
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        67:80:bd:eb:69:24:c0:bc:c3:a9:58:c5:89:31:72:35:
        ac:84:f3:06:a4:45:30:09:f5:51:a5:07:f3:2e:a7:22:
        85:fa:64:cf:6c:f5:61:af:6c:46:17:79:91:88:a1:95:
        01:77:80:26:0f:cd:81:1a:d9:a4:7e:21:0c:03:62:5d:
        b7:13:fe:f1:3a:b4:25:75:33:73:ea:27:46:df:b8:6d:
        8b:47:5f:36:f1:20:d0:23:9a:51:01:89:1a:3a:43:1d:
        3d:a7:f1:b8:0a:88:81:15:10:20:dc:9f:4a:1f:07:af:
        ea:af:2d:f8:63:97:3d:54:f3:64:7a:2a:71:da:ff:dd:
        84:25:5f:53:7c:09:91:f4:4f:ed:aa:b6:4a:16:10:0f:
        3c:67:72:ae:fe:2d:5e:a8:13:e5:8d:fa:b3:10:d6:58:
        60:2a:6e:4f:d5:87:fc:0d:3b:6a:9a:84:67:b2:54:e6:
        5b:14:20:54:78:89:cd:f2:13:55:cf:f4:49:aa:33:12:
        5d:5d:bd:a9:9e:a5:b1:34:7b:89:57:3a:d7:9b:13:57:
        8d:89:e0:13:68:53:07:9c:82:30:5a:41:6c:83:72:27:
        d0:89:26:db:5f:43:2b:b3:ba:e5:bc:97:af:39:65:1c:
        2b:c4:d9:f6:4a:04:b0:0c:20:61:81:33:a2:e7:de:64
    Fingerprint (SHA-256):
        3F:C6:72:EA:F5:6B:37:80:AC:08:71:DA:BC:A8:E3:C5:55:F4:8C:0E:0A:C6:35:9C:06:3E:55:D6:C3:F8:06:9D
    Fingerprint (SHA1):
        40:46:58:A4:93:78:CB:E5:01:C4:AD:43:C0:3C:95:C8:6C:3A:86:A0
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7950: Revocation: Verifying certificate(s)  EE11CA1.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der
vfychain -d AllDB -pp -vv   -g chain -m crl     EE21CA2.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7951: Revocation: Verifying certificate(s)  EE21CA2.der with flags -d AllDB -pp   -g chain -m crl     -t Root.der - PASSED
chains.sh: Creating DB RootDB
certutil -N -d RootDB -f RootDB/dbpasswd
chains.sh: #7952: CRLDP: Creating DB RootDB  - PASSED
chains.sh: Creating Root CA Root
certutil -s "CN=Root ROOT CA, O=Root, C=US" -S -n Root  -t CTu,CTu,CTu -v 600 -x -d RootDB -1 -2 -5 -f RootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182977 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7953: CRLDP: Creating Root CA Root  - PASSED
chains.sh: Exporting Root CA Root.der
certutil -L -d RootDB -r -n Root -o Root.der
chains.sh: #7954: CRLDP: Exporting Root CA Root.der  - PASSED
chains.sh: Creating DB CA0DB
certutil -N -d CA0DB -f CA0DB/dbpasswd
chains.sh: #7955: CRLDP: Creating DB CA0DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA0Req.der
certutil -s "CN=CA0 Intermediate, O=CA0, C=US"  -R -2 -d CA0DB -f CA0DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA0Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #7956: CRLDP: Creating Intermediate certifiate request CA0Req.der  - PASSED
chains.sh: Creating certficate CA0Root.der signed by Root
certutil -C -c Root -v 60 -d RootDB -i CA0Req.der -o CA0Root.der -f RootDB/dbpasswd -m 628182978   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7957: CRLDP: Creating certficate CA0Root.der signed by Root  - PASSED
chains.sh: Importing certificate CA0Root.der to CA0DB database
certutil -A -n CA0 -t u,u,u -d CA0DB -f CA0DB/dbpasswd -i CA0Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7958: CRLDP: Importing certificate CA0Root.der to CA0DB database  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7959: CRLDP: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182749.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7960: CRLDP: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA1Req.der -o CA1CA0.der -f CA0DB/dbpasswd -m 10   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182723.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7961: CRLDP: Creating certficate CA1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA1CA0.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7962: CRLDP: Importing certificate CA1CA0.der to CA1DB database  - PASSED
chains.sh: Creating DB EE11DB
certutil -N -d EE11DB -f EE11DB/dbpasswd
chains.sh: #7963: CRLDP: Creating DB EE11DB  - PASSED
chains.sh: Creating EE certifiate request EE11Req.der
certutil -s "CN=EE11 EE, O=EE11, C=US"  -R  -d EE11DB -f EE11DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE11Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182749.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7964: CRLDP: Creating EE certifiate request EE11Req.der  - PASSED
chains.sh: Creating certficate EE11CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i EE11Req.der -o EE11CA1.der -f CA1DB/dbpasswd -m 628182979   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7965: CRLDP: Creating certficate EE11CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate EE11CA1.der to EE11DB database
certutil -A -n EE11 -t u,u,u -d EE11DB -f EE11DB/dbpasswd -i EE11CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7966: CRLDP: Importing certificate EE11CA1.der to EE11DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #7967: CRLDP: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182749.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7968: CRLDP: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i CA2Req.der -o CA2CA0.der -f CA0DB/dbpasswd -m 20   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182724.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7969: CRLDP: Creating certficate CA2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate CA2CA0.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7970: CRLDP: Importing certificate CA2CA0.der to CA2DB database  - PASSED
chains.sh: Creating DB EE21DB
certutil -N -d EE21DB -f EE21DB/dbpasswd
chains.sh: #7971: CRLDP: Creating DB EE21DB  - PASSED
chains.sh: Creating EE certifiate request EE21Req.der
certutil -s "CN=EE21 EE, O=EE21, C=US"  -R  -d EE21DB -f EE21DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE21Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #7972: CRLDP: Creating EE certifiate request EE21Req.der  - PASSED
chains.sh: Creating certficate EE21CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE21Req.der -o EE21CA2.der -f CA2DB/dbpasswd -m 628182980   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #7973: CRLDP: Creating certficate EE21CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE21CA2.der to EE21DB database
certutil -A -n EE21 -t u,u,u -d EE21DB -f EE21DB/dbpasswd -i EE21CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7974: CRLDP: Importing certificate EE21CA2.der to EE21DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #7975: CRLDP: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182749.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7976: CRLDP: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE1Req.der -o EE1CA0.der -f CA0DB/dbpasswd -m 30   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182725.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7977: CRLDP: Creating certficate EE1CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE1CA0.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7978: CRLDP: Importing certificate EE1CA0.der to EE1DB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #7979: CRLDP: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  -4 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0-628182749.crl
-1
-1
-1
n
n
===
Generating key.  This may take a few moments...
Enter the type of the distribution point name:
	1 - Full Name
	2 - Relative Name
	Any other number to finish
		Choice:  > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Select one of the following for the reason flags
	0 - unused
	1 - keyCompromise
	2 - caCompromise
	3 - affiliationChanged
	4 - superseded
	5 - cessationOfOperation
	6 - certificateHold
	Any other number to finish		Choice:  > Enter value for the CRL Issuer name:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Enter another value for the CRLDistributionPoint extension [y/N]?
Is this a critical extension [y/N]?
chains.sh: #7980: CRLDP: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2CA0.der signed by CA0
certutil -C -c CA0 -v 60 -d CA0DB -i EE2Req.der -o EE2CA0.der -f CA0DB/dbpasswd -m 40   --extAIA < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
1
7
http://localhost.localdomain:9668/localhost-14577-CA0Root-628182726.der
0
n
n
===
Enter access method type for Authority Information Access extension:
	1 - CA Issuers
	2 - OCSP
	Anyother number to finish
	Choice > 
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > 
Enter data:
Select one of the following general name type: 
	2 - rfc822Name
	3 - dnsName
	5 - directoryName
	7 - uniformResourceidentifier
	8 - ipAddress
	9 - registerID
	Any other number to finish
		Choice: > Add another location to the Authority Information Access extension [y/N]
Is this a critical extension [y/N]?
chains.sh: #7981: CRLDP: Creating certficate EE2CA0.der signed by CA0  - PASSED
chains.sh: Importing certificate EE2CA0.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2CA0.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7982: CRLDP: Importing certificate EE2CA0.der to EE2DB database  - PASSED
chains.sh: Create CRL for RootDB
crlutil -G -d RootDB -n Root -f RootDB/dbpasswd -o Root.crl
=== Crlutil input data ===
update=20160628190556Z
nextupdate=20170628190556Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=Root ROOT CA,O=Root,C=US"
    This Update: Tue Jun 28 19:05:56 2016
    Next Update: Wed Jun 28 19:05:56 2017
    CRL Extensions:
chains.sh: #7983: CRLDP: Create CRL for RootDB  - PASSED
chains.sh: Create CRL for CA0DB
crlutil -G -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628190556Z
nextupdate=20170628190556Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 19:05:56 2016
    Next Update: Wed Jun 28 19:05:56 2017
    CRL Extensions:
chains.sh: #7984: CRLDP: Create CRL for CA0DB  - PASSED
chains.sh: Create CRL for CA1DB
crlutil -G -d CA1DB -n CA1 -f CA1DB/dbpasswd -o CA1.crl
=== Crlutil input data ===
update=20160628190557Z
nextupdate=20170628190557Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
    This Update: Tue Jun 28 19:05:57 2016
    Next Update: Wed Jun 28 19:05:57 2017
    CRL Extensions:
chains.sh: #7985: CRLDP: Create CRL for CA1DB  - PASSED
chains.sh: Create CRL for CA2DB
crlutil -G -d CA2DB -n CA2 -f CA2DB/dbpasswd -o CA2.crl
=== Crlutil input data ===
update=20160628190557Z
nextupdate=20170628190557Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA2 Intermediate,O=CA2,C=US"
    This Update: Tue Jun 28 19:05:57 2016
    Next Update: Wed Jun 28 19:05:57 2017
    CRL Extensions:
chains.sh: #7986: CRLDP: Create CRL for CA2DB  - PASSED
chains.sh: Revoking certificate with SN 20 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628190558Z
addcert 20 20160628190558Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 19:05:58 2016
    Next Update: Wed Jun 28 19:05:56 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 19:05:58 2016
    CRL Extensions:
chains.sh: #7987: CRLDP: Revoking certificate with SN 20 issued by CA0  - PASSED
chains.sh: Revoking certificate with SN 40 issued by CA0
crlutil -M -d CA0DB -n CA0 -f CA0DB/dbpasswd -o CA0.crl
=== Crlutil input data ===
update=20160628190559Z
addcert 40 20160628190559Z
===
CRL Info:
:
    Version: 2 (0x1)
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Issuer: "CN=CA0 Intermediate,O=CA0,C=US"
    This Update: Tue Jun 28 19:05:59 2016
    Next Update: Wed Jun 28 19:05:56 2017
    Entry 1 (0x1):
        Serial Number: 20 (0x14)
        Revocation Date: Tue Jun 28 19:05:58 2016
    Entry 2 (0x2):
        Serial Number: 40 (0x28)
        Revocation Date: Tue Jun 28 19:05:59 2016
    CRL Extensions:
chains.sh: #7988: CRLDP: Revoking certificate with SN 40 issued by CA0  - PASSED
chains.sh: Creating DB AllDB
certutil -N -d AllDB -f AllDB/dbpasswd
chains.sh: #7989: CRLDP: Creating DB AllDB  - PASSED
chains.sh: Importing certificate Root.der to AllDB database
certutil -A -n Root  -t "CTu,CTu,CTu" -d AllDB -f AllDB/dbpasswd -i Root.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #7990: CRLDP: Importing certificate Root.der to AllDB database  - PASSED
chains.sh: Importing CRL Root.crl to AllDB database
crlutil -I -d AllDB -f AllDB/dbpasswd -i Root.crl
chains.sh: #7991: CRLDP: Importing CRL Root.crl to AllDB database  - PASSED
chains.sh: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE11CA1.der CA1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182977 (0x25714fc1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:04:53 2016
            Not After : Mon Jun 28 19:04:53 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bf:e6:37:83:6e:65:a2:9e:2f:70:6f:33:9c:7a:65:aa:
                    4e:9c:27:df:cc:99:e2:5d:5e:5c:17:d3:05:c6:3b:1c:
                    83:df:db:be:6a:fe:42:1b:d4:45:45:ee:e4:cc:1b:7f:
                    19:44:04:95:ef:64:c4:69:10:71:c2:27:79:c7:34:f4:
                    4a:18:71:fb:0e:47:a6:22:e7:30:bd:6c:33:ee:ec:07:
                    77:51:a3:d3:46:fb:ff:3c:41:83:dc:34:80:fe:23:74:
                    e3:1b:7e:66:c9:82:bd:d0:c4:f4:8b:6b:67:8d:c3:2b:
                    87:99:56:93:56:b4:d1:50:c4:09:4d:53:cb:a2:8e:e1:
                    2e:9f:cf:0d:d2:df:5a:07:21:9e:b0:a8:c1:dc:91:eb:
                    ba:0b:91:a4:04:71:84:bf:31:00:cb:16:81:d2:38:a9:
                    13:ca:3f:36:11:98:e2:ee:eb:e4:4a:d4:ab:13:56:3d:
                    fd:ef:da:d4:ba:9e:5f:35:13:5c:df:26:ad:bd:53:9d:
                    b7:5f:bc:6f:b2:0d:4e:b8:3a:90:ef:92:8b:b5:ad:7d:
                    a0:0a:03:c9:b4:0c:5f:5d:2b:3f:bb:45:76:82:65:1c:
                    d3:1c:cb:a8:a2:68:c3:07:e4:d5:48:70:74:5a:18:3f:
                    a2:ff:c9:ec:0d:ce:bc:fc:90:31:09:be:a0:60:c1:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        79:c8:1b:89:73:70:ee:dc:f1:b1:e8:97:9b:e1:f7:0b:
        0d:a0:8d:c7:34:dc:ce:bc:bb:ff:91:64:5e:c4:75:89:
        07:68:ce:2b:3e:2d:5e:49:5d:0f:19:10:5f:59:18:4b:
        0e:66:90:59:11:4e:22:fa:94:52:71:89:24:0c:e9:e0:
        f8:35:c5:3f:14:4f:77:1e:e0:d7:1d:d7:c9:df:8b:19:
        0d:fe:03:5f:2e:92:99:f5:f5:08:9d:c2:2c:17:98:36:
        23:e0:f8:fb:70:9a:91:b2:de:96:91:4b:bc:55:96:40:
        86:b5:51:b3:7a:13:46:5a:42:40:d1:e5:46:43:43:b9:
        77:4c:2e:19:f9:14:f9:f4:b5:13:6e:44:ad:21:4b:0a:
        02:c7:d5:54:5e:88:d7:da:44:e9:74:01:f2:8d:8c:14:
        9e:7a:97:41:a2:2e:61:63:ff:91:f6:39:9d:1e:0d:80:
        83:3c:9a:3c:18:9e:49:b2:08:91:0d:2e:b2:03:49:c4:
        db:a1:7c:50:c3:08:5a:4b:1e:7f:47:d0:d7:e0:2e:19:
        2b:6d:c9:e2:cd:90:a0:ca:39:06:95:13:07:7c:d7:22:
        e4:cc:9d:c7:1d:9a:8a:c4:82:5b:36:39:3c:44:58:b0:
        f5:49:ea:85:e4:a7:ad:2f:5e:80:7b:c5:35:9e:3e:82
    Fingerprint (SHA-256):
        63:4A:E9:CB:3A:17:D7:37:A1:5A:4F:9D:FF:87:3D:76:79:D3:FF:C4:8B:3A:AA:68:6B:3F:C9:74:6A:CA:3D:C8
    Fingerprint (SHA1):
        7D:E1:1B:B6:38:FF:59:0B:C0:19:6D:B8:D9:98:B9:B3:D9:15:EE:DA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE11 EE,O=EE11,C=US"
Certificate 2 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Certificate 3 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7992: CRLDP: Verifying certificate(s)  EE11CA1.der CA1CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g chain -h requireFreshInfo -m crl -f    EE21CA2.der CA2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7993: CRLDP: Verifying certificate(s)  EE21CA2.der CA2CA0.der with flags -d AllDB -pp   -g chain -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE1CA0.der  -t Root.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182977 (0x25714fc1)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=Root ROOT CA,O=Root,C=US"
        Validity:
            Not Before: Tue Jun 28 19:04:53 2016
            Not After : Mon Jun 28 19:04:53 2066
        Subject: "CN=Root ROOT CA,O=Root,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    bf:e6:37:83:6e:65:a2:9e:2f:70:6f:33:9c:7a:65:aa:
                    4e:9c:27:df:cc:99:e2:5d:5e:5c:17:d3:05:c6:3b:1c:
                    83:df:db:be:6a:fe:42:1b:d4:45:45:ee:e4:cc:1b:7f:
                    19:44:04:95:ef:64:c4:69:10:71:c2:27:79:c7:34:f4:
                    4a:18:71:fb:0e:47:a6:22:e7:30:bd:6c:33:ee:ec:07:
                    77:51:a3:d3:46:fb:ff:3c:41:83:dc:34:80:fe:23:74:
                    e3:1b:7e:66:c9:82:bd:d0:c4:f4:8b:6b:67:8d:c3:2b:
                    87:99:56:93:56:b4:d1:50:c4:09:4d:53:cb:a2:8e:e1:
                    2e:9f:cf:0d:d2:df:5a:07:21:9e:b0:a8:c1:dc:91:eb:
                    ba:0b:91:a4:04:71:84:bf:31:00:cb:16:81:d2:38:a9:
                    13:ca:3f:36:11:98:e2:ee:eb:e4:4a:d4:ab:13:56:3d:
                    fd:ef:da:d4:ba:9e:5f:35:13:5c:df:26:ad:bd:53:9d:
                    b7:5f:bc:6f:b2:0d:4e:b8:3a:90:ef:92:8b:b5:ad:7d:
                    a0:0a:03:c9:b4:0c:5f:5d:2b:3f:bb:45:76:82:65:1c:
                    d3:1c:cb:a8:a2:68:c3:07:e4:d5:48:70:74:5a:18:3f:
                    a2:ff:c9:ec:0d:ce:bc:fc:90:31:09:be:a0:60:c1:df
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        79:c8:1b:89:73:70:ee:dc:f1:b1:e8:97:9b:e1:f7:0b:
        0d:a0:8d:c7:34:dc:ce:bc:bb:ff:91:64:5e:c4:75:89:
        07:68:ce:2b:3e:2d:5e:49:5d:0f:19:10:5f:59:18:4b:
        0e:66:90:59:11:4e:22:fa:94:52:71:89:24:0c:e9:e0:
        f8:35:c5:3f:14:4f:77:1e:e0:d7:1d:d7:c9:df:8b:19:
        0d:fe:03:5f:2e:92:99:f5:f5:08:9d:c2:2c:17:98:36:
        23:e0:f8:fb:70:9a:91:b2:de:96:91:4b:bc:55:96:40:
        86:b5:51:b3:7a:13:46:5a:42:40:d1:e5:46:43:43:b9:
        77:4c:2e:19:f9:14:f9:f4:b5:13:6e:44:ad:21:4b:0a:
        02:c7:d5:54:5e:88:d7:da:44:e9:74:01:f2:8d:8c:14:
        9e:7a:97:41:a2:2e:61:63:ff:91:f6:39:9d:1e:0d:80:
        83:3c:9a:3c:18:9e:49:b2:08:91:0d:2e:b2:03:49:c4:
        db:a1:7c:50:c3:08:5a:4b:1e:7f:47:d0:d7:e0:2e:19:
        2b:6d:c9:e2:cd:90:a0:ca:39:06:95:13:07:7c:d7:22:
        e4:cc:9d:c7:1d:9a:8a:c4:82:5b:36:39:3c:44:58:b0:
        f5:49:ea:85:e4:a7:ad:2f:5e:80:7b:c5:35:9e:3e:82
    Fingerprint (SHA-256):
        63:4A:E9:CB:3A:17:D7:37:A1:5A:4F:9D:FF:87:3D:76:79:D3:FF:C4:8B:3A:AA:68:6B:3F:C9:74:6A:CA:3D:C8
    Fingerprint (SHA1):
        7D:E1:1B:B6:38:FF:59:0B:C0:19:6D:B8:D9:98:B9:B3:D9:15:EE:DA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA0 Intermediate,O=CA0,C=US"
Returned value is 0, expected result is pass
chains.sh: #7994: CRLDP: Verifying certificate(s)  EE1CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der
vfychain -d AllDB -pp -vv   -g leaf -h requireFreshInfo -m crl -f    EE2CA0.der  -t Root.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. Root [Certificate Authority]:
  ERROR -8180: Peer's Certificate has been revoked.
  ERROR -8180: Peer's Certificate has been revoked.
Returned value is 1, expected result is fail
chains.sh: #7995: CRLDP: Verifying certificate(s)  EE2CA0.der with flags -d AllDB -pp   -g leaf -h requireFreshInfo -m crl -f    -t Root.der - PASSED
chains.sh: Creating DB RootCADB
certutil -N -d RootCADB -f RootCADB/dbpasswd
chains.sh: #7996: TrustAnchors: Creating DB RootCADB  - PASSED
chains.sh: Creating Root CA RootCA
certutil -s "CN=RootCA ROOT CA, O=RootCA, C=US" -S -n RootCA  -t CTu,CTu,CTu -v 600 -x -d RootCADB -1 -2 -5 -f RootCADB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182981 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #7997: TrustAnchors: Creating Root CA RootCA  - PASSED
chains.sh: Exporting Root CA RootCA.der
certutil -L -d RootCADB -r -n RootCA -o RootCA.der
chains.sh: #7998: TrustAnchors: Exporting Root CA RootCA.der  - PASSED
chains.sh: Creating DB CA1DB
certutil -N -d CA1DB -f CA1DB/dbpasswd
chains.sh: #7999: TrustAnchors: Creating DB CA1DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA1Req.der
certutil -s "CN=CA1 Intermediate, O=CA1, C=US"  -R -2 -d CA1DB -f CA1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #8000: TrustAnchors: Creating Intermediate certifiate request CA1Req.der  - PASSED
chains.sh: Creating certficate CA1RootCA.der signed by RootCA
certutil -C -c RootCA -v 60 -d RootCADB -i CA1Req.der -o CA1RootCA.der -f RootCADB/dbpasswd -m 628182982   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #8001: TrustAnchors: Creating certficate CA1RootCA.der signed by RootCA  - PASSED
chains.sh: Importing certificate CA1RootCA.der to CA1DB database
certutil -A -n CA1 -t u,u,u -d CA1DB -f CA1DB/dbpasswd -i CA1RootCA.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #8002: TrustAnchors: Importing certificate CA1RootCA.der to CA1DB database  - PASSED
chains.sh: Creating DB CA2DB
certutil -N -d CA2DB -f CA2DB/dbpasswd
chains.sh: #8003: TrustAnchors: Creating DB CA2DB  - PASSED
chains.sh: Creating Intermediate certifiate request CA2Req.der
certutil -s "CN=CA2 Intermediate, O=CA2, C=US"  -R -2 -d CA2DB -f CA2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o CA2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #8004: TrustAnchors: Creating Intermediate certifiate request CA2Req.der  - PASSED
chains.sh: Creating certficate CA2CA1.der signed by CA1
certutil -C -c CA1 -v 60 -d CA1DB -i CA2Req.der -o CA2CA1.der -f CA1DB/dbpasswd -m 628182983   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #8005: TrustAnchors: Creating certficate CA2CA1.der signed by CA1  - PASSED
chains.sh: Importing certificate CA2CA1.der to CA2DB database
certutil -A -n CA2 -t u,u,u -d CA2DB -f CA2DB/dbpasswd -i CA2CA1.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #8006: TrustAnchors: Importing certificate CA2CA1.der to CA2DB database  - PASSED
chains.sh: Creating DB EE1DB
certutil -N -d EE1DB -f EE1DB/dbpasswd
chains.sh: #8007: TrustAnchors: Creating DB EE1DB  - PASSED
chains.sh: Creating EE certifiate request EE1Req.der
certutil -s "CN=EE1 EE, O=EE1, C=US"  -R  -d EE1DB -f EE1DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE1Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #8008: TrustAnchors: Creating EE certifiate request EE1Req.der  - PASSED
chains.sh: Creating certficate EE1CA2.der signed by CA2
certutil -C -c CA2 -v 60 -d CA2DB -i EE1Req.der -o EE1CA2.der -f CA2DB/dbpasswd -m 628182984   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #8009: TrustAnchors: Creating certficate EE1CA2.der signed by CA2  - PASSED
chains.sh: Importing certificate EE1CA2.der to EE1DB database
certutil -A -n EE1 -t u,u,u -d EE1DB -f EE1DB/dbpasswd -i EE1CA2.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #8010: TrustAnchors: Importing certificate EE1CA2.der to EE1DB database  - PASSED
chains.sh: Creating DB OtherRootDB
certutil -N -d OtherRootDB -f OtherRootDB/dbpasswd
chains.sh: #8011: TrustAnchors: Creating DB OtherRootDB  - PASSED
chains.sh: Creating Root CA OtherRoot
certutil -s "CN=OtherRoot ROOT CA, O=OtherRoot, C=US" -S -n OtherRoot  -t CTu,CTu,CTu -v 600 -x -d OtherRootDB -1 -2 -5 -f OtherRootDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -m 628182985 < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
5
6
9
n
y
-1
n
5
6
7
9
n
===
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > 		0 - SSL Client
		1 - SSL Server
		2 - S/MIME
		3 - Object Signing
		4 - Reserved for future use
		5 - SSL CA
		6 - S/MIME CA
		7 - Object Signing CA
		Other to finish
 > Notice: Trust flag u is set automatically if the private key is present.
Is this a critical extension [y/N]?
chains.sh: #8012: TrustAnchors: Creating Root CA OtherRoot  - PASSED
chains.sh: Exporting Root CA OtherRoot.der
certutil -L -d OtherRootDB -r -n OtherRoot -o OtherRoot.der
chains.sh: #8013: TrustAnchors: Exporting Root CA OtherRoot.der  - PASSED
chains.sh: Creating DB OtherIntermediateDB
certutil -N -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd
chains.sh: #8014: TrustAnchors: Creating DB OtherIntermediateDB  - PASSED
chains.sh: Creating Intermediate certifiate request OtherIntermediateReq.der
certutil -s "CN=OtherIntermediate Intermediate, O=OtherIntermediate, C=US"  -R -2 -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o OtherIntermediateReq.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
y
-1
y
===
Generating key.  This may take a few moments...
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
chains.sh: #8015: TrustAnchors: Creating Intermediate certifiate request OtherIntermediateReq.der  - PASSED
chains.sh: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot
certutil -C -c OtherRoot -v 60 -d OtherRootDB -i OtherIntermediateReq.der -o OtherIntermediateOtherRoot.der -f OtherRootDB/dbpasswd -m 628182986   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #8016: TrustAnchors: Creating certficate OtherIntermediateOtherRoot.der signed by OtherRoot  - PASSED
chains.sh: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database
certutil -A -n OtherIntermediate -t u,u,u -d OtherIntermediateDB -f OtherIntermediateDB/dbpasswd -i OtherIntermediateOtherRoot.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #8017: TrustAnchors: Importing certificate OtherIntermediateOtherRoot.der to OtherIntermediateDB database  - PASSED
chains.sh: Creating DB EE2DB
certutil -N -d EE2DB -f EE2DB/dbpasswd
chains.sh: #8018: TrustAnchors: Creating DB EE2DB  - PASSED
chains.sh: Creating EE certifiate request EE2Req.der
certutil -s "CN=EE2 EE, O=EE2, C=US"  -R  -d EE2DB -f EE2DB/dbpasswd -z /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/tests_noise -o EE2Req.der  < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
Generating key.  This may take a few moments...
chains.sh: #8019: TrustAnchors: Creating EE certifiate request EE2Req.der  - PASSED
chains.sh: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate
certutil -C -c OtherIntermediate -v 60 -d OtherIntermediateDB -i EE2Req.der -o EE2OtherIntermediate.der -f OtherIntermediateDB/dbpasswd -m 628182987   < /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/cu_data
=== Certutil input data ===
===
chains.sh: #8020: TrustAnchors: Creating certficate EE2OtherIntermediate.der signed by OtherIntermediate  - PASSED
chains.sh: Importing certificate EE2OtherIntermediate.der to EE2DB database
certutil -A -n EE2 -t u,u,u -d EE2DB -f EE2DB/dbpasswd -i EE2OtherIntermediate.der
Notice: Trust flag u is set automatically if the private key is present.
chains.sh: #8021: TrustAnchors: Importing certificate EE2OtherIntermediate.der to EE2DB database  - PASSED
chains.sh: Creating DB DBOnlyDB
certutil -N -d DBOnlyDB -f DBOnlyDB/dbpasswd
chains.sh: #8022: TrustAnchors: Creating DB DBOnlyDB  - PASSED
chains.sh: Importing certificate RootCA.der to DBOnlyDB database
certutil -A -n RootCA  -t "CT,C,C" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i RootCA.der
chains.sh: #8023: TrustAnchors: Importing certificate RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to DBOnlyDB database
certutil -A -n CA1  -t "" -d DBOnlyDB -f DBOnlyDB/dbpasswd -i CA1RootCA.der
chains.sh: #8024: TrustAnchors: Importing certificate CA1RootCA.der to DBOnlyDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp      
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182981 (0x25714fc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:06 2016
            Not After : Mon Jun 28 19:06:06 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:81:15:7d:5e:eb:73:1a:8c:9c:99:42:91:08:7a:a4:
                    2b:a0:25:5a:ed:fe:6d:8d:9b:ac:68:a8:ef:8e:8c:1b:
                    f9:e1:16:56:e1:54:a9:ca:25:4a:8c:e3:9b:28:2c:13:
                    be:e8:84:f9:ca:ee:ee:e1:85:8f:ea:09:f0:d5:df:fe:
                    bf:3d:33:a9:cf:cb:8f:75:fa:9b:3a:f1:28:49:32:e2:
                    94:8e:4a:23:6f:02:71:1e:e6:4b:ed:21:18:f7:22:1e:
                    30:cb:67:be:1f:b4:0a:e1:00:aa:7d:bb:41:a4:e5:53:
                    54:63:93:ed:3c:58:dc:90:e9:3a:f3:8b:34:fe:a3:44:
                    13:f7:51:76:f8:4d:da:f0:ec:27:dd:e5:e1:f5:eb:cd:
                    72:0b:d6:33:ec:5c:a5:47:ca:e9:5e:0f:ef:9f:44:92:
                    38:1b:61:5e:8a:d6:a3:9f:4f:6c:aa:28:71:8e:18:2f:
                    7e:56:4c:f2:52:4f:1c:d6:9f:05:02:f4:21:f6:10:3a:
                    ce:fb:4d:1d:2d:0b:df:ea:14:44:23:68:a3:c8:b5:ca:
                    e6:db:cb:34:30:43:08:6f:9a:c4:fa:c7:e9:34:73:8a:
                    29:e3:0a:40:bc:84:15:3d:26:55:8e:26:2d:ef:b0:c0:
                    af:28:48:aa:93:de:35:7f:15:a3:a4:22:40:ef:aa:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:e4:1f:fb:9b:1e:f2:a2:fd:aa:f2:9e:91:ed:6b:f8:
        87:27:f6:1b:a0:48:d1:0e:3a:ff:22:3b:a8:09:82:f2:
        bd:54:51:33:7b:d1:16:22:b2:66:5e:cc:87:7f:20:2d:
        25:c0:1a:2e:43:c2:4d:e1:2e:79:c0:18:2f:70:ab:39:
        ca:11:2e:98:a2:4d:9c:59:d0:96:14:39:91:78:cf:2c:
        b1:7b:47:ae:86:6d:d9:d0:93:69:66:f1:3e:51:03:41:
        94:14:e0:25:66:50:ad:e8:9e:95:41:6b:fd:27:24:c0:
        c5:30:a5:8c:b1:c2:4d:03:10:ab:44:13:82:09:3f:7c:
        a5:fb:77:ca:fd:08:c2:12:21:7e:98:4e:99:c8:9f:21:
        08:d8:fe:0a:8c:92:c4:d2:e8:41:90:79:4e:10:a5:bf:
        9d:4e:50:ba:ae:09:ee:13:70:77:39:ff:0c:43:3b:8b:
        4e:71:c0:b8:c6:83:d8:3d:a4:b9:92:7c:67:c7:2e:4b:
        99:bf:34:f1:7d:c3:c6:9c:4c:ca:45:bf:13:03:eb:2b:
        d3:b3:42:78:2b:44:6c:33:78:36:1a:a6:6b:8b:08:28:
        5e:9b:87:b6:38:03:0d:fa:df:b0:6e:a0:00:d4:50:5c:
        d4:7c:de:ac:c3:2a:89:e6:0a:c3:4a:a7:bc:e8:1d:39
    Fingerprint (SHA-256):
        2B:00:B4:83:A7:8C:6A:B1:50:C1:F3:9D:85:40:A3:92:34:48:58:E0:09:D1:D8:00:5B:49:B6:38:A5:E8:B9:29
    Fingerprint (SHA1):
        66:DB:87:82:3A:A3:48:72:93:53:11:B1:17:CE:0F:3A:D3:F4:80:4E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8025: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182983 (0x25714fc7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:25 2016
            Not After : Mon Jun 28 19:06:25 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:24:ca:4f:7d:90:5d:32:b6:1a:a8:5d:cc:a9:8b:8f:
                    84:66:b6:7e:bd:01:47:80:e5:f6:1e:e8:c6:44:79:23:
                    55:ed:c9:67:ad:6e:fd:43:d0:b8:7f:14:ce:68:16:e7:
                    2e:a0:22:9f:e3:79:67:f2:e6:05:c5:8a:d3:8b:48:56:
                    d8:e5:70:46:36:14:b5:de:f0:f2:15:23:00:b0:92:94:
                    ef:fd:f7:eb:d0:e9:71:15:9d:71:71:47:a5:af:01:c4:
                    a0:40:28:15:3f:e7:b1:0f:3e:ea:77:42:04:77:28:3c:
                    79:66:89:e9:a6:a1:ff:24:31:ed:d8:4f:c6:22:7b:48:
                    77:59:e9:8a:4d:4f:43:ff:8b:69:97:c7:ce:06:c0:16:
                    34:e0:95:92:e3:00:ca:21:a1:91:ab:63:93:57:db:d9:
                    aa:1e:6c:82:55:e7:dc:96:60:6a:e5:17:8b:a9:47:ff:
                    26:0b:d8:e5:a7:a7:43:46:ae:73:81:2b:9a:19:05:2f:
                    d7:63:75:95:e0:6a:21:28:52:c8:82:20:f7:94:1c:72:
                    5b:15:6d:15:a1:b6:b7:6c:10:48:2c:70:46:a1:9b:8c:
                    61:31:01:e2:d1:54:c0:08:84:ba:52:33:83:77:26:b6:
                    2d:22:5a:ef:31:38:9f:2d:8b:da:b8:4c:77:d3:0f:11
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:b2:39:1c:13:4a:6c:06:a8:4c:e0:d5:65:8f:4f:41:
        f1:91:56:29:0c:ec:bb:09:94:a7:27:75:47:60:57:31:
        7b:1e:f6:6c:1d:14:d0:5e:bb:5b:f9:96:f8:96:7c:5b:
        1d:83:73:81:12:37:53:a9:f8:c8:75:ec:21:f3:24:43:
        b0:9e:f7:3a:0c:d7:f6:bc:34:65:57:f9:8a:d2:c1:c8:
        ef:d8:9e:55:cd:d1:62:0d:15:ec:cd:45:d5:3b:f9:e0:
        f9:42:ce:7e:b8:d2:33:39:cc:69:98:01:06:3c:1b:a1:
        26:29:0f:99:84:24:71:e6:71:db:18:69:39:4b:b6:a9:
        99:df:d6:49:77:f4:36:ae:46:76:a1:11:8d:08:e1:d2:
        10:1e:7f:60:9a:1d:19:e4:ec:3d:36:91:c0:bc:db:6d:
        be:5d:b3:87:05:6f:f4:7a:7a:18:67:d5:cb:9c:c4:d0:
        92:e5:36:60:83:4d:7d:da:c4:32:1a:ed:95:46:b2:c4:
        b2:2b:19:12:ff:e9:bb:db:3f:e4:fb:45:27:d1:2c:65:
        de:56:b4:82:14:35:d8:2f:08:cb:0d:d5:ed:be:93:cc:
        57:3a:01:ea:d3:00:f4:a0:92:61:5e:d0:52:ab:ed:c2:
        92:9e:08:35:88:14:8d:46:fc:83:82:bf:eb:49:dc:c6
    Fingerprint (SHA-256):
        C2:66:4D:7A:F0:CF:C8:2E:08:DB:54:BB:02:5C:92:0E:22:EC:4B:77:E8:43:95:F0:D1:BD:FF:12:C2:B8:E9:64
    Fingerprint (SHA1):
        49:4B:77:AF:8B:4C:F6:03:25:14:5A:26:2A:DB:C7:0C:04:FB:26:BF
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8026: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d DBOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA
vfychain -d DBOnlyDB -pp -vv       EE1CA2.der CA2CA1.der  -t RootCA
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182981 (0x25714fc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:06 2016
            Not After : Mon Jun 28 19:06:06 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:81:15:7d:5e:eb:73:1a:8c:9c:99:42:91:08:7a:a4:
                    2b:a0:25:5a:ed:fe:6d:8d:9b:ac:68:a8:ef:8e:8c:1b:
                    f9:e1:16:56:e1:54:a9:ca:25:4a:8c:e3:9b:28:2c:13:
                    be:e8:84:f9:ca:ee:ee:e1:85:8f:ea:09:f0:d5:df:fe:
                    bf:3d:33:a9:cf:cb:8f:75:fa:9b:3a:f1:28:49:32:e2:
                    94:8e:4a:23:6f:02:71:1e:e6:4b:ed:21:18:f7:22:1e:
                    30:cb:67:be:1f:b4:0a:e1:00:aa:7d:bb:41:a4:e5:53:
                    54:63:93:ed:3c:58:dc:90:e9:3a:f3:8b:34:fe:a3:44:
                    13:f7:51:76:f8:4d:da:f0:ec:27:dd:e5:e1:f5:eb:cd:
                    72:0b:d6:33:ec:5c:a5:47:ca:e9:5e:0f:ef:9f:44:92:
                    38:1b:61:5e:8a:d6:a3:9f:4f:6c:aa:28:71:8e:18:2f:
                    7e:56:4c:f2:52:4f:1c:d6:9f:05:02:f4:21:f6:10:3a:
                    ce:fb:4d:1d:2d:0b:df:ea:14:44:23:68:a3:c8:b5:ca:
                    e6:db:cb:34:30:43:08:6f:9a:c4:fa:c7:e9:34:73:8a:
                    29:e3:0a:40:bc:84:15:3d:26:55:8e:26:2d:ef:b0:c0:
                    af:28:48:aa:93:de:35:7f:15:a3:a4:22:40:ef:aa:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:e4:1f:fb:9b:1e:f2:a2:fd:aa:f2:9e:91:ed:6b:f8:
        87:27:f6:1b:a0:48:d1:0e:3a:ff:22:3b:a8:09:82:f2:
        bd:54:51:33:7b:d1:16:22:b2:66:5e:cc:87:7f:20:2d:
        25:c0:1a:2e:43:c2:4d:e1:2e:79:c0:18:2f:70:ab:39:
        ca:11:2e:98:a2:4d:9c:59:d0:96:14:39:91:78:cf:2c:
        b1:7b:47:ae:86:6d:d9:d0:93:69:66:f1:3e:51:03:41:
        94:14:e0:25:66:50:ad:e8:9e:95:41:6b:fd:27:24:c0:
        c5:30:a5:8c:b1:c2:4d:03:10:ab:44:13:82:09:3f:7c:
        a5:fb:77:ca:fd:08:c2:12:21:7e:98:4e:99:c8:9f:21:
        08:d8:fe:0a:8c:92:c4:d2:e8:41:90:79:4e:10:a5:bf:
        9d:4e:50:ba:ae:09:ee:13:70:77:39:ff:0c:43:3b:8b:
        4e:71:c0:b8:c6:83:d8:3d:a4:b9:92:7c:67:c7:2e:4b:
        99:bf:34:f1:7d:c3:c6:9c:4c:ca:45:bf:13:03:eb:2b:
        d3:b3:42:78:2b:44:6c:33:78:36:1a:a6:6b:8b:08:28:
        5e:9b:87:b6:38:03:0d:fa:df:b0:6e:a0:00:d4:50:5c:
        d4:7c:de:ac:c3:2a:89:e6:0a:c3:4a:a7:bc:e8:1d:39
    Fingerprint (SHA-256):
        2B:00:B4:83:A7:8C:6A:B1:50:C1:F3:9D:85:40:A3:92:34:48:58:E0:09:D1:D8:00:5B:49:B6:38:A5:E8:B9:29
    Fingerprint (SHA1):
        66:DB:87:82:3A:A3:48:72:93:53:11:B1:17:CE:0F:3A:D3:F4:80:4E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8027: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d DBOnlyDB -pp       -t RootCA - PASSED
chains.sh: Creating DB TrustOnlyDB
certutil -N -d TrustOnlyDB -f TrustOnlyDB/dbpasswd
chains.sh: #8028: TrustAnchors: Creating DB TrustOnlyDB  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der CA2CA1.der CA1RootCA.der  -t RootCA.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182981 (0x25714fc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:06 2016
            Not After : Mon Jun 28 19:06:06 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:81:15:7d:5e:eb:73:1a:8c:9c:99:42:91:08:7a:a4:
                    2b:a0:25:5a:ed:fe:6d:8d:9b:ac:68:a8:ef:8e:8c:1b:
                    f9:e1:16:56:e1:54:a9:ca:25:4a:8c:e3:9b:28:2c:13:
                    be:e8:84:f9:ca:ee:ee:e1:85:8f:ea:09:f0:d5:df:fe:
                    bf:3d:33:a9:cf:cb:8f:75:fa:9b:3a:f1:28:49:32:e2:
                    94:8e:4a:23:6f:02:71:1e:e6:4b:ed:21:18:f7:22:1e:
                    30:cb:67:be:1f:b4:0a:e1:00:aa:7d:bb:41:a4:e5:53:
                    54:63:93:ed:3c:58:dc:90:e9:3a:f3:8b:34:fe:a3:44:
                    13:f7:51:76:f8:4d:da:f0:ec:27:dd:e5:e1:f5:eb:cd:
                    72:0b:d6:33:ec:5c:a5:47:ca:e9:5e:0f:ef:9f:44:92:
                    38:1b:61:5e:8a:d6:a3:9f:4f:6c:aa:28:71:8e:18:2f:
                    7e:56:4c:f2:52:4f:1c:d6:9f:05:02:f4:21:f6:10:3a:
                    ce:fb:4d:1d:2d:0b:df:ea:14:44:23:68:a3:c8:b5:ca:
                    e6:db:cb:34:30:43:08:6f:9a:c4:fa:c7:e9:34:73:8a:
                    29:e3:0a:40:bc:84:15:3d:26:55:8e:26:2d:ef:b0:c0:
                    af:28:48:aa:93:de:35:7f:15:a3:a4:22:40:ef:aa:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:e4:1f:fb:9b:1e:f2:a2:fd:aa:f2:9e:91:ed:6b:f8:
        87:27:f6:1b:a0:48:d1:0e:3a:ff:22:3b:a8:09:82:f2:
        bd:54:51:33:7b:d1:16:22:b2:66:5e:cc:87:7f:20:2d:
        25:c0:1a:2e:43:c2:4d:e1:2e:79:c0:18:2f:70:ab:39:
        ca:11:2e:98:a2:4d:9c:59:d0:96:14:39:91:78:cf:2c:
        b1:7b:47:ae:86:6d:d9:d0:93:69:66:f1:3e:51:03:41:
        94:14:e0:25:66:50:ad:e8:9e:95:41:6b:fd:27:24:c0:
        c5:30:a5:8c:b1:c2:4d:03:10:ab:44:13:82:09:3f:7c:
        a5:fb:77:ca:fd:08:c2:12:21:7e:98:4e:99:c8:9f:21:
        08:d8:fe:0a:8c:92:c4:d2:e8:41:90:79:4e:10:a5:bf:
        9d:4e:50:ba:ae:09:ee:13:70:77:39:ff:0c:43:3b:8b:
        4e:71:c0:b8:c6:83:d8:3d:a4:b9:92:7c:67:c7:2e:4b:
        99:bf:34:f1:7d:c3:c6:9c:4c:ca:45:bf:13:03:eb:2b:
        d3:b3:42:78:2b:44:6c:33:78:36:1a:a6:6b:8b:08:28:
        5e:9b:87:b6:38:03:0d:fa:df:b0:6e:a0:00:d4:50:5c:
        d4:7c:de:ac:c3:2a:89:e6:0a:c3:4a:a7:bc:e8:1d:39
    Fingerprint (SHA-256):
        2B:00:B4:83:A7:8C:6A:B1:50:C1:F3:9D:85:40:A3:92:34:48:58:E0:09:D1:D8:00:5B:49:B6:38:A5:E8:B9:29
    Fingerprint (SHA1):
        66:DB:87:82:3A:A3:48:72:93:53:11:B1:17:CE:0F:3A:D3:F4:80:4E
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8029: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der CA1RootCA.der with flags -d TrustOnlyDB -pp       -t RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der
vfychain -d TrustOnlyDB -pp -vv       EE1CA2.der  -t CA2CA1.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182983 (0x25714fc7)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=CA1 Intermediate,O=CA1,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:25 2016
            Not After : Mon Jun 28 19:06:25 2021
        Subject: "CN=CA2 Intermediate,O=CA2,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    9b:24:ca:4f:7d:90:5d:32:b6:1a:a8:5d:cc:a9:8b:8f:
                    84:66:b6:7e:bd:01:47:80:e5:f6:1e:e8:c6:44:79:23:
                    55:ed:c9:67:ad:6e:fd:43:d0:b8:7f:14:ce:68:16:e7:
                    2e:a0:22:9f:e3:79:67:f2:e6:05:c5:8a:d3:8b:48:56:
                    d8:e5:70:46:36:14:b5:de:f0:f2:15:23:00:b0:92:94:
                    ef:fd:f7:eb:d0:e9:71:15:9d:71:71:47:a5:af:01:c4:
                    a0:40:28:15:3f:e7:b1:0f:3e:ea:77:42:04:77:28:3c:
                    79:66:89:e9:a6:a1:ff:24:31:ed:d8:4f:c6:22:7b:48:
                    77:59:e9:8a:4d:4f:43:ff:8b:69:97:c7:ce:06:c0:16:
                    34:e0:95:92:e3:00:ca:21:a1:91:ab:63:93:57:db:d9:
                    aa:1e:6c:82:55:e7:dc:96:60:6a:e5:17:8b:a9:47:ff:
                    26:0b:d8:e5:a7:a7:43:46:ae:73:81:2b:9a:19:05:2f:
                    d7:63:75:95:e0:6a:21:28:52:c8:82:20:f7:94:1c:72:
                    5b:15:6d:15:a1:b6:b7:6c:10:48:2c:70:46:a1:9b:8c:
                    61:31:01:e2:d1:54:c0:08:84:ba:52:33:83:77:26:b6:
                    2d:22:5a:ef:31:38:9f:2d:8b:da:b8:4c:77:d3:0f:11
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        54:b2:39:1c:13:4a:6c:06:a8:4c:e0:d5:65:8f:4f:41:
        f1:91:56:29:0c:ec:bb:09:94:a7:27:75:47:60:57:31:
        7b:1e:f6:6c:1d:14:d0:5e:bb:5b:f9:96:f8:96:7c:5b:
        1d:83:73:81:12:37:53:a9:f8:c8:75:ec:21:f3:24:43:
        b0:9e:f7:3a:0c:d7:f6:bc:34:65:57:f9:8a:d2:c1:c8:
        ef:d8:9e:55:cd:d1:62:0d:15:ec:cd:45:d5:3b:f9:e0:
        f9:42:ce:7e:b8:d2:33:39:cc:69:98:01:06:3c:1b:a1:
        26:29:0f:99:84:24:71:e6:71:db:18:69:39:4b:b6:a9:
        99:df:d6:49:77:f4:36:ae:46:76:a1:11:8d:08:e1:d2:
        10:1e:7f:60:9a:1d:19:e4:ec:3d:36:91:c0:bc:db:6d:
        be:5d:b3:87:05:6f:f4:7a:7a:18:67:d5:cb:9c:c4:d0:
        92:e5:36:60:83:4d:7d:da:c4:32:1a:ed:95:46:b2:c4:
        b2:2b:19:12:ff:e9:bb:db:3f:e4:fb:45:27:d1:2c:65:
        de:56:b4:82:14:35:d8:2f:08:cb:0d:d5:ed:be:93:cc:
        57:3a:01:ea:d3:00:f4:a0:92:61:5e:d0:52:ab:ed:c2:
        92:9e:08:35:88:14:8d:46:fc:83:82:bf:eb:49:dc:c6
    Fingerprint (SHA-256):
        C2:66:4D:7A:F0:CF:C8:2E:08:DB:54:BB:02:5C:92:0E:22:EC:4B:77:E8:43:95:F0:D1:BD:FF:12:C2:B8:E9:64
    Fingerprint (SHA1):
        49:4B:77:AF:8B:4C:F6:03:25:14:5A:26:2A:DB:C7:0C:04:FB:26:BF
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8030: TrustAnchors: Verifying certificate(s)  EE1CA2.der with flags -d TrustOnlyDB -pp       -t CA2CA1.der - PASSED
chains.sh: Creating DB TrustAndDBDB
certutil -N -d TrustAndDBDB -f TrustAndDBDB/dbpasswd
chains.sh: #8031: TrustAnchors: Creating DB TrustAndDBDB  - PASSED
chains.sh: Importing certificate RootCA.der to TrustAndDBDB database
certutil -A -n RootCA  -t "CT,C,C" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i RootCA.der
chains.sh: #8032: TrustAnchors: Importing certificate RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to TrustAndDBDB database
certutil -A -n CA1  -t "" -d TrustAndDBDB -f TrustAndDBDB/dbpasswd -i CA1RootCA.der
chains.sh: #8033: TrustAnchors: Importing certificate CA1RootCA.der to TrustAndDBDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp      
vfychain -d TrustAndDBDB -pp -vv       EE1CA2.der CA2CA1.der 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182981 (0x25714fc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:06 2016
            Not After : Mon Jun 28 19:06:06 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:81:15:7d:5e:eb:73:1a:8c:9c:99:42:91:08:7a:a4:
                    2b:a0:25:5a:ed:fe:6d:8d:9b:ac:68:a8:ef:8e:8c:1b:
                    f9:e1:16:56:e1:54:a9:ca:25:4a:8c:e3:9b:28:2c:13:
                    be:e8:84:f9:ca:ee:ee:e1:85:8f:ea:09:f0:d5:df:fe:
                    bf:3d:33:a9:cf:cb:8f:75:fa:9b:3a:f1:28:49:32:e2:
                    94:8e:4a:23:6f:02:71:1e:e6:4b:ed:21:18:f7:22:1e:
                    30:cb:67:be:1f:b4:0a:e1:00:aa:7d:bb:41:a4:e5:53:
                    54:63:93:ed:3c:58:dc:90:e9:3a:f3:8b:34:fe:a3:44:
                    13:f7:51:76:f8:4d:da:f0:ec:27:dd:e5:e1:f5:eb:cd:
                    72:0b:d6:33:ec:5c:a5:47:ca:e9:5e:0f:ef:9f:44:92:
                    38:1b:61:5e:8a:d6:a3:9f:4f:6c:aa:28:71:8e:18:2f:
                    7e:56:4c:f2:52:4f:1c:d6:9f:05:02:f4:21:f6:10:3a:
                    ce:fb:4d:1d:2d:0b:df:ea:14:44:23:68:a3:c8:b5:ca:
                    e6:db:cb:34:30:43:08:6f:9a:c4:fa:c7:e9:34:73:8a:
                    29:e3:0a:40:bc:84:15:3d:26:55:8e:26:2d:ef:b0:c0:
                    af:28:48:aa:93:de:35:7f:15:a3:a4:22:40:ef:aa:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:e4:1f:fb:9b:1e:f2:a2:fd:aa:f2:9e:91:ed:6b:f8:
        87:27:f6:1b:a0:48:d1:0e:3a:ff:22:3b:a8:09:82:f2:
        bd:54:51:33:7b:d1:16:22:b2:66:5e:cc:87:7f:20:2d:
        25:c0:1a:2e:43:c2:4d:e1:2e:79:c0:18:2f:70:ab:39:
        ca:11:2e:98:a2:4d:9c:59:d0:96:14:39:91:78:cf:2c:
        b1:7b:47:ae:86:6d:d9:d0:93:69:66:f1:3e:51:03:41:
        94:14:e0:25:66:50:ad:e8:9e:95:41:6b:fd:27:24:c0:
        c5:30:a5:8c:b1:c2:4d:03:10:ab:44:13:82:09:3f:7c:
        a5:fb:77:ca:fd:08:c2:12:21:7e:98:4e:99:c8:9f:21:
        08:d8:fe:0a:8c:92:c4:d2:e8:41:90:79:4e:10:a5:bf:
        9d:4e:50:ba:ae:09:ee:13:70:77:39:ff:0c:43:3b:8b:
        4e:71:c0:b8:c6:83:d8:3d:a4:b9:92:7c:67:c7:2e:4b:
        99:bf:34:f1:7d:c3:c6:9c:4c:ca:45:bf:13:03:eb:2b:
        d3:b3:42:78:2b:44:6c:33:78:36:1a:a6:6b:8b:08:28:
        5e:9b:87:b6:38:03:0d:fa:df:b0:6e:a0:00:d4:50:5c:
        d4:7c:de:ac:c3:2a:89:e6:0a:c3:4a:a7:bc:e8:1d:39
    Fingerprint (SHA-256):
        2B:00:B4:83:A7:8C:6A:B1:50:C1:F3:9D:85:40:A3:92:34:48:58:E0:09:D1:D8:00:5B:49:B6:38:A5:E8:B9:29
    Fingerprint (SHA1):
        66:DB:87:82:3A:A3:48:72:93:53:11:B1:17:CE:0F:3A:D3:F4:80:4E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8034: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp       - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv       EE2OtherIntermediate.der OtherIntermediateOtherRoot.der  -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182985 (0x25714fc9)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:35 2016
            Not After : Mon Jun 28 19:06:35 2066
        Subject: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    b4:d2:5a:55:0e:70:89:98:7b:ab:dd:0f:86:fa:7f:10:
                    2b:3e:28:e7:84:b2:63:4d:ab:d3:9a:27:85:00:aa:0e:
                    21:84:60:55:e6:61:0a:7e:3d:8d:0f:12:c4:30:5a:31:
                    78:35:6b:2b:d4:94:ab:d1:51:84:d7:f5:da:8c:28:e0:
                    66:78:ea:52:ec:ef:f8:a9:f0:dd:3b:fd:17:07:08:55:
                    09:20:23:dd:cd:03:d2:99:ae:5a:5f:6c:1a:4d:b2:6f:
                    28:2f:7c:d5:f1:e2:6c:52:ed:b0:1d:22:60:77:0b:ab:
                    0d:f0:95:24:cc:5b:ff:c2:78:a8:00:6e:fc:34:50:29:
                    cf:62:cc:a4:ab:4a:78:69:fc:26:0e:ac:2d:76:5a:99:
                    8f:03:a1:ca:31:c4:7b:e9:d4:9b:e5:53:17:76:b4:79:
                    dd:59:e1:3a:ef:fe:cc:d9:96:3a:49:ec:27:94:ae:eb:
                    82:34:2e:42:ea:ab:41:b6:a4:73:b1:b1:ec:a0:a5:ac:
                    6e:83:f8:2d:79:7b:9b:6a:2d:f2:83:b2:9d:3e:46:58:
                    85:66:a2:e0:09:e6:63:ca:d1:56:22:4b:d2:27:72:5c:
                    76:68:08:be:c6:6b:49:37:f0:11:34:31:63:c6:0c:d2:
                    79:f8:e0:73:cc:b6:e7:04:7f:43:83:d9:52:b5:71:31
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        01:31:88:fa:1f:37:d3:53:d6:90:d6:37:ad:16:80:ac:
        75:c2:a5:14:2a:18:a7:54:a0:24:21:83:df:d3:5d:05:
        4e:d2:74:66:e0:49:fe:ff:d3:23:e5:63:9d:e0:99:db:
        e7:02:81:2f:da:a7:df:40:84:d4:1c:92:1d:4c:f5:32:
        37:13:51:32:9a:bc:cd:fb:ba:24:81:c9:d9:b1:95:13:
        56:24:44:e2:52:01:d5:cc:f2:5f:51:df:58:9d:56:a3:
        9d:67:63:76:ec:bb:78:89:94:0c:76:cd:97:c4:5b:18:
        45:5e:78:29:11:ac:cc:de:7c:bb:6b:c8:1b:4e:d6:ad:
        94:8f:fb:9c:bf:0c:d3:0c:8f:f8:d1:b8:f6:90:fb:52:
        e0:04:44:1e:25:7f:fd:7b:bf:4d:0c:7a:ce:27:d0:b1:
        72:f7:0f:5b:ad:f1:9a:30:1d:8c:98:e7:5d:51:ca:d2:
        6a:65:98:25:cd:c2:56:f1:6e:da:d7:42:3e:fa:7d:40:
        74:53:f6:5a:6f:73:0c:6e:b8:0f:30:d2:1f:d6:e0:0c:
        6d:27:13:74:27:8d:46:21:9a:3d:00:36:fb:c5:bd:a1:
        d2:1f:1e:96:bd:d2:91:2e:e7:cb:e4:c5:bd:36:a6:8e:
        dc:69:fe:23:ac:7e:7b:12:d4:82:8e:e2:29:05:59:c9
    Fingerprint (SHA-256):
        AE:5D:84:09:3C:6D:C6:54:2B:C6:2C:EB:88:B9:F8:BD:F5:6C:B7:5F:D3:21:F0:24:8E:A6:D4:DD:8E:51:EE:22
    Fingerprint (SHA1):
        BC:E7:6E:B3:05:43:3C:D0:7A:3D:FD:3B:A1:4D:69:2F:A6:0C:DE:B2
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Certificate 2 Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate
    ,C=US"
Returned value is 0, expected result is pass
chains.sh: #8035: TrustAnchors: Verifying certificate(s)  EE2OtherIntermediate.der OtherIntermediateOtherRoot.der with flags -d TrustAndDBDB -pp       -t OtherRoot.der - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der
vfychain -d TrustAndDBDB -pp -vv -T      EE1CA2.der CA2CA1.der  -t OtherIntermediateOtherRoot.der -t OtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182981 (0x25714fc5)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:06 2016
            Not After : Mon Jun 28 19:06:06 2066
        Subject: "CN=RootCA ROOT CA,O=RootCA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c5:81:15:7d:5e:eb:73:1a:8c:9c:99:42:91:08:7a:a4:
                    2b:a0:25:5a:ed:fe:6d:8d:9b:ac:68:a8:ef:8e:8c:1b:
                    f9:e1:16:56:e1:54:a9:ca:25:4a:8c:e3:9b:28:2c:13:
                    be:e8:84:f9:ca:ee:ee:e1:85:8f:ea:09:f0:d5:df:fe:
                    bf:3d:33:a9:cf:cb:8f:75:fa:9b:3a:f1:28:49:32:e2:
                    94:8e:4a:23:6f:02:71:1e:e6:4b:ed:21:18:f7:22:1e:
                    30:cb:67:be:1f:b4:0a:e1:00:aa:7d:bb:41:a4:e5:53:
                    54:63:93:ed:3c:58:dc:90:e9:3a:f3:8b:34:fe:a3:44:
                    13:f7:51:76:f8:4d:da:f0:ec:27:dd:e5:e1:f5:eb:cd:
                    72:0b:d6:33:ec:5c:a5:47:ca:e9:5e:0f:ef:9f:44:92:
                    38:1b:61:5e:8a:d6:a3:9f:4f:6c:aa:28:71:8e:18:2f:
                    7e:56:4c:f2:52:4f:1c:d6:9f:05:02:f4:21:f6:10:3a:
                    ce:fb:4d:1d:2d:0b:df:ea:14:44:23:68:a3:c8:b5:ca:
                    e6:db:cb:34:30:43:08:6f:9a:c4:fa:c7:e9:34:73:8a:
                    29:e3:0a:40:bc:84:15:3d:26:55:8e:26:2d:ef:b0:c0:
                    af:28:48:aa:93:de:35:7f:15:a3:a4:22:40:ef:aa:3d
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        9c:e4:1f:fb:9b:1e:f2:a2:fd:aa:f2:9e:91:ed:6b:f8:
        87:27:f6:1b:a0:48:d1:0e:3a:ff:22:3b:a8:09:82:f2:
        bd:54:51:33:7b:d1:16:22:b2:66:5e:cc:87:7f:20:2d:
        25:c0:1a:2e:43:c2:4d:e1:2e:79:c0:18:2f:70:ab:39:
        ca:11:2e:98:a2:4d:9c:59:d0:96:14:39:91:78:cf:2c:
        b1:7b:47:ae:86:6d:d9:d0:93:69:66:f1:3e:51:03:41:
        94:14:e0:25:66:50:ad:e8:9e:95:41:6b:fd:27:24:c0:
        c5:30:a5:8c:b1:c2:4d:03:10:ab:44:13:82:09:3f:7c:
        a5:fb:77:ca:fd:08:c2:12:21:7e:98:4e:99:c8:9f:21:
        08:d8:fe:0a:8c:92:c4:d2:e8:41:90:79:4e:10:a5:bf:
        9d:4e:50:ba:ae:09:ee:13:70:77:39:ff:0c:43:3b:8b:
        4e:71:c0:b8:c6:83:d8:3d:a4:b9:92:7c:67:c7:2e:4b:
        99:bf:34:f1:7d:c3:c6:9c:4c:ca:45:bf:13:03:eb:2b:
        d3:b3:42:78:2b:44:6c:33:78:36:1a:a6:6b:8b:08:28:
        5e:9b:87:b6:38:03:0d:fa:df:b0:6e:a0:00:d4:50:5c:
        d4:7c:de:ac:c3:2a:89:e6:0a:c3:4a:a7:bc:e8:1d:39
    Fingerprint (SHA-256):
        2B:00:B4:83:A7:8C:6A:B1:50:C1:F3:9D:85:40:A3:92:34:48:58:E0:09:D1:D8:00:5B:49:B6:38:A5:E8:B9:29
    Fingerprint (SHA1):
        66:DB:87:82:3A:A3:48:72:93:53:11:B1:17:CE:0F:3A:D3:F4:80:4E
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=EE1 EE,O=EE1,C=US"
Certificate 2 Subject: "CN=CA2 Intermediate,O=CA2,C=US"
Certificate 3 Subject: "CN=CA1 Intermediate,O=CA1,C=US"
Returned value is 0, expected result is pass
chains.sh: #8036: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d TrustAndDBDB -pp -T      -t OtherIntermediateOtherRoot.der -t OtherRoot.der - PASSED
chains.sh: Creating DB ExplicitDistrustDB
certutil -N -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd
chains.sh: #8037: TrustAnchors: Creating DB ExplicitDistrustDB  - PASSED
chains.sh: Importing certificate RootCA.der to ExplicitDistrustDB database
certutil -A -n RootCA  -t "CT,C,C" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i RootCA.der
chains.sh: #8038: TrustAnchors: Importing certificate RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate CA1RootCA.der to ExplicitDistrustDB database
certutil -A -n CA1  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i CA1RootCA.der
chains.sh: #8039: TrustAnchors: Importing certificate CA1RootCA.der to ExplicitDistrustDB database  - PASSED
chains.sh: Importing certificate OtherRoot.der to ExplicitDistrustDB database
certutil -A -n OtherRoot  -t "p,p,p" -d ExplicitDistrustDB -f ExplicitDistrustDB/dbpasswd -i OtherRoot.der
chains.sh: #8040: TrustAnchors: Importing certificate OtherRoot.der to ExplicitDistrustDB database  - PASSED
chains.sh: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der
vfychain -d ExplicitDistrustDB -pp -vv       EE1CA2.der CA2CA1.der  -t CA1RootCA.der
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CA1 [Certificate Authority]:
  ERROR -8171: Peer's certificate has been marked as not trusted by the user.
Returned value is 1, expected result is fail
chains.sh: #8041: TrustAnchors: Verifying certificate(s)  EE1CA2.der CA2CA1.der with flags -d ExplicitDistrustDB -pp       -t CA1RootCA.der - PASSED
chains.sh: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der
vfychain -d ExplicitDistrustDB -pp -vv       EE2OtherIntermediate.der  -t OtherIntermediateOtherRoot.der
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 628182986 (0x25714fca)
        Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
        Issuer: "CN=OtherRoot ROOT CA,O=OtherRoot,C=US"
        Validity:
            Not Before: Tue Jun 28 19:06:38 2016
            Not After : Mon Jun 28 19:06:38 2021
        Subject: "CN=OtherIntermediate Intermediate,O=OtherIntermediate,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    f1:2e:59:d4:42:30:75:7e:91:25:39:f7:90:38:a8:c4:
                    b6:18:8c:0e:41:b8:61:c1:9d:3f:3c:d9:e8:91:d4:39:
                    41:4a:07:e5:f5:42:af:05:04:db:27:ba:cd:40:8d:b6:
                    5c:4b:a7:37:39:97:a6:b3:ab:39:b0:5c:4d:93:99:57:
                    7b:e5:1a:9b:28:69:3c:e0:26:da:94:f5:5d:d6:cd:2d:
                    09:4f:c4:ac:f9:5b:7f:37:0c:f5:69:0e:b5:5e:2d:f7:
                    73:02:e4:68:aa:e5:71:31:e6:06:f7:e8:ac:8a:b7:96:
                    b7:03:82:53:fa:48:08:20:fb:dc:bb:62:1e:88:cb:50:
                    8f:4a:06:27:8b:81:62:d7:9b:18:81:3d:1c:f2:0d:41:
                    61:41:3c:53:bd:7a:31:4b:08:09:45:7c:e1:3d:9d:ed:
                    e9:c1:d3:ac:c2:39:72:ed:6d:e9:40:07:d7:9a:d0:bb:
                    23:07:85:77:c9:e3:b6:b7:46:4a:1f:63:db:b1:8c:a9:
                    7c:b7:39:a7:c8:91:13:38:42:76:74:0f:b0:99:bd:26:
                    6e:36:78:73:ba:b8:c0:56:f4:aa:90:68:00:a6:16:53:
                    e7:6e:b9:db:19:92:fd:9b:bc:7a:87:9d:fa:f9:91:fc:
                    2b:d4:27:46:19:8b:b5:05:ba:6c:19:2e:1d:76:19:8b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with no maximum path length.
    Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
    Signature:
        6e:32:e7:30:67:62:fd:2e:9f:f0:46:d6:5c:2f:4f:31:
        62:a4:9f:3c:0d:6a:f3:73:69:cc:8d:9a:e1:d2:e4:c1:
        f5:4a:21:f6:6a:1c:4e:73:0a:36:ff:74:75:36:97:06:
        a0:ed:3f:e3:65:0b:d5:51:fd:60:b5:39:02:1b:12:0a:
        65:75:c3:4b:44:5c:9d:1c:4b:05:c0:80:c9:c2:a1:7f:
        90:28:1e:86:5c:2c:44:4c:4a:44:70:82:ee:5a:28:22:
        f1:af:2a:68:9e:4a:30:14:27:6e:78:87:7e:44:92:35:
        32:9c:0b:95:46:56:1f:04:48:40:3d:53:44:78:9e:f5:
        6f:d2:70:d5:10:ae:35:37:93:29:06:3e:3d:5f:d3:c8:
        24:dd:6e:0d:20:71:62:c5:d2:49:e2:28:b0:63:1d:24:
        a6:92:b6:53:47:a1:b5:bc:ba:df:0c:71:c1:61:a6:86:
        5e:bb:37:6b:61:4d:19:6e:10:72:5b:23:63:1f:90:cc:
        cb:05:19:47:84:f9:f6:6a:a3:96:db:31:cd:37:b7:b0:
        0b:00:53:0d:59:b3:51:9e:07:37:4a:94:68:31:90:71:
        4b:ee:9b:bb:d5:0d:70:87:70:31:d6:33:21:31:2e:79:
        e6:7e:c9:b6:9c:94:87:a6:2d:01:cd:f8:5d:94:da:41
    Fingerprint (SHA-256):
        09:DB:2E:00:10:F6:56:F8:B4:46:77:2B:39:EA:3A:BA:2D:52:64:4F:98:29:88:20:D0:5D:7C:C7:10:0F:AB:49
    Fingerprint (SHA1):
        17:CE:48:3F:9E:4D:0A:6F:80:60:4A:D8:99:FE:E1:47:71:B6:C8:81
Certificate 1 Subject: "CN=EE2 EE,O=EE2,C=US"
Returned value is 0, expected result is pass
chains.sh: #8042: Verifying certificate(s)  EE2OtherIntermediate.der with flags -d ExplicitDistrustDB -pp       -t OtherIntermediateOtherRoot.der - PASSED
chains.sh: Creating DB trustanchorsDB
certutil -N -d trustanchorsDB -f trustanchorsDB/dbpasswd
chains.sh: #8043: TrustAnchors: Creating DB trustanchorsDB  - PASSED
chains.sh: Importing certificate NameConstraints.ca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ca.cert
chains.sh: #8044: TrustAnchors: Importing certificate NameConstraints.ca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database
certutil -A -n NameConstraints.ncca  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.ncca.cert
chains.sh: #8045: TrustAnchors: Importing certificate NameConstraints.ncca.cert to trustanchorsDB database  - PASSED
chains.sh: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database
certutil -A -n NameConstraints.dcisscopy  -t "CT,C,C" -d trustanchorsDB -f trustanchorsDB/dbpasswd -i /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcisscopy.cert
chains.sh: #8046: TrustAnchors: Importing certificate NameConstraints.dcisscopy.cert to trustanchorsDB database  - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server1.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #8047: TrustAnchors: Verifying certificate(s)  NameConstraints.server1.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8048: TrustAnchors: Verifying certificate(s)  NameConstraints.server2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server3.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test.example,O=BOGUS NSS,L=Mountain View,ST=Califo
    rnia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #8049: TrustAnchors: Verifying certificate(s)  NameConstraints.server3.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #8050: TrustAnchors: Verifying certificate(s)  NameConstraints.server4.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8051: TrustAnchors: Verifying certificate(s)  NameConstraints.server5.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server6.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate2.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test2.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=BOGUS NSS,L=Mountain View,
    ST=California,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA,O=BOGUS NSS,L=Mountain View,ST
    =California,C=US"
Returned value is 0, expected result is pass
chains.sh: #8052: TrustAnchors: Verifying certificate(s)  NameConstraints.server6.cert NameConstraints.intermediate2.cert NameConstraints.intermediate.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server7.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,OU=bar,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #8053: TrustAnchors: Verifying certificate(s)  NameConstraints.server7.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server8.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=bat.foo.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #8054: TrustAnchors: Verifying certificate(s)  NameConstraints.server8.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server9.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #8055: TrustAnchors: Verifying certificate(s)  NameConstraints.server9.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server10.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8056: TrustAnchors: Verifying certificate(s)  NameConstraints.server10.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server11.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1 (0x1)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=U
            S"
        Validity:
            Not Before: Wed Dec 04 01:22:58 2013
            Not After : Mon Dec 04 01:22:58 2023
        Subject: "CN=NSS Test CA,O=BOGUS NSS,L=Mountain View,ST=California,C=
            US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:a2:61:5c:94:82:74:ad:40:d1:ea:b6:ba:d2:e5:49:
                    0e:fa:dc:08:c1:30:0e:1e:ca:b2:db:2c:ef:84:25:03:
                    7f:18:db:32:ec:d9:18:75:8d:32:bc:86:93:ea:92:8c:
                    c7:e2:a5:24:64:83:03:89:1f:97:aa:a6:42:6b:5b:a4:
                    0d:ae:51:8a:56:b3:b0:38:0c:d6:32:b7:a1:05:53:b1:
                    75:87:0c:33:76:28:02:36:e1:0e:d8:6b:a7:60:36:26:
                    7b:d9:99:a3:b1:ed:61:a5:fd:dc:4c:33:a0:68:73:5f:
                    be:96:e0:79:c5:ca:70:29:93:51:0d:63:37:c1:c9:71
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        99:2b:25:2a:61:3a:ad:77:42:92:ec:03:db:87:48:21:
        a9:86:67:80:3e:99:dd:13:d7:aa:53:10:01:4d:7d:03:
        2b:d0:8e:03:8b:b0:b7:38:0b:24:12:74:45:90:95:99:
        b6:d6:9d:e2:2d:ba:28:8f:59:57:1b:c1:44:97:a0:d8:
        30:d3:43:38:68:97:29:40:cf:24:61:29:6c:4d:6d:24:
        fe:73:1c:34:2d:be:0d:1c:8b:f3:6c:eb:0c:d7:d0:c6:
        5c:72:ca:41:74:30:59:94:9d:95:04:59:6a:fa:65:ca:
        f4:86:72:8a:a0:59:b6:31:25:ad:e8:2a:f0:d1:57:95
    Fingerprint (SHA-256):
        A5:97:EA:1F:13:1C:89:B0:76:A6:36:A7:F2:59:9D:81:92:15:A3:49:71:D0:2F:24:D3:F0:19:7B:46:EB:38:C1
    Fingerprint (SHA1):
        56:18:A9:C1:8A:81:01:7A:FC:AA:54:68:9F:6E:7F:3C:0F:11:CA:41
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=site.example,O=Foo,ST=CA,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA 2,O=Foo,ST=CA,C=US"
Certificate 3 Subject: "CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,S
    T=California,C=US"
Returned value is 0, expected result is pass
chains.sh: #8057: TrustAnchors: Verifying certificate(s)  NameConstraints.server11.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server12.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate4.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8058: TrustAnchors: Verifying certificate(s)  NameConstraints.server12.cert NameConstraints.intermediate4.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server13.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. CN=NSS Intermediate CA3,O=BOGUS NSS,L=Mountain View,ST=California,C=US [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #8059: TrustAnchors: Verifying certificate(s)  NameConstraints.server13.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server14.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate5.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate3.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 3. NameConstraints.ca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8060: TrustAnchors: Verifying certificate(s)  NameConstraints.server14.cert NameConstraints.intermediate5.cert NameConstraints.intermediate3.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server15.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8157: Certificate extension not found.
Returned value is 1, expected result is fail
chains.sh: #8061: TrustAnchors: Verifying certificate(s)  NameConstraints.server15.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server16.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 2. NameConstraints.ncca [Certificate Authority]:
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8062: TrustAnchors: Verifying certificate(s)  NameConstraints.server16.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.server17.cert /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.intermediate6.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View,
            ST=CA,C=US"
        Validity:
            Not Before: Sat Jan 04 01:22:59 2014
            Not After : Sat Nov 04 01:22:59 2023
        Subject: "CN=NSS Name Constrained Root CA,O=BOGUS NSS,L=Mountain View
            ,ST=CA,C=US"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e2:de:c4:e3:a7:09:e3:b3:85:70:e6:da:bc:af:24:28:
                    c0:ac:99:38:ae:ea:b9:32:a5:57:9d:1c:77:06:24:c4:
                    71:69:63:73:97:44:44:35:9f:e2:37:71:8d:bd:ef:04:
                    4d:cc:a0:31:0b:fc:db:6d:58:70:c9:28:61:38:f6:ba:
                    ca:1b:ee:0e:e1:b4:99:78:95:78:73:e2:67:21:6d:a9:
                    f2:4a:29:1c:61:0a:21:0c:d1:70:0d:38:fc:95:75:85:
                    49:e0:4b:e0:1b:69:96:8d:07:f9:ae:71:f3:cf:25:34:
                    a1:d2:63:bb:d0:25:96:0f:c2:a6:7f:c2:47:3d:ed:1b
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Name Constraints
            Permitted Subtree:
                DNS name: ".example"
                    Minimum: 0 (0x0)
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        84:54:cb:5c:0a:63:14:04:d9:6f:63:d6:22:89:45:91:
        33:d6:f3:66:c4:06:cc:5f:d0:91:9c:e8:66:58:c5:89:
        3f:10:68:ec:08:66:80:05:e2:f6:25:d9:15:18:f5:8a:
        9b:71:23:af:80:79:eb:a3:94:26:d7:60:50:4c:3b:df:
        46:70:2f:d4:51:6d:b9:e2:ac:57:28:2a:c5:c4:2d:1b:
        c8:cb:8d:43:6a:4e:a8:27:9d:4b:a9:9c:07:11:d2:4e:
        5e:98:db:ec:02:e2:74:a6:80:a9:bd:fb:03:e2:77:bd:
        df:23:0c:ba:2b:be:44:e6:20:6d:4e:fa:79:41:4e:34
    Fingerprint (SHA-256):
        63:EF:E9:FE:7D:06:80:C9:BF:27:95:BB:FB:0F:A5:92:23:5E:C7:AE:BC:7D:E1:39:BC:4A:B3:E3:47:5C:01:29
    Fingerprint (SHA1):
        56:B5:8D:10:3C:0D:28:DC:F1:80:FB:2E:C4:3C:85:8B:20:02:68:CA
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=test4.example,O=BOGUS NSS,L=Mountain View,ST=Calif
    ornia,C=US"
Certificate 2 Subject: "CN=NSS Intermediate CA6,O=OtherOrg,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #8063: TrustAnchors: Verifying certificate(s)  NameConstraints.server17.cert NameConstraints.intermediate6.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissblocked.cert 
Chain is bad!
PROBLEM WITH THE CERT CHAIN:
CERT 1. NameConstraints.dcisscopy [Certificate Authority]:
Email Address(es): igca@sgdn.pm.gouv.fr
  ERROR -8080: The Certifying Authority for this certificate is not permitted to issue a certificate with this name.
Returned value is 1, expected result is fail
chains.sh: #8064: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissblocked.cert with flags -d trustanchorsDB -pp       - PASSED
chains.sh: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp      
vfychain -d trustanchorsDB -pp -vv       /builddir/build/BUILD/nss-3.25.0/nss/tests/libpkix/certs/NameConstraints.dcissallowed.cert 
Chain is good!
Root Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 998899 (0xf3df3)
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,S
            T=France,C=FR"
        Validity:
            Not Before: Sun Feb 02 17:21:27 2014
            Not After : Fri Feb 02 17:21:27 2024
        Subject: "E=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,
            ST=France,C=FR"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    c0:e2:f3:2e:4e:9b:5e:f8:e5:17:d3:51:71:0f:9f:b7:
                    bb:4b:3d:e1:33:a6:f9:d1:ad:5a:31:ca:6d:ad:5b:ed:
                    19:5a:32:1d:a9:31:5b:83:ee:3b:19:83:92:b4:5c:0f:
                    1c:74:e5:f5:ef:22:a3:d8:22:a8:13:0e:18:37:26:54:
                    ab:ee:7a:d6:d5:4c:42:67:6c:81:fd:0c:46:7d:d8:d9:
                    b7:8d:b6:1c:76:13:10:06:aa:b3:18:74:2e:09:95:3a:
                    a1:a1:98:8c:ff:26:23:95:5d:87:a1:a8:6d:ea:8d:66:
                    de:ab:17:43:1c:3d:14:20:10:2f:c6:ff:c2:96:d3:ce:
                    5f:9f:0f:d4:88:1d:b5:d1:b1:f6:c0:ae:1f:0a:1c:bf:
                    b4:97:11:7f:6d:5b:a6:e3:f6:fc:db:bd:c1:3a:82:01:
                    5c:17:31:f5:28:35:fc:44:f0:2f:e3:08:f5:db:b3:10:
                    10:5e:73:7d:ef:79:9b:50:9c:f2:54:32:ea:17:59:73:
                    29:fe:d2:19:9e:d8:b7:23:b2:3e:f6:4f:e6:25:b3:f0:
                    e5:f3:19:32:ae:e8:a1:ed:33:f9:9c:bd:b8:47:49:26:
                    82:b4:92:53:66:da:41:e2:af:60:90:74:d3:07:95:6c:
                    65:79:25:15:95:9e:31:77:2e:e5:ff:ce:04:db:a9:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Type
            Data: <SSL CA,S/MIME CA,ObjectSigning CA>
            Name: Certificate Basic Constraints
            Data: Is a CA with no maximum path length.
            Name: Certificate Key Usage
            Usages: Certificate Signing
                    CRL Signing
    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        3f:c0:72:d5:d7:cb:fa:59:84:d5:df:5e:41:5d:8f:d9:
        c1:20:44:21:29:68:bd:e3:b0:d0:42:23:64:2a:82:6a:
        b2:0b:35:82:76:71:94:fe:ba:aa:ea:bc:94:81:0f:1f:
        f7:aa:81:9d:88:ea:9d:ab:4d:52:ae:fc:1e:a8:bc:43:
        2e:2d:9a:25:e8:5a:c0:53:ea:ea:e4:33:f1:fa:dc:4d:
        f0:1f:68:fa:6b:60:f3:75:a7:44:66:07:41:59:be:a3:
        a0:a1:aa:fc:39:b5:3b:b1:47:f4:9a:71:bf:ff:6e:c4:
        9b:b7:e7:8f:fc:ef:ea:98:bc:f7:07:73:8f:d8:08:04:
        82:f3:16:30:3a:a2:57:12:4b:7c:41:b6:94:96:fa:8c:
        5c:8f:64:21:21:fd:36:cb:e9:4e:98:88:7c:99:6c:4e:
        bc:1c:77:73:a3:ed:86:47:fb:e8:5c:5f:59:92:bf:d2:
        18:95:35:d6:f5:e8:7e:0e:71:3e:fa:21:1f:11:8a:a1:
        f0:f4:e7:e1:2d:c2:49:cb:c2:ab:56:b8:87:b2:1d:6d:
        b5:74:65:7e:13:cb:c8:07:f6:ee:b7:d0:cc:b8:40:db:
        9b:65:c9:c0:f5:62:90:62:61:7a:5a:c7:73:ca:e1:65:
        2a:43:6b:62:0b:10:ad:20:29:a3:4f:73:9f:a0:7a:5b
    Fingerprint (SHA-256):
        C1:CB:93:FA:F9:26:39:68:57:0E:02:E7:5A:65:20:37:9F:F4:72:57:F1:C5:A8:08:72:6A:F0:4D:59:40:D9:6C
    Fingerprint (SHA1):
        48:FA:DF:4D:92:76:B9:29:EC:A0:EC:31:53:A9:1C:B9:C0:C1:E6:55
    Certificate Trust Flags:
        SSL Flags:
            Valid CA
            Trusted CA
            Trusted Client CA
        Email Flags:
            Valid CA
            Trusted CA
        Object Signing Flags:
            Valid CA
            Trusted CA
Certificate 1 Subject: "CN=foo.example.fr,O=Foo,ST=CA,C=US"
Returned value is 0, expected result is pass
chains.sh: #8065: TrustAnchors: Verifying certificate(s)  NameConstraints.dcissallowed.cert with flags -d trustanchorsDB -pp       - PASSED
trying to kill httpserv with PID 31850 at Tue Jun 28 19:07:00 UTC 2016
kill -USR1 31850
httpserv: normal termination
httpserv -b -p 9668 2>/dev/null;
httpserv with PID 31850 killed at Tue Jun 28 19:07:00 UTC 2016
TIMESTAMP chains END: Tue Jun 28 19:07:00 UTC 2016
Running tests for ec
TIMESTAMP ec BEGIN: Tue Jun 28 19:07:00 UTC 2016
Running ec tests for ecperf
TIMESTAMP ecperf BEGIN: Tue Jun 28 19:07:00 UTC 2016
ecperf.sh: ecperf test ===============================
./ecperf.sh: line 44: ecperf: command not found
ecperf.sh: #8066: ec(perf) test - PASSED
chmod: missing operand after 'a+rw'
Try 'chmod --help' for more information.
TIMESTAMP ecperf END: Tue Jun 28 19:07:00 UTC 2016
TIMESTAMP ec END: Tue Jun 28 19:07:00 UTC 2016
Running tests for gtests
TIMESTAMP gtests BEGIN: Tue Jun 28 19:07:00 UTC 2016
gtests: der_gtest pk11_gtest util_gtest
gtests.sh: der_gtest ===============================
[==========] Running 11 tests from 1 test case.
[----------] Global test environment set-up.
[----------] 11 tests from DERIntegerDecodingTest
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus126
[       OK ] DERIntegerDecodingTest.DecodeLongMinus126 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong130
[       OK ] DERIntegerDecodingTest.DecodeLong130 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong0
[       OK ] DERIntegerDecodingTest.DecodeLong0 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLong1
[       OK ] DERIntegerDecodingTest.DecodeLong1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMax
[       OK ] DERIntegerDecodingTest.DecodeLongMax (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMin
[       OK ] DERIntegerDecodingTest.DecodeLongMin (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinPlus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMinMinus1
[       OK ] DERIntegerDecodingTest.DecodeLongMinMinus1 (0 ms)
[ RUN      ] DERIntegerDecodingTest.DecodeLongMaxPlus1
[       OK ] DERIntegerDecodingTest.DecodeLongMaxPlus1 (0 ms)
[----------] 11 tests from DERIntegerDecodingTest (0 ms total)
[----------] Global test environment tear-down
[==========] 11 tests from 1 test case ran. (0 ms total)
[  PASSED  ] 11 tests.
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/der_gtest/report.xml
gtests.sh: #8067: der_gtest run successfully  - PASSED
gtests.sh: pk11_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/pk11_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/pk11_gtest/report.xml
gtests.sh: #8079: pk11_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/pk11_gtest/report.xml: No such file or directory
gtests.sh: util_gtest ===============================
./gtests.sh: line 52: /builddir/build/BUILD/nss-3.25.0/dist/Linux4.4_arm_cc_glibc_PTH_OPT.OBJ/bin/util_gtest: No such file or directory
test output dir: /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/util_gtest/report.xml
gtests.sh: #8080: util_gtest run successfully  - PASSED
sed: can't read /builddir/build/BUILD/nss-3.25.0/tests_results/security/localhost.1/sharedb/util_gtest/report.xml: No such file or directory
TIMESTAMP gtests END: Tue Jun 28 19:07:01 UTC 2016
Running tests for ssl_gtests
TIMESTAMP ssl_gtests BEGIN: Tue Jun 28 19:07:01 UTC 2016
ssl_gtest.sh: SSL Gtests ===============================
ssl_gtest.sh: #8081: create ssl_gtest database  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8082: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8083: create certificate: sign kex - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8084: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8085: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8086: create certificate: sign  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8087: create certificate: kex  - PASSED
Generating key.  This may take a few moments...
		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > 		0 - Digital Signature
		1 - Non-repudiation
		2 - Key encipherment
		3 - Data encipherment
		4 - Key agreement
		5 - Cert signing key
		6 - CRL signing key
		Other to finish
 > Is this a critical extension [y/N]?
Is this a CA certificate [y/N]?
Enter the path length constraint, enter to skip [<0 for unlimited path]: > Is this a critical extension [y/N]?
ssl_gtest.sh: #8088: create certificate: sign  - PASSED
ssl_gtest.sh: #8089: Skipping ssl_gtest (not built) - UNKNOWN
TIMESTAMP ssl_gtests END: Tue Jun 28 19:07:12 UTC 2016
SUMMARY:
========
NSS variables:
--------------
HOST=localhost
DOMSUF=localdomain
BUILD_OPT=1
USE_X32=
USE_64=
NSS_CYCLES=""
NSS_TESTS="libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains ec gtests ssl_gtests"
NSS_SSL_TESTS="crl bypass_normal normal_bypass fips_normal normal_fips iopr policy"
NSS_SSL_RUN="cov auth stapling stress"
NSS_AIA_PATH=
NSS_AIA_HTTP=
NSS_AIA_OCSP=
IOPR_HOSTADDR_LIST=
PKITS_DATA=
Tests summary:
--------------
Passed:             8085
Failed:             0
Failed with core:   0
Unknown status:     4
TinderboxPrint:Unknown: 4
+ popd
~/build/BUILD/nss-3.25.0
+ killall selfserv_9658
selfserv_9658: no process found
+ :
+ '[' x == x ']'
++ grep -c FAILED ./tests_results/security/localhost.1/output.log
+ TEST_FAILURES=0
+ GREP_EXIT_STATUS=1
okay: test suite detected no failures
test suite completed
+ '[' 1 -eq 1 ']'
+ echo 'okay: test suite detected no failures'
+ echo 'test suite completed'
+ exit 0
Processing files: nss-3.25.0-4.fc25.armv7hl
Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.Blomv5
+ umask 022
+ cd /builddir/build/BUILD
+ cd nss-3.25.0
+ LICENSEDIR=/builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/licenses/nss
+ export LICENSEDIR
+ /usr/bin/mkdir -p /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/licenses/nss
+ cp -pr nss/COPYING /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm/usr/share/licenses/nss
+ exit 0
Provides: config(nss) = 3.25.0-4.fc25 libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.10.2) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.1) libnss3.so(NSS_3.11.2) libnss3.so(NSS_3.11.7) libnss3.so(NSS_3.11.9) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.1) libnss3.so(NSS_3.12.10) libnss3.so(NSS_3.12.3) libnss3.so(NSS_3.12.4) libnss3.so(NSS_3.12.5) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.12.7) libnss3.so(NSS_3.12.9) libnss3.so(NSS_3.13) libnss3.so(NSS_3.13.2) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.1) libnss3.so(NSS_3.14.3) libnss3.so(NSS_3.15) libnss3.so(NSS_3.15.4) libnss3.so(NSS_3.16.1) libnss3.so(NSS_3.16.2) libnss3.so(NSS_3.18) libnss3.so(NSS_3.19) libnss3.so(NSS_3.19.1) libnss3.so(NSS_3.2) libnss3.so(NSS_3.2.1) libnss3.so(NSS_3.21) libnss3.so(NSS_3.22) libnss3.so(NSS_3.3) libnss3.so(NSS_3.3.1) libnss3.so(NSS_3.4) libnss3.so(NSS_3.5) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.7.1) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnss3.so(NSS_3.9.2) libnss3.so(NSS_3.9.3) libnssckbi.so libnssckbi.so(NSS_3.1) libsmime3.so libsmime3.so(NSS_3.10) libsmime3.so(NSS_3.12.10) libsmime3.so(NSS_3.12.2) libsmime3.so(NSS_3.13) libsmime3.so(NSS_3.15) libsmime3.so(NSS_3.16) libsmime3.so(NSS_3.18) libsmime3.so(NSS_3.2) libsmime3.so(NSS_3.2.1) libsmime3.so(NSS_3.3) libsmime3.so(NSS_3.4) libsmime3.so(NSS_3.4.1) libsmime3.so(NSS_3.6) libsmime3.so(NSS_3.7) libsmime3.so(NSS_3.7.2) libsmime3.so(NSS_3.8) libsmime3.so(NSS_3.9) libsmime3.so(NSS_3.9.3) libssl3.so libssl3.so(NSS_3.11.4) libssl3.so(NSS_3.11.8) libssl3.so(NSS_3.12.10) libssl3.so(NSS_3.12.6) libssl3.so(NSS_3.13) libssl3.so(NSS_3.13.2) libssl3.so(NSS_3.14) libssl3.so(NSS_3.15) libssl3.so(NSS_3.15.4) libssl3.so(NSS_3.2) libssl3.so(NSS_3.2.1) libssl3.so(NSS_3.20) libssl3.so(NSS_3.21) libssl3.so(NSS_3.22) libssl3.so(NSS_3.23) libssl3.so(NSS_3.24) libssl3.so(NSS_3.4) libssl3.so(NSS_3.7.4) nss = 3.25.0-4.fc25 nss(armv7hl-32) = 3.25.0-4.fc25
Requires(interp): /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): /bin/sh /usr/sbin/update-alternatives
Requires(postun): /bin/sh /usr/sbin/update-alternatives
Requires: ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.1) libnss3.so(NSS_3.11.2) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.3) libnss3.so(NSS_3.15) libnss3.so(NSS_3.19.1) libnss3.so(NSS_3.2) libnss3.so(NSS_3.21) libnss3.so(NSS_3.3) libnss3.so(NSS_3.3.1) libnss3.so(NSS_3.4) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.12.3) libnssutil3.so(NSSUTIL_3.12.5) libnssutil3.so(NSSUTIL_3.13) libnssutil3.so(NSSUTIL_3.14) libnssutil3.so(NSSUTIL_3.15) libnssutil3.so(NSSUTIL_3.17.1) libnssutil3.so(NSSUTIL_3.21) libnssutil3.so(NSSUTIL_3.24) libplc4.so libplds4.so libpthread.so.0 libpthread.so.0(GLIBC_2.4) libz.so.1 rtld(GNU_HASH)
Processing files: nss-tools-3.25.0-4.fc25.armv7hl
Provides: nss-tools = 3.25.0-4.fc25 nss-tools(armv7hl-32) = 3.25.0-4.fc25
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnss3.so libnss3.so(NSS_3.10) libnss3.so(NSS_3.11) libnss3.so(NSS_3.11.7) libnss3.so(NSS_3.12) libnss3.so(NSS_3.12.1) libnss3.so(NSS_3.12.3) libnss3.so(NSS_3.12.6) libnss3.so(NSS_3.12.9) libnss3.so(NSS_3.13) libnss3.so(NSS_3.14) libnss3.so(NSS_3.14.1) libnss3.so(NSS_3.15) libnss3.so(NSS_3.16.1) libnss3.so(NSS_3.16.2) libnss3.so(NSS_3.18) libnss3.so(NSS_3.2) libnss3.so(NSS_3.3) libnss3.so(NSS_3.4) libnss3.so(NSS_3.5) libnss3.so(NSS_3.6) libnss3.so(NSS_3.7) libnss3.so(NSS_3.8) libnss3.so(NSS_3.9) libnss3.so(NSS_3.9.2) libnss3.so(NSS_3.9.3) libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.12.7) libnssutil3.so(NSSUTIL_3.15) libplc4.so libplds4.so libpthread.so.0 libpthread.so.0(GLIBC_2.4) libsmime3.so libsmime3.so(NSS_3.10) libsmime3.so(NSS_3.2) libsmime3.so(NSS_3.3) libsmime3.so(NSS_3.4) libsmime3.so(NSS_3.6) libsmime3.so(NSS_3.9.3) libsoftokn3.so libssl3.so libssl3.so(NSS_3.11.8) libssl3.so(NSS_3.12.6) libssl3.so(NSS_3.13.2) libssl3.so(NSS_3.14) libssl3.so(NSS_3.15) libssl3.so(NSS_3.15.4) libssl3.so(NSS_3.2) libssl3.so(NSS_3.20) libssl3.so(NSS_3.22) libssl3.so(NSS_3.24) libssl3.so(NSS_3.4) libssl3.so(NSS_3.7.4) libz.so.1 rtld(GNU_HASH)
Processing files: nss-sysinit-3.25.0-4.fc25.armv7hl
Provides: libnsssysinit.so nss-sysinit = 3.25.0-4.fc25 nss-sysinit(armv7hl-32) = 3.25.0-4.fc25 nss-system-init
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): coreutils sed
Requires: /bin/sh ld-linux-armhf.so.3 ld-linux-armhf.so.3(GLIBC_2.4) libc.so.6 libc.so.6(GLIBC_2.4) libdl.so.2 libgcc_s.so.1 libgcc_s.so.1(GCC_3.5) libnspr4.so libnssutil3.so libnssutil3.so(NSSUTIL_3.12) libnssutil3.so(NSSUTIL_3.14) libplc4.so libplds4.so libpthread.so.0 rtld(GNU_HASH)
Processing files: nss-devel-3.25.0-4.fc25.armv7hl
Provides: nss-devel = 3.25.0-4.fc25 nss-devel(armv7hl-32) = 3.25.0-4.fc25 nss-static = 3.25.0-4.fc25 pkgconfig(nss) = 3.25.0
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: /bin/sh /usr/bin/pkg-config pkgconfig(nspr) >= 4.12.0 pkgconfig(nss-util) >= 3.25.0
Processing files: nss-pkcs11-devel-3.25.0-4.fc25.armv7hl
Provides: nss-pkcs11-devel = 3.25.0-4.fc25 nss-pkcs11-devel(armv7hl-32) = 3.25.0-4.fc25 nss-pkcs11-devel-static = 3.25.0-4.fc25
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Processing files: nss-debuginfo-3.25.0-4.fc25.armv7hl
Provides: nss-debuginfo = 3.25.0-4.fc25 nss-debuginfo(armv7hl-32) = 3.25.0-4.fc25
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
warning: Could not canonicalize hostname: arm02-builder09.arm.fedoraproject.org
Wrote: /builddir/build/RPMS/nss-3.25.0-4.fc25.armv7hl.rpm
Wrote: /builddir/build/RPMS/nss-tools-3.25.0-4.fc25.armv7hl.rpm
Wrote: /builddir/build/RPMS/nss-sysinit-3.25.0-4.fc25.armv7hl.rpm
Wrote: /builddir/build/RPMS/nss-devel-3.25.0-4.fc25.armv7hl.rpm
Wrote: /builddir/build/RPMS/nss-pkcs11-devel-3.25.0-4.fc25.armv7hl.rpm
Wrote: /builddir/build/RPMS/nss-debuginfo-3.25.0-4.fc25.armv7hl.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.v3qjTY
+ umask 022
+ cd /builddir/build/BUILD
+ cd nss-3.25.0
+ /usr/bin/rm -rf /builddir/build/BUILDROOT/nss-3.25.0-4.fc25.arm
+ exit 0
Child return code was: 0