changeset 31501:12676cfd4a1e

propagate from branch 'im.pidgin.pidgin' (head 726c5220207c01e8799797c7d6d4455d23159281) to branch 'im.pidgin.pidgin.mxit' (head 02bbb3e7ba9e029ba05484caae8c91a948bb0b35)
author andrew.victor@mxit.com
date Mon, 11 Apr 2011 18:27:03 +0000
parents 80bbed4cb649 (current diff) ba00769a1493 (diff)
children 516435ac46a7
files ChangeLog
diffstat 17 files changed, 175 insertions(+), 28 deletions(-) [+]
line wrap: on
line diff
--- a/COPYRIGHT	Fri Apr 01 13:50:10 2011 +0000
+++ b/COPYRIGHT	Mon Apr 11 18:27:03 2011 +0000
@@ -576,6 +576,7 @@
 Stephen Whitmore
 Simon Wilkinson
 Dan Willemsen
+Dan Williams
 Justin Williams (Jaywalker)
 Jason Willis
 Alex Willmer
--- a/ChangeLog	Fri Apr 01 13:50:10 2011 +0000
+++ b/ChangeLog	Mon Apr 11 18:27:03 2011 +0000
@@ -4,6 +4,8 @@
 	General:
 	* Implement simple silence suppression for voice calls, preventing wasted
 	  bandwidth for silent periods during a call. (Jakub Adam) (half of #13180)
+	* Added the DigiCert High Assurance CA-3 intermediate CA, needed for
+	  validation of the Facebook XMPP interface's certificate.
 
 	Pidgin:
 	* Duplicate code cleanup.  (Gabriel Schulhof) (#10599)
@@ -21,6 +23,10 @@
 	* Fix purple-url-handler being unable to find an account.
 	* media: Allow adding/removing streams on the fly. (Jakub Adam) (half of
 	  #13535)
+	* Support new connection states in NetworkManager 0.9. (Dan Williams)
+	  (#13505)
+	* When removing a buddy, delete the pounces associated with it.
+	  (Kartik Mohta) (#1131)
 
 	Gadu-Gadu:
 	* Allow showing your status only to buddies. (Mateusz Piękos) (#13358)
@@ -30,8 +36,11 @@
 	  images. (Tomasz Wasilczyk) (#13554)
 	* Fix sending inline images to remote users, don't crash when
 	  trying to send large (> 256kB) images. (Tomasz Wasilczyk) (#13580)
-	* Support incoming typing notifications. (Jan Zachorowski) (#13362)
+	* Support typing notifications. (Jan Zachorowski, Tomasz Wasilczyk,
+	  Krzysztof Klinikowski) (#13362, #13590)
 	* Require libgadu 1.10.1 to avoid using internal libgadu.
+	* SSL connection support for GNUTLS users (not on Windows yet!).
+	  (Tomasz Wasilczyk) (#13613)
 
 	ICQ:
 	* Fix unsetting your mood when "None" is selected.  (Dustin Gathmann)
@@ -42,12 +51,12 @@
 	  an ICQ account's settings by using a comma-delimited list.  (Dmitry
 	  Utkin (#13496)
 
-	MXit:
-	* Support for an Invite Message when adding a buddy.
-	* Fix bug when splitting a long messages with lots of links.
-	* Fix detection of new kick message from a MultiMX room.
-	* Fix crash caused by fast-queue timer not being removed on session
-	  close. (broken in 2.7.11)
+	IRC:
+	* Add "authserv" service command.  (tomos) (#13337)
+
+	XMPP:
+	* Remember the previously entered user directory when searching.
+	  (Keith Moyer) (#12451)
 
 	Plugins:
 	* The Voice/Video Settings plugin now includes the ability to test
--- a/ChangeLog.API	Fri Apr 01 13:50:10 2011 +0000
+++ b/ChangeLog.API	Mon Apr 11 18:27:03 2011 +0000
@@ -13,6 +13,7 @@
 		* purple_media_get_active_remote_candidates
 		* purple_media_manager_get_video_caps (Jakub Adam) (#13095)
 		* purple_media_manager_set_video_caps (Jakub Adam) (#13095)
+		* purple_pounce_destroy_all_by_buddy (Kartik Mohta) (#1131)
 		* Added add_buddy_with_invite to PurplePluginProtocolInfo
 		* Added add_buddies_with_invite to PurplePluginProtocolInfo
 		* Added PurpleSrvTxtQueryUiOps which allow UIs to specify their
--- a/libpurple/blist.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/blist.c	Mon Apr 11 18:27:03 2011 +0000
@@ -28,6 +28,7 @@
 #include "dbus-maybe.h"
 #include "debug.h"
 #include "notify.h"
+#include "pounce.h"
 #include "prefs.h"
 #include "privacy.h"
 #include "prpl.h"
@@ -2184,6 +2185,9 @@
 	if (ops && ops->remove_node)
 		ops->remove_node(node);
 
+	/* Remove this buddy's pounces */
+	purple_pounce_destroy_all_by_buddy(buddy);
+
 	/* Signal that the buddy has been removed before freeing the memory for it */
 	purple_signal_emit(purple_blist_get_handle(), "buddy-removed", buddy);
 
--- a/libpurple/network.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/network.c	Mon Apr 11 18:27:03 2011 +0000
@@ -71,6 +71,10 @@
 #include <dbus/dbus-glib.h>
 #include <NetworkManager.h>
 
+#if !defined(NM_CHECK_VERSION)
+#define NM_CHECK_VERSION(x,y,z) 0
+#endif
+
 static DBusGConnection *nm_conn = NULL;
 static DBusGProxy *nm_proxy = NULL;
 static DBusGProxy *dbus_proxy = NULL;
@@ -863,7 +867,13 @@
 
 	switch(state)
 	{
+#if NM_CHECK_VERSION(0,8,992)
+		case NM_STATE_CONNECTED_LOCAL:
+		case NM_STATE_CONNECTED_SITE:
+		case NM_STATE_CONNECTED_GLOBAL:
+#else
 		case NM_STATE_CONNECTED:
+#endif
 			/* Call res_init in case DNS servers have changed */
 			res_init();
 			/* update STUN IP in case we it changed (theoretically we could
@@ -880,6 +890,9 @@
 		case NM_STATE_ASLEEP:
 		case NM_STATE_CONNECTING:
 		case NM_STATE_DISCONNECTED:
+#if NM_CHECK_VERSION(0,8,992)
+		case NM_STATE_DISCONNECTING:
+#endif
 			if (prev != NM_STATE_CONNECTED && prev != NM_STATE_UNKNOWN)
 				break;
 			if (ui_ops != NULL && ui_ops->network_disconnected != NULL)
--- a/libpurple/pounce.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/pounce.c	Mon Apr 11 18:27:03 2011 +0000
@@ -695,6 +695,31 @@
 }
 
 void
+purple_pounce_destroy_all_by_buddy(PurpleBuddy *buddy)
+{
+	const char *pouncee, *bname;
+	PurpleAccount *pouncer, *bacct;
+	PurplePounce *pounce;
+	GList *l, *l_next;
+
+	g_return_if_fail(buddy != NULL);
+
+	bacct = purple_buddy_get_account(buddy);
+	bname = purple_buddy_get_name(buddy);
+
+	for (l = purple_pounces_get_all(); l != NULL; l = l_next) {
+		pounce = (PurplePounce *)l->data;
+		l_next = l->next;
+
+		pouncer = purple_pounce_get_pouncer(pounce);
+		pouncee = purple_pounce_get_pouncee(pounce);
+
+		if ( (pouncer == bacct) && (strcmp(pouncee, bname) == 0) )
+			purple_pounce_destroy(pounce);
+	}
+}
+
+void
 purple_pounce_set_events(PurplePounce *pounce, PurplePounceEvent events)
 {
 	g_return_if_fail(pounce != NULL);
--- a/libpurple/pounce.h	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/pounce.h	Mon Apr 11 18:27:03 2011 +0000
@@ -123,6 +123,15 @@
 void purple_pounce_destroy_all_by_account(PurpleAccount *account);
 
 /**
+ * Destroys all buddy pounces for a buddy
+ *
+ * @param buddy The buddy whose pounces are to be removed
+ *
+ * @since 2.8.0
+ */
+void purple_pounce_destroy_all_by_buddy(PurpleBuddy *buddy);
+
+/**
  * Sets the events a pounce should watch for.
  *
  * @param pounce The buddy pounce.
--- a/libpurple/protocols/gg/Makefile.am	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/gg/Makefile.am	Mon Apr 11 18:27:03 2011 +0000
@@ -56,7 +56,13 @@
 	lib/session.h \
 	lib/sha1.c
 
-INTGG_CFLAGS = -I$(top_srcdir)/libpurple/protocols/gg/lib -DGG_IGNORE_DEPRECATED
+INTGG_CFLAGS = -I$(top_srcdir)/libpurple/protocols/gg/lib -DGG_IGNORE_DEPRECATED -DUSE_INTERNAL_LIBGADU
+
+if USE_GNUTLS
+INTGG_CFLAGS += -DUSE_GNUTLS
+GADU_LIBS += $(GNUTLS_LIBS)
+endif
+
 endif
 
 GGSOURCES = \
--- a/libpurple/protocols/gg/gg.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/gg/gg.c	Mon Apr 11 18:27:03 2011 +0000
@@ -1610,7 +1610,7 @@
     if (length)
 	serv_got_typing(gc, from, 0, PURPLE_TYPING);
     else
-	serv_got_typing(gc, from, 0, PURPLE_NOT_TYPING);
+	serv_got_typing_stopped(gc, from);
     g_free(from);
 }
 
@@ -2041,7 +2041,12 @@
 
 	glp->async = 1;
 	glp->status = ggp_to_gg_status(status, &glp->status_descr);
+#if defined(USE_GNUTLS) || !defined(USE_INTERNAL_LIBGADU)
+	glp->tls = 1;
+#else
 	glp->tls = 0;
+#endif
+	purple_debug_info("gg", "TLS enabled: %d\n", glp->tls);
 
 	if (!info->status_broadcasting)
 		glp->status = glp->status|GG_STATUS_FRIENDS_MASK;
@@ -2241,6 +2246,26 @@
 	return ret;
 }
 
+static unsigned int ggp_send_typing(PurpleConnection *gc, const char *name, PurpleTypingState state)
+{
+	int dummy_length; // we don't send real length of typed message
+	
+	if (state == PURPLE_TYPED) // not supported
+		return 1;
+	
+	if (state == PURPLE_TYPING)
+		dummy_length = (int)g_random_int();
+	else // PURPLE_NOT_TYPING
+		dummy_length = 0;
+	
+	gg_typing_notification(
+		((GGPInfo*)gc->proto_data)->session,
+		ggp_str_to_uin(name),
+		dummy_length); 
+	
+	return 1; // wait 1 second before another notification
+}
+
 static void ggp_get_info(PurpleConnection *gc, const char *name)
 {
 	GGPInfo *info = gc->proto_data;
@@ -2546,7 +2571,7 @@
 	ggp_close,			/* close */
 	ggp_send_im,			/* send_im */
 	NULL,				/* set_info */
-	NULL,				/* send_typing */
+	ggp_send_typing,		/* send_typing */
 	ggp_get_info,			/* get_info */
 	ggp_set_status,			/* set_away */
 	NULL,				/* set_idle */
--- a/libpurple/protocols/gg/lib/libgadu.h	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/gg/lib/libgadu.h	Mon Apr 11 18:27:03 2011 +0000
@@ -72,7 +72,11 @@
 #undef GG_CONFIG_HAVE_LONG_LONG
 
 /* Defined if libgadu was compiled and linked with GnuTLS support. */
-#undef GG_CONFIG_HAVE_GNUTLS
+#ifdef USE_GNUTLS
+#	define GG_CONFIG_HAVE_GNUTLS
+#else
+#	undef GG_CONFIG_HAVE_GNUTLS
+#endif
 
 /* Defined if libgadu was compiled and linked with OpenSSL support. */
 #undef GG_CONFIG_HAVE_OPENSSL
--- a/libpurple/protocols/irc/irc.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/irc/irc.c	Mon Apr 11 18:27:03 2011 +0000
@@ -403,8 +403,7 @@
 
 static gboolean do_login(PurpleConnection *gc) {
 	char *buf, *tmp = NULL;
-	char *hostname, *server;
-	const char *hosttmp;
+	char *server;
 	const char *username, *realname;
 	struct irc_conn *irc = gc->proto_data;
 	const char *pass = purple_connection_get_password(gc);
@@ -432,17 +431,6 @@
 		}
 	}
 
-	hosttmp = purple_get_host_name();
-	if (*hosttmp == ':') {
-		/* This is either an IPv6 address, or something which
-		 * doesn't belong here.  Either way, we need to escape
-		 * it. */
-		hostname = g_strdup_printf("0%s", hosttmp);
-	} else {
-		/* Ugly, I know. */
-		hostname = g_strdup(hosttmp);
-	}
-
 	if (*irc->server == ':') {
 		/* Same as hostname, above. */
 		server = g_strdup_printf("0%s", irc->server);
@@ -450,10 +438,9 @@
 		server = g_strdup(irc->server);
 	}
 
-	buf = irc_format(irc, "vvvv:", "USER", tmp ? tmp : username, hostname, server,
+	buf = irc_format(irc, "vvvv:", "USER", tmp ? tmp : username, "*", server,
 	                 strlen(realname) ? realname : IRC_DEFAULT_ALIAS);
 	g_free(tmp);
-	g_free(hostname);
 	g_free(server);
 	if (irc_send(irc, buf) < 0) {
 		g_free(buf);
--- a/libpurple/protocols/irc/parse.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/irc/parse.c	Mon Apr 11 18:27:03 2011 +0000
@@ -125,6 +125,7 @@
 	char *help;
 } _irc_cmds[] = {
 	{ "action", ":", irc_cmd_ctcp_action, N_("action &lt;action to perform&gt;:  Perform an action.") },
+	{ "authserv", ":", irc_cmd_service, N_("authserv: Send a command to authserv") },
 	{ "away", ":", irc_cmd_away, N_("away [message]:  Set an away message, or use no message to return from being away.") },
 	{ "ctcp", "t:", irc_cmd_ctcp, N_("ctcp <nick> <msg>: sends ctcp msg to nick.") },
 	{ "chanserv", ":", irc_cmd_service, N_("chanserv: Send a command to chanserv") },
--- a/libpurple/protocols/jabber/buddy.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/jabber/buddy.c	Mon Apr 11 18:27:03 2011 +0000
@@ -2229,6 +2229,16 @@
 		return;
 	}
 
+	/* If the value provided isn't the disco#info default, persist it.  Otherwise,
+	   make sure we aren't persisting an old value */
+	if(js->user_directories && js->user_directories->data &&
+	   !strcmp(directory, js->user_directories->data)) {
+		purple_account_set_string(js->gc->account, "user_directory", "");
+	}
+	else {
+		purple_account_set_string(js->gc->account, "user_directory", directory);
+	}
+
 	iq = jabber_iq_new_query(js, JABBER_IQ_GET, "jabber:iq:search");
 	xmlnode_set_attrib(iq->node, "to", directory);
 
@@ -2241,10 +2251,13 @@
 {
 	PurpleConnection *gc = (PurpleConnection *) action->context;
 	JabberStream *js = purple_connection_get_protocol_data(gc);
+	const char *def_val = purple_account_get_string(js->gc->account, "user_directory", "");
+	if(!*def_val && js->user_directories)
+		def_val = js->user_directories->data;
 
 	purple_request_input(gc, _("Enter a User Directory"), _("Enter a User Directory"),
 			_("Select a user directory to search"),
-			js->user_directories ? js->user_directories->data : NULL,
+			def_val,
 			FALSE, FALSE, NULL,
 			_("Search Directory"), PURPLE_CALLBACK(jabber_user_search),
 			_("Cancel"), NULL,
--- a/libpurple/protocols/jabber/si.c	Fri Apr 01 13:50:10 2011 +0000
+++ b/libpurple/protocols/jabber/si.c	Mon Apr 11 18:27:03 2011 +0000
@@ -1683,6 +1683,7 @@
 	PurpleXfer *xfer;
 	xmlnode *file, *feature, *x, *field, *option, *value, *thumbnail;
 	const char *stream_id, *filename, *filesize_c, *profile;
+	guint64 filesize_64 = 0;
 	size_t filesize = 0;
 
 	if(!(profile = xmlnode_get_attrib(si, "profile")) ||
@@ -1699,7 +1700,17 @@
 		return;
 
 	if((filesize_c = xmlnode_get_attrib(file, "size")))
-		filesize = strtoul(filesize_c, NULL, 10);
+		filesize_64 = g_ascii_strtoull(filesize_c, NULL, 10);
+	/* TODO 3.0.0: When the core uses a guint64, this is redundant.
+	 * See #8477.
+	 */
+	if (filesize_64 > G_MAXSIZE) {
+		/* Should this pop up a warning? */
+		purple_debug_warning("jabber", "Unable to transfer file (too large)"
+		                     " -- see #8477 for more details.");
+		return;
+	}
+	filesize = filesize_64;
 
 	if(!(feature = xmlnode_get_child(si, "feature")))
 		return;
--- a/pidgin/win32/nsis/pidgin-installer.nsi	Fri Apr 01 13:50:10 2011 +0000
+++ b/pidgin/win32/nsis/pidgin-installer.nsi	Mon Apr 11 18:27:03 2011 +0000
@@ -536,6 +536,7 @@
     Delete "$INSTDIR\ca-certs\CAcert_Class3.pem"
     Delete "$INSTDIR\ca-certs\CAcert_Root.pem"
     Delete "$INSTDIR\ca-certs\Deutsche_Telekom_Root_CA_2.pem"
+    Delete "$INSTDIR\ca-certs\DigiCertHighAssuranceCA-3.pem"
     Delete "$INSTDIR\ca-certs\Entrust.net_Secure_Server_CA.pem"
     Delete "$INSTDIR\ca-certs\Equifax_Secure_CA.pem"
     Delete "$INSTDIR\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/share/ca-certs/DigiCertHighAssuranceCA-3.pem	Mon Apr 11 18:27:03 2011 +0000
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGVTCCBT2gAwIBAgIQCFH5WYFBRcq94CTiEsnCDjANBgkqhkiG9w0BAQUFADBs
+MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
+ZSBFViBSb290IENBMB4XDTA3MDQwMzAwMDAwMFoXDTIyMDQwMzAwMDAwMFowZjEL
+MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
+LmRpZ2ljZXJ0LmNvbTElMCMGA1UEAxMcRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug
+Q0EtMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9hCikQH17+NDdR
+CPge+yLtYb4LDXBMUGMmdRW5QYiXtvCgFbsIYOBC6AUpEIc2iihlqO8xB3RtNpcv
+KEZmBMcqeSZ6mdWOw21PoF6tvD2Rwll7XjZswFPPAAgyPhBkWBATaccM7pxCUQD5
+BUTuJM56H+2MEb0SqPMV9Bx6MWkBG6fmXcCabH4JnudSREoQOiPkm7YDr6ictFuf
+1EutkozOtREqqjcYjbTCuNhcBoz4/yO9NV7UfD5+gw6RlgWYw7If48hl66l7XaAs
+zPw82W3tzPpLQ4zJ1LilYRyyQLYoEt+5+F/+07LJ7z20Hkt8HEyZNp496+ynaF4d
+32duXvsCAwEAAaOCAvcwggLzMA4GA1UdDwEB/wQEAwIBhjCCAcYGA1UdIASCAb0w
+ggG5MIIBtQYLYIZIAYb9bAEDAAIwggGkMDoGCCsGAQUFBwIBFi5odHRwOi8vd3d3
+LmRpZ2ljZXJ0LmNvbS9zc2wtY3BzLXJlcG9zaXRvcnkuaHRtMIIBZAYIKwYBBQUH
+AgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAAdABoAGkAcwAgAEMAZQBy
+AHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQAdQB0AGUAcwAgAGEAYwBj
+AGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQAaQBnAGkAQwBlAHIAdAAg
+AEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIAZQBsAHkAaQBuAGcAIABQ
+AGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcAaABpAGMAaAAgAGwAaQBt
+AGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQAIABhAHIAZQAgAGkAbgBj
+AG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4AIABiAHkAIAByAGUAZgBl
+AHIAZQBuAGMAZQAuMA8GA1UdEwEB/wQFMAMBAf8wNAYIKwYBBQUHAQEEKDAmMCQG
+CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wgY8GA1UdHwSBhzCB
+hDBAoD6gPIY6aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFz
+c3VyYW5jZUVWUm9vdENBLmNybDBAoD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQu
+Y29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDAfBgNVHSMEGDAW
+gBSxPsNpA/i/RwHUmCYaCALvY2QrwzAdBgNVHQ4EFgQUUOpzidsp+xCPnuUBINTe
+eZlIg/cwDQYJKoZIhvcNAQEFBQADggEBAF1PhPGoiNOjsrycbeUpSXfh59bcqdg1
+rslx3OXb3J0kIZCmz7cBHJvUV5eR13UWpRLXuT0uiT05aYrWNTf58SHEW0CtWakv
+XzoAKUMncQPkvTAyVab+hA4LmzgZLEN8rEO/dTHlIxxFVbdpCJG1z9fVsV7un5Tk
+1nq5GMO41lJjHBC6iy9tXcwFOPRWBW3vnuzoYTYMFEuFFFoMg08iXFnLjIpx2vrF
+EIRYzwfu45DC9fkpx1ojcflZtGQriLCnNseaIGHr+k61rmsb5OPs4tk8QUmoIKRU
+9ZKNu8BVIASm2LAXFszj0Mi0PeXZhMbT9m5teMl5Q+h6N/9cNUm/ocU=
+-----END CERTIFICATE-----
--- a/share/ca-certs/Makefile.am	Fri Apr 01 13:50:10 2011 +0000
+++ b/share/ca-certs/Makefile.am	Mon Apr 11 18:27:03 2011 +0000
@@ -22,6 +22,7 @@
 
 EXTRA_CERTS = \
 		AOL_Member_CA.pem \
+		DigiCertHighAssuranceCA-3.pem \
 		Microsoft_Internet_Authority.pem \
 		Microsoft_Internet_Authority_2010.pem \
 		Microsoft_Secure_Server_Authority.pem \