Add DoH and DoT support

[phillip-stephens]

closes #336

Description

This PR adds support for DoH and DoT lookups. Despite the large changeset, 50% of the lines changed are in go.mod/go.sum and reflect the dependencies of zcrypto.

Change Description

• Added flags for --tls and --https for user to request DoT and DoH, respectively
  • --tls and --https are mutually exclusive
  • Neither can be used with --iterative nor --udp-only
• Added type casting for TLS handshake data
  • We use sheriff to allow us to specify the verbosity of the JSON structs we're returning to the user. However, sheriff casts everything to an interface, or a slice of interface{}. This is problematic because when you go to Marshall a byte array that's been cast as a []interface{} where the elements happen to be uint8, json.Marshall will print out: [123, 7, 78,...]. This is completely useless to the user. So I added a new file src/cli/util.go with a conversion function that will convert []interface{} (uint8) -> []uint8. This gives us sane output (see below, any of the base64-encoded strings are byte arrays underneath).
• Set default resolvers for --https to dns.google and cloudflare-dns.com
• Added integration tests for both --name-server-mode and normal usage for both --tls and --https

New Network Options

./zdns --help
...
Network Options:
      --4                      utilize IPv4 query transport only, incompatible with --6
      --6                      utilize IPv6 query transport only, incompatible with --4
      --https                  Use DNS over HTTPS for lookups, mutually exclusive with --udp-only, --iterative, and --tls
      --local-addr=            comma-delimited list of local addresses to use, serve as the source IP for outbound queries
      --local-interface=       local interface to use
      --no-recycle-sockets     do not create long-lived unbound UDP socket for each thread at launch and reuse for all (UDP) queries
      --prefer-ipv4-iteration  Prefer IPv4/A record lookups during iterative resolution. Ignored unless used with both IPv4 and IPv6 query transport
      --prefer-ipv6-iteration  Prefer IPv6/AAAA record lookups during iterative resolution. Ignored unless used with both IPv4 and IPv6 query transport
      --tcp-only               Only perform lookups over TCP
      --tls                    Use DNS over TLS for lookups, mutually exclusive with --udp-only, --iterative, and --https
      --udp-only               Only perform lookups over UDP
...

Examples

$ ./zdns A google.com --https
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":1232,"version":0}],"answers":[{"answer":"142.250.190.110","class":"IN","name":"google.com","ttl":255,"type":"A"}],"protocol":"DoH","resolver":"cloudflare-dns.com","tls_handshake":{"handshake_log":{"client_finished":{"verify_data":"IitObytWc0w4eW9rZ0N1UTIi"},"client_key_exchange":{"ecdh_params":{"client_private":{"length":32,"value":"InJsSDh0c1BIaEY1b2dTb3N3Z1g5YkZvNm02TUQ1aFZWK09LaUlmaEdKdEU9Ig=="},"client_public":{"X":{},"Y":{}},"curve_id":23}},"key_material":{"master_secret":{"length":48,"value":"Imk0aXpNNVJPQmhWTnh2SDEwQWRmbjVQanJwTUk1anlQZE1KSm5rYWpmazJ2cmpDNTVaTVF5MXc3dCswNVFZU1oi"},"pre_master_secret":{"length":32,"value":"IlJHMUlGYmVtM3dtQ1V5TzUvNTVzRUg3VlVySFZTZU8ySVp5RTFNK005elE9Ig=="}},"server_certificates":{"certificate":{"parsed":{"AuthorityKeyId":"ImRJV0F3R2JIM3pmZXo3MHBONm9ESGI3dHpSYz0i","BasicConstraintsValid":true,"CABFOrganizationIdentifier":null,"CPSuri":[["http://www.digicert.com/CPS"]],"CRLDistributionPoints":["http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl","http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl"],"DNSNames":["cloudflare-dns.com","*.cloudflare-dns.com","one.one.one.one"],"DirectoryNames":[],"EDIPartyNames":[],"EmailAddresses":[],"ExcludedDNSNames":[],"ExcludedDirectoryNames":[],"ExcludedEdiPartyNames":[],"ExcludedEmailAddresses":[],"ExcludedIPAddresses":[],"ExcludedRegisteredIDs":[],"ExcludedURIs":[],"ExcludedX400Addresses":[],"ExplicitTexts":[[]],"ExtKeyUsage":[48,53],"Extensions":[{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGSFNGZ01CbXg5ODMzcys5S1RlcUF4Mis3YzBYIg=="},{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCVGl4RHZqOFI1NVorNVJ2ZTZxei9WNEZIazNvQT09Ig=="},{"Critical":false,"Id":[2,5,29,17],"Value":"Ik1JR2JnaEpqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRkNvdVkyeHZkV1JtYkdGeVpTMWtibk11WTI5dGdnOXZibVV1YjI1bExtOXVaUzV2Ym1XSEJBRUFBQUdIQkFFQkFRR0hCS0tmSkFHSEJLS2ZMZ0dIRUNZR1J3QkhBQUFBQUFBQUFBQUFFQUdIRUNZR1J3QkhBQUFBQUFBQUFBQUFFUkdIRUNZR1J3QkhBQUFBQUFBQUFBQUFBR1NIRUNZR1J3QkhBQUFBQUFBQUFBQUFaQUE9Ig=="},{"Critical":false,"Id":[2,5,29,32],"Value":"Ik1EVXdNd1lHWjRFTUFRSUNNQ2t3SndZSUt3WUJCUVVIQWdFV0cyaDBkSEE2THk5M2QzY3VaR2xuYVdObGNuUXVZMjl0TDBOUVV3PT0i"},{"Critical":true,"Id":[2,5,29,15],"Value":"IkF3SURpQT09Ig=="},{"Critical":false,"Id":[2,5,29,37],"Value":"Ik1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZz09Ig=="},{"Critical":false,"Id":[2,5,29,31],"Value":"Ik1JR1VNRWlnUnFCRWhrSm9kSFJ3T2k4dlkzSnNNeTVrYVdkcFkyVnlkQzVqYjIwdlJHbG5hVU5sY25SSGJHOWlZV3hITWxSTVUxSlRRVk5JUVRJMU5qSXdNakJEUVRFdE1TNWpjbXd3U0tCR29FU0dRbWgwZEhBNkx5OWpjbXcwTG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRFZHNiMkpoYkVjeVZFeFRVbE5CVTBoQk1qVTJNakF5TUVOQk1TMHhMbU55YkE9PSI="},{"Critical":false,"Id":[1,3,6,1,5,5,7,1,1],"Value":"Ik1Ia3dKQVlJS3dZQkJRVUhNQUdHR0doMGRIQTZMeTl2WTNOd0xtUnBaMmxqWlhKMExtTnZiVEJSQmdnckJnRUZCUWN3QW9aRmFIUjBjRG92TDJOaFkyVnlkSE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzUnpKVVRGTlNVMEZUU0VFeU5UWXlNREl3UTBFeExURXVZM0owIg=="},{"Critical":true,"Id":[2,5,29,19],"Value":"Ik1BQT0i"},{"Critical":false,"Id":[1,3,6,1,4,1,11129,2,4,2],"Value":"IkJJSUJhUUZuQUhVQVRuV2pKMXlhRU1NNFcyelUzejlTNngzdzRJNGJqV25Bc2Zwa3NXS2FPZDhBQUFHUkFaczIxd0FBQkFNQVJqQkVBaUF6VWdCMFJYbXBTWXlZRE5ZWGNqSkNRTCsxUGdpcUt3NXNyRFl0V2lhcGpBSWdhWGdUNDVPcmgxU0FWbm93MUxXMmZiTEdXOFpEM3JGa2gvNHdFZndqejBrQWRRQjlXUjRTNFhncWV4eGhaM3hlL2ZqUWgxd1VvRTZWbnJrREw5a09qQzU1dUFBQUFaRUJtemFWQUFBRUF3QkdNRVFDSUI3c1N0bmgvZHpSY21qRmRONUcrdHpxMmF2UXM4VzJGZlhKMHVaTXhFWjlBaUJIV0QzZDYyZlc2b0pKbUpSdEgxUTlRTWx5L1VTR3NpTzZ6Wmg3TGsxOXBBQjNBT2JTTVdOQWQ0ekJFRUVHMTNHNXpzSFNRUGFXaEliN3VvY3lIZjBlTjQ1UUFBQUJrUUdiTnFRQUFBUURBRWd3UmdJaEFJOFZkRndLd1JEaWdLSnZMTG9pWWp1WXZpbWg0aEhaVjZzd1dCVWRiSy9QQWlFQW5ZZUdTanhaWjNmMkkvYjRGQkVmdUkzeFM1T0tZT3JMbTdYellxOTA3UU09Ig=="}],"ExtensionsMap":{"1.3.6.1.4.1.11129.2.4.2":{"Critical":false,"Id":[1,3,6,1,4,1,11129,2,4,2],"Value":"IkJJSUJhUUZuQUhVQVRuV2pKMXlhRU1NNFcyelUzejlTNngzdzRJNGJqV25Bc2Zwa3NXS2FPZDhBQUFHUkFaczIxd0FBQkFNQVJqQkVBaUF6VWdCMFJYbXBTWXlZRE5ZWGNqSkNRTCsxUGdpcUt3NXNyRFl0V2lhcGpBSWdhWGdUNDVPcmgxU0FWbm93MUxXMmZiTEdXOFpEM3JGa2gvNHdFZndqejBrQWRRQjlXUjRTNFhncWV4eGhaM3hlL2ZqUWgxd1VvRTZWbnJrREw5a09qQzU1dUFBQUFaRUJtemFWQUFBRUF3QkdNRVFDSUI3c1N0bmgvZHpSY21qRmRONUcrdHpxMmF2UXM4VzJGZlhKMHVaTXhFWjlBaUJIV0QzZDYyZlc2b0pKbUpSdEgxUTlRTWx5L1VTR3NpTzZ6Wmg3TGsxOXBBQjNBT2JTTVdOQWQ0ekJFRUVHMTNHNXpzSFNRUGFXaEliN3VvY3lIZjBlTjQ1UUFBQUJrUUdiTnFRQUFBUURBRWd3UmdJaEFJOFZkRndLd1JEaWdLSnZMTG9pWWp1WXZpbWg0aEhaVjZzd1dCVWRiSy9QQWlFQW5ZZUdTanhaWjNmMkkvYjRGQkVmdUkzeFM1T0tZT3JMbTdYellxOTA3UU09Ig=="},"1.3.6.1.5.5.7.1.1":{"Critical":false,"Id":[1,3,6,1,5,5,7,1,1],"Value":"Ik1Ia3dKQVlJS3dZQkJRVUhNQUdHR0doMGRIQTZMeTl2WTNOd0xtUnBaMmxqWlhKMExtTnZiVEJSQmdnckJnRUZCUWN3QW9aRmFIUjBjRG92TDJOaFkyVnlkSE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzUnpKVVRGTlNVMEZUU0VFeU5UWXlNREl3UTBFeExURXVZM0owIg=="},"2.5.29.14":{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCVGl4RHZqOFI1NVorNVJ2ZTZxei9WNEZIazNvQT09Ig=="},"2.5.29.15":{"Critical":true,"Id":[2,5,29,15],"Value":"IkF3SURpQT09Ig=="},"2.5.29.17":{"Critical":false,"Id":[2,5,29,17],"Value":"Ik1JR2JnaEpqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRkNvdVkyeHZkV1JtYkdGeVpTMWtibk11WTI5dGdnOXZibVV1YjI1bExtOXVaUzV2Ym1XSEJBRUFBQUdIQkFFQkFRR0hCS0tmSkFHSEJLS2ZMZ0dIRUNZR1J3QkhBQUFBQUFBQUFBQUFFQUdIRUNZR1J3QkhBQUFBQUFBQUFBQUFFUkdIRUNZR1J3QkhBQUFBQUFBQUFBQUFBR1NIRUNZR1J3QkhBQUFBQUFBQUFBQUFaQUE9Ig=="},"2.5.29.19":{"Critical":true,"Id":[2,5,29,19],"Value":"Ik1BQT0i"},"2.5.29.31":{"Critical":false,"Id":[2,5,29,31],"Value":"Ik1JR1VNRWlnUnFCRWhrSm9kSFJ3T2k4dlkzSnNNeTVrYVdkcFkyVnlkQzVqYjIwdlJHbG5hVU5sY25SSGJHOWlZV3hITWxSTVUxSlRRVk5JUVRJMU5qSXdNakJEUVRFdE1TNWpjbXd3U0tCR29FU0dRbWgwZEhBNkx5OWpjbXcwTG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRFZHNiMkpoYkVjeVZFeFRVbE5CVTBoQk1qVTJNakF5TUVOQk1TMHhMbU55YkE9PSI="},"2.5.29.32":{"Critical":false,"Id":[2,5,29,32],"Value":"Ik1EVXdNd1lHWjRFTUFRSUNNQ2t3SndZSUt3WUJCUVVIQWdFV0cyaDBkSEE2THk5M2QzY3VaR2xuYVdObGNuUXVZMjl0TDBOUVV3PT0i"},"2.5.29.35":{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGSFNGZ01CbXg5ODMzcys5S1RlcUF4Mis3YzBYIg=="},"2.5.29.37":{"Critical":false,"Id":[2,5,29,37],"Value":"Ik1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZz09Ig=="}},"ExtraExtensions":[],"FailedToParseNames":[],"FingerprintMD5":"InVQT1B2U2JDQUlBTWgvZ083QWY2bGc9PSI=","FingerprintNoCT":"IllHTjMzUkl5U1pVM3VIR2w5K0g0MWJQVWxFdUpHbXZXMHd0bFpKUkR6Y3c9Ig==","FingerprintSHA1":"IklBY2FGaGE1R3lKbktjVHVIWEg4Mi84aXp2MD0i","FingerprintSHA256":"IjYzSTFBWjh3RXJlb0ZIMVc5NUtXTUVpK21YdFBSUC9wTjNCejZ0NktocVU9Ig==","IANDNSNames":[],"IANDirectoryNames":[],"IANEDIPartyNames":[],"IANEmailAddresses":[],"IANIPAddresses":[],"IANOtherNames":[],"IANRegisteredIDs":[],"IANURIs":[],"IPAddresses":["1.0.0.1","1.1.1.1","162.159.36.1","162.159.46.1","2606:4700:4700::1001","2606:4700:4700::1111","2606:4700:4700::64","2606:4700:4700::6400"],"IsCA":false,"IsPrecert":false,"Issuer":{"Country":["US"],"Organization":["DigiCert Inc"],"OrganizationalUnit":null,"Locality":null,"Province":null,"StreetAddress":null,"PostalCode":null,"DomainComponent":null,"EmailAddress":null,"SerialNumber":"","CommonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","SerialNumbers":null,"CommonNames":["DigiCert Global G2 TLS RSA SHA256 2020 CA1"],"GivenName":null,"Surname":null,"OrganizationIDs":null,"JurisdictionLocality":null,"JurisdictionProvince":null,"JurisdictionCountry":null,"Names":[{"type":"2.5.4.6","value":"US"},{"type":"2.5.4.10","value":"DigiCert Inc"},{"type":"2.5.4.3","value":"DigiCert Global G2 TLS RSA SHA256 2020 CA1"}],"ExtraNames":null,"OriginalRDNS":[[{"type":"2.5.4.6","value":"US"}],[{"type":"2.5.4.10","value":"DigiCert Inc"}],[{"type":"2.5.4.3","value":"DigiCert Global G2 TLS RSA SHA256 2020 CA1"}]]},"IssuerUniqueId":{"BitLength":0,"Bytes":[]},"IssuingCertificateURL":["http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt"],"KeyUsage":{"digital_signature":true,"key_agreement":true,"value":17},"MaxPathLen":-1,"MaxPathLenZero":false,"NameConstraintsCritical":false,"NotAfter":"2025-01-21T23:59:59Z","NotBefore":"2024-07-30T00:00:00Z","NoticeRefNumbers":[[]],"NoticeRefOrgnization":[[]],"OCSPServer":["http://ocsp.digicert.com"],"OtherNames":[],"ParsedExplicitTexts":[[]],"ParsedNoticeRefOrganization":[[]],"PermittedDNSNames":[],"PermittedDirectoryNames":[],"PermittedEdiPartyNames":[],"PermittedEmailAddresses":[],"PermittedIPAddresses":[],"PermittedRegisteredIDs":[],"PermittedURIs":[],"PermittedX400Addresses":[],"PolicyIdentifiers":[[2,23,140,1,2,2]],"PublicKey":{"Pub":{"Curve":{},"X":{},"Y":{}},"Raw":{"BitLength":520,"Bytes":"IkJFeXFUTEpnd2w2Q1BtTTEwNndBVDNCdHh5c3Z6VmFyZG1xc0JPMzlqZGZUL3k0Vk5zQjZubjdQS1hsQWhVeUEvaVEya0d4Y2hwVWpZVjBvWW9GZ1NQQT0i"}},"PublicKeyAlgorithm":3,"PublicKeyAlgorithmOID":[1,2,840,10045,2,1],"QCStatements":null,"QualifierId":[[[1,3,6,1,5,5,7,2,1]]],"Raw":"Ik1JSUdvekNDQll1Z0F3SUJBZ0lRRDhGS2FycVBQalExajFaUHNYeFNJREFOQmdrcWhraUc5dzBCQVFzRkFEQlpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNVE13TVFZRFZRUURFeXBFYVdkcFEyVnlkQ0JIYkc5aVlXd2dSeklnVkV4VElGSlRRU0JUU0VFeU5UWWdNakF5TUNCRFFURXdIaGNOTWpRd056TXdNREF3TURBd1doY05NalV3TVRJeE1qTTFPVFU1V2pCeU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQk1LUTJGc2FXWnZjbTVwWVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVaTUJjR0ExVUVDaE1RUTJ4dmRXUm1iR0Z5WlN3Z1NXNWpMakViTUJrR0ExVUVBeE1TWTJ4dmRXUm1iR0Z5WlMxa2JuTXVZMjl0TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVEtwTXNtRENYb0krWXpYVHJBQlBjRzNIS3kvTlZxdDJhcXdFN2YyTjE5UC9MaFUyd0hxZWZzOHBlVUNGVElEK0pEYVFiRnlHbFNOaFhTaGlnV0JJOEtPQ0JCY3dnZ1FUTUI4R0ExVWRJd1FZTUJhQUZIU0ZnTUJteDk4MzNzKzlLVGVxQXgyKzdjMFhNQjBHQTFVZERnUVdCQlRpeER2ajhSNTVaKzVSdmU2cXovVjRGSGszb0RDQnBnWURWUjBSQklHZU1JR2JnaEpqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRkNvdVkyeHZkV1JtYkdGeVpTMWtibk11WTI5dGdnOXZibVV1YjI1bExtOXVaUzV2Ym1XSEJBRUFBQUdIQkFFQkFRR0hCS0tmSkFHSEJLS2ZMZ0dIRUNZR1J3QkhBQUFBQUFBQUFBQUFFQUdIRUNZR1J3QkhBQUFBQUFBQUFBQUFFUkdIRUNZR1J3QkhBQUFBQUFBQUFBQUFBR1NIRUNZR1J3QkhBQUFBQUFBQUFBQUFaQUF3UGdZRFZSMGdCRGN3TlRBekJnWm5nUXdCQWdJd0tUQW5CZ2dyQmdFRkJRY0NBUlliYUhSMGNEb3ZMM2QzZHk1a2FXZHBZMlZ5ZEM1amIyMHZRMUJUTUE0R0ExVWREd0VCL3dRRUF3SURpREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd2daOEdBMVVkSHdTQmx6Q0JsREJJb0VhZ1JJWkNhSFIwY0RvdkwyTnliRE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzUnpKVVRGTlNVMEZUU0VFeU5UWXlNREl3UTBFeExURXVZM0pzTUVpZ1JxQkVoa0pvZEhSd09pOHZZM0pzTkM1a2FXZHBZMlZ5ZEM1amIyMHZSR2xuYVVObGNuUkhiRzlpWVd4SE1sUk1VMUpUUVZOSVFUSTFOakl3TWpCRFFURXRNUzVqY213d2dZY0dDQ3NHQVFVRkJ3RUJCSHN3ZVRBa0JnZ3JCZ0VGQlFjd0FZWVlhSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1GRUdDQ3NHQVFVRkJ6QUNoa1ZvZEhSd09pOHZZMkZqWlhKMGN5NWthV2RwWTJWeWRDNWpiMjB2UkdsbmFVTmxjblJIYkc5aVlXeEhNbFJNVTFKVFFWTklRVEkxTmpJd01qQkRRVEV0TVM1amNuUXdEQVlEVlIwVEFRSC9CQUl3QURDQ0FYMEdDaXNHQVFRQjFua0NCQUlFZ2dGdEJJSUJhUUZuQUhVQVRuV2pKMXlhRU1NNFcyelUzejlTNngzdzRJNGJqV25Bc2Zwa3NXS2FPZDhBQUFHUkFaczIxd0FBQkFNQVJqQkVBaUF6VWdCMFJYbXBTWXlZRE5ZWGNqSkNRTCsxUGdpcUt3NXNyRFl0V2lhcGpBSWdhWGdUNDVPcmgxU0FWbm93MUxXMmZiTEdXOFpEM3JGa2gvNHdFZndqejBrQWRRQjlXUjRTNFhncWV4eGhaM3hlL2ZqUWgxd1VvRTZWbnJrREw5a09qQzU1dUFBQUFaRUJtemFWQUFBRUF3QkdNRVFDSUI3c1N0bmgvZHpSY21qRmRONUcrdHpxMmF2UXM4VzJGZlhKMHVaTXhFWjlBaUJIV0QzZDYyZlc2b0pKbUpSdEgxUTlRTWx5L1VTR3NpTzZ6Wmg3TGsxOXBBQjNBT2JTTVdOQWQ0ekJFRUVHMTNHNXpzSFNRUGFXaEliN3VvY3lIZjBlTjQ1UUFBQUJrUUdiTnFRQUFBUURBRWd3UmdJaEFJOFZkRndLd1JEaWdLSnZMTG9pWWp1WXZpbWg0aEhaVjZzd1dCVWRiSy9QQWlFQW5ZZUdTanhaWjNmMkkvYjRGQkVmdUkzeFM1T0tZT3JMbTdYellxOTA3UU13RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURpOCsxd1ZnUk9zMzY0a2lPWHJDWmxkNVpmd0twblVlam1OSzk1SEpCbE5aV3Bwa2ZneDhVSk81QW4raTJ6L2c1d3RQTzJKVkF3dWhUTUtoRllCemRkNitGU1Z6TXF6ZmpocktMVGVQZ1lmOFd0S3gxazN3bENET3dxYmZsc20zWUlnZVJ0Z3lqQ1owUzhvMnB5VXNaZnMvd2RYM05valR4ZHM2Ylplc2NVZU5pZzNnOWR5Q3o0WDRTUXExdlBScGs0Nm1SUFpTUCsvNGdxR1hnVGJnTmk4UWpWR1BnMS81TFhmV3RCTEpmR1Nta29HUDdLbGRYaSttRmxjRXlZM1JNK2tUMzNFOEU1eHIzSU00RWZOeWJOWnQyamYvY2hnRGpMMnJjM2ZoaHJjK3pOclFYMTRMUjE3anl2d1VhUzFubGF6OWpZditSZlQ0aVRxZ2hpRFhaQT0i","RawIssuer":"Ik1Ga3hDekFKQmdOVkJBWVRBbFZUTVJVd0V3WURWUVFLRXd4RWFXZHBRMlZ5ZENCSmJtTXhNekF4QmdOVkJBTVRLa1JwWjJsRFpYSjBJRWRzYjJKaGJDQkhNaUJVVEZNZ1VsTkJJRk5JUVRJMU5pQXlNREl3SUVOQk1RPT0i","RawSubject":"Ik1ISXhDekFKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJRXdwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaGJtTnBjMk52TVJrd0Z3WURWUVFLRXhCRGJHOTFaR1pzWVhKbExDQkpibU11TVJzd0dRWURWUVFERXhKamJHOTFaR1pzWVhKbExXUnVjeTVqYjIwPSI=","RawSubjectPublicKeyInfo":"Ik1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRVRLcE1zbURDWG9JK1l6WFRyQUJQY0czSEt5L05WcXQyYXF3RTdmMk4xOVAvTGhVMndIcWVmczhwZVVDRlRJRCtKRGFRYkZ5R2xTTmhYU2hpZ1dCSThBPT0i","RawTBSCertificate":"Ik1JSUZpNkFEQWdFQ0FoQVB3VXBxdW84K05EV1BWayt4ZkZJZ01BMEdDU3FHU0liM0RRRUJDd1VBTUZreEN6QUpCZ05WQkFZVEFsVlRNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeE16QXhCZ05WQkFNVEtrUnBaMmxEWlhKMElFZHNiMkpoYkNCSE1pQlVURk1nVWxOQklGTklRVEkxTmlBeU1ESXdJRU5CTVRBZUZ3MHlOREEzTXpBd01EQXdNREJhRncweU5UQXhNakV5TXpVNU5UbGFNSEl4Q3pBSkJnTlZCQVlUQWxWVE1STXdFUVlEVlFRSUV3cERZV3hwWm05eWJtbGhNUll3RkFZRFZRUUhFdzFUWVc0Z1JuSmhibU5wYzJOdk1Sa3dGd1lEVlFRS0V4QkRiRzkxWkdac1lYSmxMQ0JKYm1NdU1Sc3dHUVlEVlFRREV4SmpiRzkxWkdac1lYSmxMV1J1Y3k1amIyMHdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CQndOQ0FBUk1xa3l5WU1KZWdqNWpOZE9zQUU5d2JjY3JMODFXcTNacXJBVHQvWTNYMC84dUZUYkFlcDUrenlsNVFJVk1nUDRrTnBCc1hJYVZJMkZkS0dLQllFandvNElFRnpDQ0JCTXdId1lEVlIwakJCZ3dGb0FVZElXQXdHYkgzemZlejcwcE42b0RIYjd0elJjd0hRWURWUjBPQkJZRUZPTEVPK1B4SG5sbjdsRzk3cXJQOVhnVWVUZWdNSUdtQmdOVkhSRUVnWjR3Z1p1Q0VtTnNiM1ZrWm14aGNtVXRaRzV6TG1OdmJZSVVLaTVqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRDI5dVpTNXZibVV1YjI1bExtOXVaWWNFQVFBQUFZY0VBUUVCQVljRW9wOGtBWWNFb3A4dUFZY1FKZ1pIQUVjQUFBQUFBQUFBQUFBUUFZY1FKZ1pIQUVjQUFBQUFBQUFBQUFBUkVZY1FKZ1pIQUVjQUFBQUFBQUFBQUFBQVpJY1FKZ1pIQUVjQUFBQUFBQUFBQUFCa0FEQStCZ05WSFNBRU56QTFNRE1HQm1lQkRBRUNBakFwTUNjR0NDc0dBUVVGQndJQkZodG9kSFJ3T2k4dmQzZDNMbVJwWjJsalpYSjBMbU52YlM5RFVGTXdEZ1lEVlIwUEFRSC9CQVFEQWdPSU1CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakNCbndZRFZSMGZCSUdYTUlHVU1FaWdScUJFaGtKb2RIUndPaTh2WTNKc015NWthV2RwWTJWeWRDNWpiMjB2UkdsbmFVTmxjblJIYkc5aVlXeEhNbFJNVTFKVFFWTklRVEkxTmpJd01qQkRRVEV0TVM1amNtd3dTS0JHb0VTR1FtaDBkSEE2THk5amNtdzBMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVkc2IySmhiRWN5VkV4VFVsTkJVMGhCTWpVMk1qQXlNRU5CTVMweExtTnliRENCaHdZSUt3WUJCUVVIQVFFRWV6QjVNQ1FHQ0NzR0FRVUZCekFCaGhob2RIUndPaTh2YjJOemNDNWthV2RwWTJWeWRDNWpiMjB3VVFZSUt3WUJCUVVITUFLR1JXaDBkSEE2THk5allXTmxjblJ6TG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRFZHNiMkpoYkVjeVZFeFRVbE5CVTBoQk1qVTJNakF5TUVOQk1TMHhMbU55ZERBTUJnTlZIUk1CQWY4RUFqQUFNSUlCZlFZS0t3WUJCQUhXZVFJRUFnU0NBVzBFZ2dGcEFXY0FkUUJPZGFNblhKb1F3emhiYk5UZlAxTHJIZkRnamh1TmFjQ3grbVN4WXBvNTN3QUFBWkVCbXpiWEFBQUVBd0JHTUVRQ0lETlNBSFJGZWFsSmpKZ00xaGR5TWtKQXY3VStDS29yRG15c05pMWFKcW1NQWlCcGVCUGprNnVIVklCV2VqRFV0Ylo5c3NaYnhrUGVzV1NIL2pBUi9DUFBTUUIxQUgxWkhoTGhlQ3A3SEdGbmZGNzkrTkNIWEJTZ1RwV2V1UU12MlE2TUxubTRBQUFCa1FHYk5wVUFBQVFEQUVZd1JBSWdIdXhLMmVIOTNORnlhTVYwM2tiNjNPclpxOUN6eGJZVjljblM1a3pFUm4wQ0lFZFlQZDNyWjlicWdrbVlsRzBmVkQxQXlYTDlSSWF5STdyTm1Ic3VUWDJrQUhjQTV0SXhZMEIzak1FUVFRYlhjYm5Pd2RKQTlwYUVodnU2aHpJZC9SNDNqbEFBQUFHUkFaczJwQUFBQkFNQVNEQkdBaUVBanhWMFhBckJFT0tBb204c3VpSmlPNWkrS2FIaUVkbFhxekJZRlIxc3I4OENJUUNkaDRaS1BGbG5kL1lqOXZnVUVSKzRqZkZMazRwZzZzdWJ0Zk5pcjNUdEF3PT0i","RegisteredIDs":[],"SPKIFingerprint":"IjRwcVEreWwzbEF0UnZLZG9DQ1VSOGlEbUE1M0krY0o3b3JnQkxpRjA4a1E9Ig==","SPKISubjectFingerprint":"IkQyZThSTW5DOUd1eXZ2Qk0xODNGcEFSaE5EaW5rNHhhenlXMitUWDlVMFk9Ig==","SelfSigned":false,"SerialNumber":{},"Signature":"Ik9MejdYQldCRTZ6ZnJpU0k1ZXNKbVYzbGwvQXFtZFI2T1kwcjNrY2tHVTFsYW1tUitESHhRazdrQ2Y2TGJQK0RuQzA4N1lsVURDNkZNd3FFVmdITjEzcjRWSlhNeXJOK09Hc290TjQrQmgveGEwckhXVGZDVUlNN0NwdCtXeWJkZ2lCNUcyREtNSm5STHlqYW5KU3hsK3ovQjFmYzJpTlBGMnpwdGw2eHhSNDJLRGVEMTNJTFBoZmhKQ3JXODlHbVRqcVpFOWxJLzcvaUNvWmVCTnVBMkx4Q05VWStEWC9rdGQ5YTBFc2w4WkthU2dZL3NxVjFlTDZZV1Z3VEpqZEV6NlJQZmNUd1RuR3ZjZ3pnUjgzSnMxbTNhTi85eUdBT012YXR6ZCtHR3R6N00ydEJmWGd0SFh1UEsvQlJwTFdlVnJQMk5pLzVGOVBpSk9xQ0dJTmRrQT09Ig==","SignatureAlgorithm":4,"SignatureAlgorithmOID":[1,2,840,113549,1,1,11],"SignedCertificateTimestampList":[{"version":0,"log_id":"TnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8=","timestamp":1722308835,"signature":"BAMARjBEAiAzUgB0RXmpSYyYDNYXcjJCQL+1PgiqKw5srDYtWiapjAIgaXgT45Orh1SAVnow1LW2fbLGW8ZD3rFkh/4wEfwjz0k="},{"version":0,"log_id":"fVkeEuF4KnscYWd8Xv340IdcFKBOlZ65Ay/ZDowuebg=","timestamp":1722308834,"signature":"BAMARjBEAiAe7ErZ4f3c0XJoxXTeRvrc6tmr0LPFthX1ydLmTMRGfQIgR1g93etn1uqCSZiUbR9UPUDJcv1EhrIjus2Yey5NfaQ="},{"version":0,"log_id":"5tIxY0B3jMEQQQbXcbnOwdJA9paEhvu6hzId/R43jlA=","timestamp":1722308834,"signature":"BAMASDBGAiEAjxV0XArBEOKAom8suiJiO5i+KaHiEdlXqzBYFR1sr88CIQCdh4ZKPFlnd/Yj9vgUER+4jfFLk4pg6subtfNir3TtAw=="}],"Subject":{"Country":["US"],"Organization":["Cloudflare, Inc."],"OrganizationalUnit":null,"Locality":["San Francisco"],"Province":["California"],"StreetAddress":null,"PostalCode":null,"DomainComponent":null,"EmailAddress":null,"SerialNumber":"","CommonName":"cloudflare-dns.com","SerialNumbers":null,"CommonNames":["cloudflare-dns.com"],"GivenName":null,"Surname":null,"OrganizationIDs":null,"JurisdictionLocality":null,"JurisdictionProvince":null,"JurisdictionCountry":null,"Names":[{"type":"2.5.4.6","value":"US"},{"type":"2.5.4.8","value":"California"},{"type":"2.5.4.7","value":"San Francisco"},{"type":"2.5.4.10","value":"Cloudflare, Inc."},{"type":"2.5.4.3","value":"cloudflare-dns.com"}],"ExtraNames":null,"OriginalRDNS":[[{"type":"2.5.4.6","value":"US"}],[{"type":"2.5.4.8","value":"California"}],[{"type":"2.5.4.7","value":"San Francisco"}],[{"type":"2.5.4.10","value":"Cloudflare, Inc."}],[{"type":"2.5.4.3","value":"cloudflare-dns.com"}]]},"SubjectKeyId":"IjRzUTc0L0VlZVdmdVViM3Vxcy8xZUJSNU42QT0i","SubjectUniqueId":{"BitLength":0,"Bytes":[]},"TBSCertificateFingerprint":"InFmOG84aVdCTmdzb0o3dVk0MHpZZUJ4Q05zclFVamROZjREQzRLV1pxM0E9Ig==","TorServiceDescriptors":[],"URIs":[],"UnhandledCriticalExtensions":[],"UnknownExtKeyUsage":[],"ValidationLevel":2,"ValidityPeriod":15206399,"Version":3},"raw":"Ik1JSUdvekNDQll1Z0F3SUJBZ0lRRDhGS2FycVBQalExajFaUHNYeFNJREFOQmdrcWhraUc5dzBCQVFzRkFEQlpNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNVE13TVFZRFZRUURFeXBFYVdkcFEyVnlkQ0JIYkc5aVlXd2dSeklnVkV4VElGSlRRU0JUU0VFeU5UWWdNakF5TUNCRFFURXdIaGNOTWpRd056TXdNREF3TURBd1doY05NalV3TVRJeE1qTTFPVFU1V2pCeU1Rc3dDUVlEVlFRR0V3SlZVekVUTUJFR0ExVUVDQk1LUTJGc2FXWnZjbTVwWVRFV01CUUdBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVaTUJjR0ExVUVDaE1RUTJ4dmRXUm1iR0Z5WlN3Z1NXNWpMakViTUJrR0ExVUVBeE1TWTJ4dmRXUm1iR0Z5WlMxa2JuTXVZMjl0TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVEtwTXNtRENYb0krWXpYVHJBQlBjRzNIS3kvTlZxdDJhcXdFN2YyTjE5UC9MaFUyd0hxZWZzOHBlVUNGVElEK0pEYVFiRnlHbFNOaFhTaGlnV0JJOEtPQ0JCY3dnZ1FUTUI4R0ExVWRJd1FZTUJhQUZIU0ZnTUJteDk4MzNzKzlLVGVxQXgyKzdjMFhNQjBHQTFVZERnUVdCQlRpeER2ajhSNTVaKzVSdmU2cXovVjRGSGszb0RDQnBnWURWUjBSQklHZU1JR2JnaEpqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRkNvdVkyeHZkV1JtYkdGeVpTMWtibk11WTI5dGdnOXZibVV1YjI1bExtOXVaUzV2Ym1XSEJBRUFBQUdIQkFFQkFRR0hCS0tmSkFHSEJLS2ZMZ0dIRUNZR1J3QkhBQUFBQUFBQUFBQUFFQUdIRUNZR1J3QkhBQUFBQUFBQUFBQUFFUkdIRUNZR1J3QkhBQUFBQUFBQUFBQUFBR1NIRUNZR1J3QkhBQUFBQUFBQUFBQUFaQUF3UGdZRFZSMGdCRGN3TlRBekJnWm5nUXdCQWdJd0tUQW5CZ2dyQmdFRkJRY0NBUlliYUhSMGNEb3ZMM2QzZHk1a2FXZHBZMlZ5ZEM1amIyMHZRMUJUTUE0R0ExVWREd0VCL3dRRUF3SURpREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd2daOEdBMVVkSHdTQmx6Q0JsREJJb0VhZ1JJWkNhSFIwY0RvdkwyTnliRE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzUnpKVVRGTlNVMEZUU0VFeU5UWXlNREl3UTBFeExURXVZM0pzTUVpZ1JxQkVoa0pvZEhSd09pOHZZM0pzTkM1a2FXZHBZMlZ5ZEM1amIyMHZSR2xuYVVObGNuUkhiRzlpWVd4SE1sUk1VMUpUUVZOSVFUSTFOakl3TWpCRFFURXRNUzVqY213d2dZY0dDQ3NHQVFVRkJ3RUJCSHN3ZVRBa0JnZ3JCZ0VGQlFjd0FZWVlhSFIwY0RvdkwyOWpjM0F1WkdsbmFXTmxjblF1WTI5dE1GRUdDQ3NHQVFVRkJ6QUNoa1ZvZEhSd09pOHZZMkZqWlhKMGN5NWthV2RwWTJWeWRDNWpiMjB2UkdsbmFVTmxjblJIYkc5aVlXeEhNbFJNVTFKVFFWTklRVEkxTmpJd01qQkRRVEV0TVM1amNuUXdEQVlEVlIwVEFRSC9CQUl3QURDQ0FYMEdDaXNHQVFRQjFua0NCQUlFZ2dGdEJJSUJhUUZuQUhVQVRuV2pKMXlhRU1NNFcyelUzejlTNngzdzRJNGJqV25Bc2Zwa3NXS2FPZDhBQUFHUkFaczIxd0FBQkFNQVJqQkVBaUF6VWdCMFJYbXBTWXlZRE5ZWGNqSkNRTCsxUGdpcUt3NXNyRFl0V2lhcGpBSWdhWGdUNDVPcmgxU0FWbm93MUxXMmZiTEdXOFpEM3JGa2gvNHdFZndqejBrQWRRQjlXUjRTNFhncWV4eGhaM3hlL2ZqUWgxd1VvRTZWbnJrREw5a09qQzU1dUFBQUFaRUJtemFWQUFBRUF3QkdNRVFDSUI3c1N0bmgvZHpSY21qRmRONUcrdHpxMmF2UXM4VzJGZlhKMHVaTXhFWjlBaUJIV0QzZDYyZlc2b0pKbUpSdEgxUTlRTWx5L1VTR3NpTzZ6Wmg3TGsxOXBBQjNBT2JTTVdOQWQ0ekJFRUVHMTNHNXpzSFNRUGFXaEliN3VvY3lIZjBlTjQ1UUFBQUJrUUdiTnFRQUFBUURBRWd3UmdJaEFJOFZkRndLd1JEaWdLSnZMTG9pWWp1WXZpbWg0aEhaVjZzd1dCVWRiSy9QQWlFQW5ZZUdTanhaWjNmMkkvYjRGQkVmdUkzeFM1T0tZT3JMbTdYellxOTA3UU13RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQURpOCsxd1ZnUk9zMzY0a2lPWHJDWmxkNVpmd0twblVlam1OSzk1SEpCbE5aV3Bwa2ZneDhVSk81QW4raTJ6L2c1d3RQTzJKVkF3dWhUTUtoRllCemRkNitGU1Z6TXF6ZmpocktMVGVQZ1lmOFd0S3gxazN3bENET3dxYmZsc20zWUlnZVJ0Z3lqQ1owUzhvMnB5VXNaZnMvd2RYM05valR4ZHM2Ylplc2NVZU5pZzNnOWR5Q3o0WDRTUXExdlBScGs0Nm1SUFpTUCsvNGdxR1hnVGJnTmk4UWpWR1BnMS81TFhmV3RCTEpmR1Nta29HUDdLbGRYaSttRmxjRXlZM1JNK2tUMzNFOEU1eHIzSU00RWZOeWJOWnQyamYvY2hnRGpMMnJjM2ZoaHJjK3pOclFYMTRMUjE3anl2d1VhUzFubGF6OWpZditSZlQ0aVRxZ2hpRFhaQT0i"},"chain":[{"parsed":{"AuthorityKeyId":"IlRpSlVJQmlWNXVOdTVnLzYrcmtTN1FZWGp6az0i","BasicConstraintsValid":true,"CABFOrganizationIdentifier":null,"CPSuri":[[],[],[],[]],"CRLDistributionPoints":["http://crl3.digicert.com/DigiCertGlobalRootG2.crl","http://crl4.digicert.com/DigiCertGlobalRootG2.crl"],"DNSNames":[],"DirectoryNames":[],"EDIPartyNames":[],"EmailAddresses":[],"ExcludedDNSNames":[],"ExcludedDirectoryNames":[],"ExcludedEdiPartyNames":[],"ExcludedEmailAddresses":[],"ExcludedIPAddresses":[],"ExcludedRegisteredIDs":[],"ExcludedURIs":[],"ExcludedX400Addresses":[],"ExplicitTexts":[[],[],[],[]],"ExtKeyUsage":[48,53],"Extensions":[{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCUjBoWURBWnNmZk45N1B2U2szcWdNZHZ1M05Gdz09Ig=="},{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGRTRpVkNBWWxlYmpidVlQK3ZxNUV1MEdGNDg1Ig=="},{"Critical":true,"Id":[2,5,29,15],"Value":"IkF3SUJoZz09Ig=="},{"Critical":false,"Id":[2,5,29,37],"Value":"Ik1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZz09Ig=="},{"Critical":true,"Id":[2,5,29,19],"Value":"Ik1BWUJBZjhDQVFBPSI="},{"Critical":false,"Id":[1,3,6,1,5,5,7,1,1],"Value":"Ik1HZ3dKQVlJS3dZQkJRVUhNQUdHR0doMGRIQTZMeTl2WTNOd0xtUnBaMmxqWlhKMExtTnZiVEJBQmdnckJnRUZCUWN3QW9ZMGFIUjBjRG92TDJOaFkyVnlkSE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzVW05dmRFY3lMbU55ZEE9PSI="},{"Critical":false,"Id":[2,5,29,31],"Value":"Ik1ISXdONkExb0RPR01XaDBkSEE2THk5amNtd3pMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVkc2IySmhiRkp2YjNSSE1pNWpjbXd3TjZBMW9ET0dNV2gwZEhBNkx5OWpjbXcwTG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRFZHNiMkpoYkZKdmIzUkhNaTVqY213PSI="},{"Critical":false,"Id":[2,5,29,32],"Value":"Ik1DY3dCd1lGWjRFTUFRRXdDQVlHWjRFTUFRSUJNQWdHQm1lQkRBRUNBakFJQmdabmdRd0JBZ009Ig=="}],"ExtensionsMap":{"1.3.6.1.5.5.7.1.1":{"Critical":false,"Id":[1,3,6,1,5,5,7,1,1],"Value":"Ik1HZ3dKQVlJS3dZQkJRVUhNQUdHR0doMGRIQTZMeTl2WTNOd0xtUnBaMmxqWlhKMExtTnZiVEJBQmdnckJnRUZCUWN3QW9ZMGFIUjBjRG92TDJOaFkyVnlkSE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzVW05dmRFY3lMbU55ZEE9PSI="},"2.5.29.14":{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCUjBoWURBWnNmZk45N1B2U2szcWdNZHZ1M05Gdz09Ig=="},"2.5.29.15":{"Critical":true,"Id":[2,5,29,15],"Value":"IkF3SUJoZz09Ig=="},"2.5.29.19":{"Critical":true,"Id":[2,5,29,19],"Value":"Ik1BWUJBZjhDQVFBPSI="},"2.5.29.31":{"Critical":false,"Id":[2,5,29,31],"Value":"Ik1ISXdONkExb0RPR01XaDBkSEE2THk5amNtd3pMbVJwWjJsalpYSjBMbU52YlM5RWFXZHBRMlZ5ZEVkc2IySmhiRkp2YjNSSE1pNWpjbXd3TjZBMW9ET0dNV2gwZEhBNkx5OWpjbXcwTG1ScFoybGpaWEowTG1OdmJTOUVhV2RwUTJWeWRFZHNiMkpoYkZKdmIzUkhNaTVqY213PSI="},"2.5.29.32":{"Critical":false,"Id":[2,5,29,32],"Value":"Ik1DY3dCd1lGWjRFTUFRRXdDQVlHWjRFTUFRSUJNQWdHQm1lQkRBRUNBakFJQmdabmdRd0JBZ009Ig=="},"2.5.29.35":{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGRTRpVkNBWWxlYmpidVlQK3ZxNUV1MEdGNDg1Ig=="},"2.5.29.37":{"Critical":false,"Id":[2,5,29,37],"Value":"Ik1CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBZz09Ig=="}},"ExtraExtensions":[],"FailedToParseNames":[],"FingerprintMD5":"InFiVjgvNG5sUFNFS25tUkkxOTBVTHc9PSI=","FingerprintNoCT":"Im80VU9NN0NzbHZ6eVhwM2t4YVJ1TU9TZHJZam5qdGFvSitqY0VUbktjVGM9Ig==","FingerprintSHA1":"IkhYTWl0Qjdabjkxb1VSdXJlR3lPSnVDREd6cz0i","FingerprintSHA256":"Ikg0NjU2YWpnWnN4Yk9EUGdhekVwZGt0aUpqblZzV1AyQU9ISGtTQy9QdTA9Ig==","IANDNSNames":[],"IANDirectoryNames":[],"IANEDIPartyNames":[],"IANEmailAddresses":[],"IANIPAddresses":[],"IANOtherNames":[],"IANRegisteredIDs":[],"IANURIs":[],"IPAddresses":[],"IsCA":true,"IsPrecert":false,"Issuer":{"Country":["US"],"Organization":["DigiCert Inc"],"OrganizationalUnit":["www.digicert.com"],"Locality":null,"Province":null,"StreetAddress":null,"PostalCode":null,"DomainComponent":null,"EmailAddress":null,"SerialNumber":"","CommonName":"DigiCert Global Root G2","SerialNumbers":null,"CommonNames":["DigiCert Global Root G2"],"GivenName":null,"Surname":null,"OrganizationIDs":null,"JurisdictionLocality":null,"JurisdictionProvince":null,"JurisdictionCountry":null,"Names":[{"type":"2.5.4.6","value":"US"},{"type":"2.5.4.10","value":"DigiCert Inc"},{"type":"2.5.4.11","value":"www.digicert.com"},{"type":"2.5.4.3","value":"DigiCert Global Root G2"}],"ExtraNames":null,"OriginalRDNS":[[{"type":"2.5.4.6","value":"US"}],[{"type":"2.5.4.10","value":"DigiCert Inc"}],[{"type":"2.5.4.11","value":"www.digicert.com"}],[{"type":"2.5.4.3","value":"DigiCert Global Root G2"}]]},"IssuerUniqueId":{"BitLength":0,"Bytes":[]},"IssuingCertificateURL":["http://cacerts.digicert.com/DigiCertGlobalRootG2.crt"],"KeyUsage":{"digital_signature":true,"certificate_sign":true,"crl_sign":true,"value":97},"MaxPathLen":0,"MaxPathLenZero":true,"NameConstraintsCritical":false,"NotAfter":"2030-09-23T23:59:59Z","NotBefore":"2020-09-24T00:00:00Z","NoticeRefNumbers":[[],[],[],[]],"NoticeRefOrgnization":[[],[],[],[]],"OCSPServer":["http://ocsp.digicert.com"],"OtherNames":[],"ParsedExplicitTexts":[[],[],[],[]],"ParsedNoticeRefOrganization":[[],[],[],[]],"PermittedDNSNames":[],"PermittedDirectoryNames":[],"PermittedEdiPartyNames":[],"PermittedEmailAddresses":[],"PermittedIPAddresses":[],"PermittedRegisteredIDs":[],"PermittedURIs":[],"PermittedX400Addresses":[],"PolicyIdentifiers":[[2,23,140,1,1],[2,23,140,1,2,1],[2,23,140,1,2,2],[2,23,140,1,2,3]],"PublicKey":{"E":65537,"N":{}},"PublicKeyAlgorithm":1,"PublicKeyAlgorithmOID":[1,2,840,113549,1,1,1],"QCStatements":null,"QualifierId":[[],[],[],[]],"Raw":"Ik1JSUU5RENDQTl5Z0F3SUJBZ0lRQ0YrVXdDMkZlK2pNRlA5VDdhSStLakFOQmdrcWhraUc5dzBCQVFzRkFEQmhNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzZDNjdVpHbG5hV05sY25RdVkyOXRNU0F3SGdZRFZRUURFeGRFYVdkcFEyVnlkQ0JIYkc5aVlXd2dVbTl2ZENCSE1qQWVGdzB5TURBNU1qUXdNREF3TURCYUZ3MHpNREE1TWpNeU16VTVOVGxhTUZreEN6QUpCZ05WQkFZVEFsVlRNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeE16QXhCZ05WQkFNVEtrUnBaMmxEWlhKMElFZHNiMkpoYkNCSE1pQlVURk1nVWxOQklGTklRVEkxTmlBeU1ESXdJRU5CTVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXozRUdKUHBydGpiKzJRVWxiRmJTZDdlaEpXaXZIMCtkYm40WSs5bGF2eVlFRVZjTnNTQVBvbkNyVlhPRnQ5c2xHVGNaVU9ha0dVV3pVYitudjZ1OFcrSkREK1Z1L0U4MzJYNHhUMUZFM0xweER5RnVxckl2QXhJaEZoYVpBbXVualpseC9qZldhcmRVU1ZjOGlzLys5ZENvcFpRK0dzc2pvUDgwajgxMnMzd1dQYzNrYlcyMFgrZlNQOWtPaFJCeDVSbzEvdFNVWlVmeXlJeGZRVG5KY1ZQQVBvb1RuY2FRd3l3YThXVjB5VVIwSjhvc2ljZmViVVRWU3ZRcG1vd1FUQ2Q1eldTT1RPRWVBcWdKbndRM0RQUDNacjBVeEpxeVJld2cyQy9VYW9xMnlUekdKU1FuV1MrSnI2WGw2eXNHSGxIeCs1ZndtWTZEMzZnMzlIYWFFQ0F3RUFBYU9DQWE0d2dnR3FNQjBHQTFVZERnUVdCQlIwaFlEQVpzZmZOOTdQdlNrM3FnTWR2dTNORnpBZkJnTlZIU01FR0RBV2dCUk9JbFFnR0pYbTQyN21EL3I2dVJMdEJoZVBPVEFPQmdOVkhROEJBZjhFQkFNQ0FZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFBd2RnWUlLd1lCQlFVSEFRRUVhakJvTUNRR0NDc0dBUVVGQnpBQmhoaG9kSFJ3T2k4dmIyTnpjQzVrYVdkcFkyVnlkQzVqYjIwd1FBWUlLd1lCQlFVSE1BS0dOR2gwZEhBNkx5OWpZV05sY25SekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JITWk1amNuUXdld1lEVlIwZkJIUXdjakEzb0RXZ000WXhhSFIwY0RvdkwyTnliRE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzVW05dmRFY3lMbU55YkRBM29EV2dNNFl4YUhSMGNEb3ZMMk55YkRRdVpHbG5hV05sY25RdVkyOXRMMFJwWjJsRFpYSjBSMnh2WW1Gc1VtOXZkRWN5TG1OeWJEQXdCZ05WSFNBRUtUQW5NQWNHQldlQkRBRUJNQWdHQm1lQkRBRUNBVEFJQmdabmdRd0JBZ0l3Q0FZR1o0RU1BUUlETUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCMWk4QThXKy8vY0Z4cml2VWg3Nnd4NWtNOWdLL1hWYWtldzQ0WWJIblQ5NnhDMzQrSXhaMjBkZlBKQ1AySy9sSHo4cDBnR2dRMXp2aTJRWG12Lzh5V1hwVFRtaDF3THFJeGkvdWx6SDlXM3hjM2w3L0JqVU9HcTR4bWZybnRpL0VQakxYVVZhOWNpWjdncHlwdHNxTmpNaGc3eTk2MW40T3pFUUdzSUEyUWx4SzNLWncxdGRlUkR1OUFiMjFjTzcyaDJmdml5eTUyUU5JNnV5eS9GZ3ZxdlFOYlRwZzZLdTBGVUFjVmt6eHpPWkdVV2tnT3h0TktBYTltT2JtOVFqUWMyd2dEODBEOEV1aXVQS3VLMWZ0eWVXU200dzVWc1R1VlA2MWdNMmVLckxhblhQRHRXbEliMUdIaEpSTG1CN1dxbExMd0tQWmhKbDVWSFBnQjYzZHgi","RawIssuer":"Ik1HRXhDekFKQmdOVkJBWVRBbFZUTVJVd0V3WURWUVFLRXd4RWFXZHBRMlZ5ZENCSmJtTXhHVEFYQmdOVkJBc1RFSGQzZHk1a2FXZHBZMlZ5ZEM1amIyMHhJREFlQmdOVkJBTVRGMFJwWjJsRFpYSjBJRWRzYjJKaGJDQlNiMjkwSUVjeSI=","RawSubject":"Ik1Ga3hDekFKQmdOVkJBWVRBbFZUTVJVd0V3WURWUVFLRXd4RWFXZHBRMlZ5ZENCSmJtTXhNekF4QmdOVkJBTVRLa1JwWjJsRFpYSjBJRWRzYjJKaGJDQkhNaUJVVEZNZ1VsTkJJRk5JUVRJMU5pQXlNREl3SUVOQk1RPT0i","RawSubjectPublicKeyInfo":"Ik1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBelBjUVlrK211Mk52N1pCU1ZzVnRKM3Q2RWxhSzhmVDUxdWZoajcyVnEvSmdRUlZ3MnhJQStpY0t0VmM0VzMyeVVaTnhsUTVxUVpSYk5SdjZlL3E3eGI0a01QNVc3OFR6ZlpmakZQVVVUY3VuRVBJVzZxc2k4REVpRVdGcGtDYTZlTm1YSCtOOVpxdDFSSlZ6eUt6LzcxMEtpbGxENGF5eU9nL3pTUHpYYXpmQlk5emVSdGJiUmY1OUkvMlE2RkVISGxHalgrMUpSbFIvTElqRjlCT2NseFU4QStpaE9keHBERExCcnhaWFRKUkhRbnlpeUp4OTV0Uk5WSzlDbWFqQkJNSjNuTlpJNU00UjRDcUFtZkJEY004L2RtdlJURW1ySkY3Q0RZTDlScWlyYkpQTVlsSkNkWkw0bXZwZVhyS3dZZVVmSDdsL0Naam9QZnFEZjBkcG9RSURBUUFCIg==","RawTBSCertificate":"Ik1JSUQzS0FEQWdFQ0FoQUlYNVRBTFlWNzZNd1UvMVB0b2o0cU1BMEdDU3FHU0liM0RRRUJDd1VBTUdFeEN6QUpCZ05WQkFZVEFsVlRNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeEdUQVhCZ05WQkFzVEVIZDNkeTVrYVdkcFkyVnlkQzVqYjIweElEQWVCZ05WQkFNVEYwUnBaMmxEWlhKMElFZHNiMkpoYkNCU2IyOTBJRWN5TUI0WERUSXdNRGt5TkRBd01EQXdNRm9YRFRNd01Ea3lNekl6TlRrMU9Wb3dXVEVMTUFrR0ExVUVCaE1DVlZNeEZUQVRCZ05WQkFvVERFUnBaMmxEWlhKMElFbHVZekV6TURFR0ExVUVBeE1xUkdsbmFVTmxjblFnUjJ4dlltRnNJRWN5SUZSTVV5QlNVMEVnVTBoQk1qVTJJREl3TWpBZ1EwRXhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXpQY1FZayttdTJOdjdaQlNWc1Z0SjN0NkVsYUs4ZlQ1MXVmaGo3MlZxL0pnUVJWdzJ4SUEraWNLdFZjNFczMnlVWk54bFE1cVFaUmJOUnY2ZS9xN3hiNGtNUDVXNzhUemZaZmpGUFVVVGN1bkVQSVc2cXNpOERFaUVXRnBrQ2E2ZU5tWEgrTjlacXQxUkpWenlLei83MTBLaWxsRDRheXlPZy96U1B6WGF6ZkJZOXplUnRiYlJmNTlJLzJRNkZFSEhsR2pYKzFKUmxSL0xJakY5Qk9jbHhVOEEraWhPZHhwRERMQnJ4WlhUSlJIUW55aXlKeDk1dFJOVks5Q21hakJCTUozbk5aSTVNNFI0Q3FBbWZCRGNNOC9kbXZSVEVtckpGN0NEWUw5UnFpcmJKUE1ZbEpDZFpMNG12cGVYckt3WWVVZkg3bC9DWmpvUGZxRGYwZHBvUUlEQVFBQm80SUJyakNDQWFvd0hRWURWUjBPQkJZRUZIU0ZnTUJteDk4MzNzKzlLVGVxQXgyKzdjMFhNQjhHQTFVZEl3UVlNQmFBRkU0aVZDQVlsZWJqYnVZUCt2cTVFdTBHRjQ4NU1BNEdBMVVkRHdFQi93UUVBd0lCaGpBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREIyQmdnckJnRUZCUWNCQVFScU1HZ3dKQVlJS3dZQkJRVUhNQUdHR0doMGRIQTZMeTl2WTNOd0xtUnBaMmxqWlhKMExtTnZiVEJBQmdnckJnRUZCUWN3QW9ZMGFIUjBjRG92TDJOaFkyVnlkSE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzVW05dmRFY3lMbU55ZERCN0JnTlZIUjhFZERCeU1EZWdOYUF6aGpGb2RIUndPaTh2WTNKc015NWthV2RwWTJWeWRDNWpiMjB2UkdsbmFVTmxjblJIYkc5aVlXeFNiMjkwUnpJdVkzSnNNRGVnTmFBemhqRm9kSFJ3T2k4dlkzSnNOQzVrYVdkcFkyVnlkQzVqYjIwdlJHbG5hVU5sY25SSGJHOWlZV3hTYjI5MFJ6SXVZM0pzTURBR0ExVWRJQVFwTUNjd0J3WUZaNEVNQVFFd0NBWUdaNEVNQVFJQk1BZ0dCbWVCREFFQ0FqQUlCZ1puZ1F3QkFnTT0i","RegisteredIDs":[],"SPKIFingerprint":"IldlYzQ1blFpRndLdkh0dUh4U0FNR2t0MTlrK3VQU3c5SmxFa3hodllQSGs9Ig==","SPKISubjectFingerprint":"Ijl6ZXFKbFNkemdIckhjTG96aG5zdG1rdlQwT2NsRzg3ZjY0TGVyczloOWM9Ig==","SelfSigned":false,"SerialNumber":{},"Signature":"ImRZdkFQRnZ2LzNCY2E0cjFJZStzTWVaRFBZQ3YxMVdwSHNPT0dHeDUwL2VzUXQrUGlNV2R0SFh6eVFqOWl2NVI4L0tkSUJvRU5jNzR0a0Y1ci8vTWxsNlUwNW9kY0M2aU1ZdjdwY3gvVnQ4WE41ZS93WTFEaHF1TVpuNjU3WXZ4RDR5MTFGV3ZYSW1lNEtjcWJiS2pZeklZTzh2ZXRaK0RzeEVCckNBTmtKY1N0eW1jTmJYWGtRN3ZRRzl0WER1OW9kbjc0c3N1ZGtEU09yc3N2eFlMNnIwRFcwNllPaXJ0QlZBSEZaTThjem1SbEZwSURzYlRTZ0d2WmptNXZVSTBITnNJQS9OQS9CTG9yanlyaXRYN2NubGtwdU1PVmJFN2xUK3RZRE5uaXF5MnAxenc3VnBTRzlSaDRTVVM1Z2UxcXBTeThDajJZU1plVlJ6NEFldDNjUT09Ig==","SignatureAlgorithm":4,"SignatureAlgorithmOID":[1,2,840,113549,1,1,11],"SignedCertificateTimestampList":[],"Subject":{"Country":["US"],"Organization":["DigiCert Inc"],"OrganizationalUnit":null,"Locality":null,"Province":null,"StreetAddress":null,"PostalCode":null,"DomainComponent":null,"EmailAddress":null,"SerialNumber":"","CommonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","SerialNumbers":null,"CommonNames":["DigiCert Global G2 TLS RSA SHA256 2020 CA1"],"GivenName":null,"Surname":null,"OrganizationIDs":null,"JurisdictionLocality":null,"JurisdictionProvince":null,"JurisdictionCountry":null,"Names":[{"type":"2.5.4.6","value":"US"},{"type":"2.5.4.10","value":"DigiCert Inc"},{"type":"2.5.4.3","value":"DigiCert Global G2 TLS RSA SHA256 2020 CA1"}],"ExtraNames":null,"OriginalRDNS":[[{"type":"2.5.4.6","value":"US"}],[{"type":"2.5.4.10","value":"DigiCert Inc"}],[{"type":"2.5.4.3","value":"DigiCert Global G2 TLS RSA SHA256 2020 CA1"}]]},"SubjectKeyId":"ImRJV0F3R2JIM3pmZXo3MHBONm9ESGI3dHpSYz0i","SubjectUniqueId":{"BitLength":0,"Bytes":[]},"TBSCertificateFingerprint":"Im80VU9NN0NzbHZ6eVhwM2t4YVJ1TU9TZHJZam5qdGFvSitqY0VUbktjVGM9Ig==","TorServiceDescriptors":[],"URIs":[],"UnhandledCriticalExtensions":[],"UnknownExtKeyUsage":[],"ValidationLevel":3,"ValidityPeriod":315532799,"Version":3},"raw":"Ik1JSUU5RENDQTl5Z0F3SUJBZ0lRQ0YrVXdDMkZlK2pNRlA5VDdhSStLakFOQmdrcWhraUc5dzBCQVFzRkFEQmhNUXN3Q1FZRFZRUUdFd0pWVXpFVk1CTUdBMVVFQ2hNTVJHbG5hVU5sY25RZ1NXNWpNUmt3RndZRFZRUUxFeEIzZDNjdVpHbG5hV05sY25RdVkyOXRNU0F3SGdZRFZRUURFeGRFYVdkcFEyVnlkQ0JIYkc5aVlXd2dVbTl2ZENCSE1qQWVGdzB5TURBNU1qUXdNREF3TURCYUZ3MHpNREE1TWpNeU16VTVOVGxhTUZreEN6QUpCZ05WQkFZVEFsVlRNUlV3RXdZRFZRUUtFd3hFYVdkcFEyVnlkQ0JKYm1NeE16QXhCZ05WQkFNVEtrUnBaMmxEWlhKMElFZHNiMkpoYkNCSE1pQlVURk1nVWxOQklGTklRVEkxTmlBeU1ESXdJRU5CTVRDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTXozRUdKUHBydGpiKzJRVWxiRmJTZDdlaEpXaXZIMCtkYm40WSs5bGF2eVlFRVZjTnNTQVBvbkNyVlhPRnQ5c2xHVGNaVU9ha0dVV3pVYitudjZ1OFcrSkREK1Z1L0U4MzJYNHhUMUZFM0xweER5RnVxckl2QXhJaEZoYVpBbXVualpseC9qZldhcmRVU1ZjOGlzLys5ZENvcFpRK0dzc2pvUDgwajgxMnMzd1dQYzNrYlcyMFgrZlNQOWtPaFJCeDVSbzEvdFNVWlVmeXlJeGZRVG5KY1ZQQVBvb1RuY2FRd3l3YThXVjB5VVIwSjhvc2ljZmViVVRWU3ZRcG1vd1FUQ2Q1eldTT1RPRWVBcWdKbndRM0RQUDNacjBVeEpxeVJld2cyQy9VYW9xMnlUekdKU1FuV1MrSnI2WGw2eXNHSGxIeCs1ZndtWTZEMzZnMzlIYWFFQ0F3RUFBYU9DQWE0d2dnR3FNQjBHQTFVZERnUVdCQlIwaFlEQVpzZmZOOTdQdlNrM3FnTWR2dTNORnpBZkJnTlZIU01FR0RBV2dCUk9JbFFnR0pYbTQyN21EL3I2dVJMdEJoZVBPVEFPQmdOVkhROEJBZjhFQkFNQ0FZWXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFBd2RnWUlLd1lCQlFVSEFRRUVhakJvTUNRR0NDc0dBUVVGQnpBQmhoaG9kSFJ3T2k4dmIyTnpjQzVrYVdkcFkyVnlkQzVqYjIwd1FBWUlLd1lCQlFVSE1BS0dOR2gwZEhBNkx5OWpZV05sY25SekxtUnBaMmxqWlhKMExtTnZiUzlFYVdkcFEyVnlkRWRzYjJKaGJGSnZiM1JITWk1amNuUXdld1lEVlIwZkJIUXdjakEzb0RXZ000WXhhSFIwY0RvdkwyTnliRE11WkdsbmFXTmxjblF1WTI5dEwwUnBaMmxEWlhKMFIyeHZZbUZzVW05dmRFY3lMbU55YkRBM29EV2dNNFl4YUhSMGNEb3ZMMk55YkRRdVpHbG5hV05sY25RdVkyOXRMMFJwWjJsRFpYSjBSMnh2WW1Gc1VtOXZkRWN5TG1OeWJEQXdCZ05WSFNBRUtUQW5NQWNHQldlQkRBRUJNQWdHQm1lQkRBRUNBVEFJQmdabmdRd0JBZ0l3Q0FZR1o0RU1BUUlETUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFCMWk4QThXKy8vY0Z4cml2VWg3Nnd4NWtNOWdLL1hWYWtldzQ0WWJIblQ5NnhDMzQrSXhaMjBkZlBKQ1AySy9sSHo4cDBnR2dRMXp2aTJRWG12Lzh5V1hwVFRtaDF3THFJeGkvdWx6SDlXM3hjM2w3L0JqVU9HcTR4bWZybnRpL0VQakxYVVZhOWNpWjdncHlwdHNxTmpNaGc3eTk2MW40T3pFUUdzSUEyUWx4SzNLWncxdGRlUkR1OUFiMjFjTzcyaDJmdml5eTUyUU5JNnV5eS9GZ3ZxdlFOYlRwZzZLdTBGVUFjVmt6eHpPWkdVV2tnT3h0TktBYTltT2JtOVFqUWMyd2dEODBEOEV1aXVQS3VLMWZ0eWVXU200dzVWc1R1VlA2MWdNMmVLckxhblhQRHRXbEliMUdIaEpSTG1CN1dxbExMd0tQWmhKbDVWSFBnQjYzZHgi"}],"validation":{"browser_error":"x509: failed to load system roots and no roots provided","browser_trusted":false}},"server_finished":{"verify_data":"IllOV3d2dUo0WVNuU0NhejQi"},"server_hello":{"cipher_suite":49195,"compression_method":0,"extended_master_secret":false,"heartbeat":false,"next_protocol_negotiation":false,"ocsp_stapling":true,"random":"Ilp0OE1iZm4rK200RW5oR3ZDckRqMjYvck5USXdtL05QUkU5WFRrZFNSQUU9Ig==","secure_renegotiation":true,"session_id":"IllodjdLVGRRZjVOWXh1Y1E5QXZuMW16VEk2NDhROVJyQVRXUHVGVS9EQjg9Ig==","ticket":false,"unknown_extensions":["IkFBc0FBZ0VBIg=="],"version":771},"server_key_exchange":{"digest":"InlxTGlGb3JYWE5tQlpPdjRKT1hVWkZ0OWJwT05hekdNOWJVM3VjOEZWVm89Ig==","ecdh_params":{"curve_id":23,"server_public":{"X":{},"Y":{}}},"signature":{"raw":"Ik1FUUNJRE0vTFRCeXIzTGQ2c0VyeStnNTY2TStSNEJHdEYxdk04eXNLNmM1bCtEcUFpQkxpdGUzNlJlZmhTTkxOZUpHSTJNaU16ZVhZVFlaaG5ZZlJoelFWSjBYL3c9PSI=","signature_and_hash_type":{"Hash":4,"Signature":3},"tls_version":771,"type":"ecdsa","valid":true}}},"heartbleed_log":{"heartbeat_enabled":false,"heartbleed_vulnerable":false}}},"duration":0.417873458,"status":"NOERROR","timestamp":"2024-09-09T10:55:41-04:00"}}}

Testing

Basic --tls Usage

$ ./zdns A google.com --tls  
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","padding":{"padding":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"},"type":"EDNS0","udpsize":1232,"version":0}],"answers":[{"answer":"142.250.190.14","class":"IN","name":"google.com","ttl":239,"type":"A"}],"protocol":"DoT","resolver":"[2606:4700:4700::1001]:853","tls_handshake":{"client_finished":{"verify_data":"ImRrbEZYQjk3WUJHNC9HV08i"},"client_key_exchange":{"ecdh_params":{"client_private":{"length":32,"value":"ImNZUmxVWG9NZ1ppbVF2S0taT0VRc1RCVXM4Mi9XdjYwc1ZSWEdYOFRtY3M9Ig=="},"client_public":{"X":{},"Y":{}},"curve_id":23}},"key_material":{"master_secret":{"length":48,"value":"ImRJYjkxZzdheUp5ang2QThQVlB1T1V3bnQ1ODJpd1VtTzcxZkJWNWZ0Zjc3WElLbExnL3RjOWZOSElZaW5ndHgi"},"pre_master_secret":{"length":32,"value":"IklHcGt0QVFxNHdTMHFvcEo0WFdkR0tneXdJOGRnN3BNN1lNSkJhMTBjcWc9Ig=="}},"server_certificates":{"certificate":{"parsed":{"AuthorityKeyId":"ImRJV0F3R2JIM3pmZXo3MHBONm9ESGI3dHpSYz0i","BasicConstraintsValid":true,"CABFOrganizationIdentifier":null,"CPSuri":[["http://www.digicert.com/CPS"]],"CRLDistributionPoints":["http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl","http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl"],"DNSNames":["cloudflare-dns.com","*.cloudflare-dns.com","one.one.one.one"],"DirectoryNames":[],"EDIPartyNames":[],"EmailAddresses":[],"ExcludedDNSNames":[],"ExcludedDirectoryNames":[],"ExcludedEdiPartyNames":[],"ExcludedEmailAddresses":[],"ExcludedIPAddresses":[],"ExcludedRegisteredIDs":[],"ExcludedURIs":[],"ExcludedX400Addresses":[],"ExplicitTexts":[[]],"ExtKeyUsage":[48,53],"Extensions":[{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGSFNGZ01CbXg5ODMzcys5S1RlcUF4Mis3YzBYIg=="},{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCVGl4RHZqOFI1NVorNVJ2ZTZxei9WNEZIazNvQT09Ig=="},

--tls with --name-servers

$ ./zdns A google.com --tls --name-servers=9.9.9.9
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":1232,"version":0}],"answers":[{"answer":"142.250.190.110","class":"IN","name":"google.com","ttl":191,"type":"A"}],"protocol":"DoT","resolver":"9.9.9.9:853",...

--tls with domain name sas --name-server

$ ./zdns A google.com --tls --name-servers="dns.quad9.net" --6
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":1232,"version":0}],"answers":[{"answer":"172.217.4.78","class":"IN","name":"google.com","ttl":191,"type":"A"}],"protocol":"DoT","resolver":"[2620:fe::fe]:853",

Basic --https Usage

$ ./zdns A google.com --https                       
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":1232,"version":0}],"answers":[{"answer":"142.250.191.238","class":"IN","name":"google.com","ttl":215,"type":"A"}],"protocol":"DoH","resolver":"cloudflare-dns.com","tls_handshake":{"handshake_log":{"client_finished":{"verify_data":"IkN6Rm0rU3NIam1DMXR3d3oi"},"client_key_exchange":{"ecdh_params":{"client_private":{"length":32,"value":"IjdEb0UzT1FZZWNUVFlSLy9jS3JndDFJaG5ENm0yaDlVb0QveXJnN0xSWk09Ig=="},"client_public":{"X":{},"Y":{}},"curve_id":23}},"key_material":{"master_secret":{"length":48,"value":"InRDdlV5cVVQSG1sSDI0QXZCMllsd2w3dzJ2dks2NmVKWXBab295TXAzY2xaS2ZSaVd1Z2praTk2ZFMveHYxYTEi"},"pre_master_secret":{"length":32,"value":"ImVkME13blJlQkFyQUNwSkp2eDFJYW9mVi9jU25DZ0sxeFRQcXNYUmNBaHM9Ig=="}},"server_certificates":{"certificate":{"parsed":{"AuthorityKeyId":"ImRJV0F3R2JIM3pmZXo3MHBONm9ESGI3dHpSYz0i","BasicConstraintsValid":true,"CABFOrganizationIdentifier":null,"CPSuri":[["http://www.digicert.com/CPS"]],"CRLDistributionPoints":["http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl","http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl"],"DNSNames":["cloudflare-dns.com","*.cloudflare-dns.com","one.one.one.one"],"DirectoryNames":[],"EDIPartyNames":[],"EmailAddresses":[],"ExcludedDNSNames":[],"ExcludedDirectoryNames":[],"ExcludedEdiPartyNames":[],"ExcludedEmailAddresses":[],"ExcludedIPAddresses":[],"ExcludedRegisteredIDs":[],"ExcludedURIs":[],"ExcludedX400Addresses":[],"ExplicitTexts":[[]],"ExtKeyUsage":[48,53],"Extensions":[{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGSFNGZ01CbXg5ODMzcys5S1RlcUF4Mis3YzBYIg=="},{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCVGl4RHZqOFI1NVorNVJ2ZTZxei9WNEZIazNvQT09Ig=="},{"Critical":false,"Id":[2,5,29,17],"Value":"Ik1JR2JnaEpqYkc5MVpHWnNZWEpsTFdSdWN5NWpiMjJDRkNvdVkyeHZkV1JtYkdGeVpTMWtibk11WTI5dGdnOXZibVV1YjI1bExtOXVaUzV2Ym1XSEJBRUFBQUdIQkFFQkFRR0hCS0tmSkFHSEJLS2ZMZ0dIRUNZR1J3QkhBQUFBQUFBQUFBQUFFQUdIRUNZR1J3QkhBQUFBQUFBQUFBQUFFUkdIRUNZR1J3QkhBQUFBQUFBQUFBQUFBR1NIRUNZR1J3QkhBQUFBQUFBQUFBQUFaQUE9Ig=="},...

Basic --https Usage, trying to use IP-only name server

$ ./zdns A google.com --name-servers=1.1.1.1 --https
FATA[0000] DoH requires domain names for all name servers, ex. --name-servers=cloudflare-dns.com,dns.google 

--https with --name-server (Quad9)

$ ./zdns A google.com --https --name-servers="dns.quad9.net"
{"name":"google.com","results":{"A":{"data":{"additionals":[{"flags":"","type":"EDNS0","udpsize":512,"version":0}],"answers":[{"answer":"142.250.190.110","class":"IN","name":"google.com","ttl":4,"type":"A"}],"protocol":"DoH","resolver":"dns.quad9.net","tls_handshake":{"handshake_log":{"client_finished":{"verify_data":"Ik4zSkZFQ0JzZC8yNFRuQmki"},"client_key_exchange":{"ecdh_params":{"client_private":{"length":32,"value":"ImZubHM0alZWdmNKekxkM2F0YndqdVh6R2ZxV0JLYjN0YnVkVDVRWDhRalE9Ig=="},"client_public":{"X":{},"Y":{}},"curve_id":23}},"key_material":{"master_secret":{"length":48,"value":"IjZHNGY3aEhTT1FCQzNEUHlLZmlZb1JJck9pT04waGo0bG5GL21Xa0RacTFUVHBWQ1dmZG5VQWt6ais0MER6cEoi"},"pre_master_secret":{"length":32,"value":"ImRpTmxWZGtJakZVV2U4bXNkOEJGbnE4L1hySjQzekVwQzJCUTV6WTNrQ3M9Ig=="}},"server_certificates":{"certificate":{"parsed":{"AuthorityKeyId":"ImlpUHJubXZYK1RkZCtXMGhPWGFhb1dmZUVLZz0i","BasicConstraintsValid":true,"CABFOrganizationIdentifier":null,"CPSuri":[["http://www.digicert.com/CPS"]],"CRLDistributionPoints":["http://crl3.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl","http://crl4.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crl"],"DNSNames":["dns.quad9.net","dns-nosec.quad9.net","doh-brave.quad9.net","dns.resolver.quad9.net","alpha-dns.quad9.net","beta-dns.quad9.net","dns9.quad9.net","dns10.quad9.net","dns11.quad9.net","dns12.quad9.net","dns13.quad9.net","dns14.quad9.net","dns15.quad9.net","dns254.quad9.net","mozilla.quad9.net"],"DirectoryNames":[],"EDIPartyNames":[],"EmailAddresses":[],"ExcludedDNSNames":[],"ExcludedDirectoryNames":[],"ExcludedEdiPartyNames":[],"ExcludedEmailAddresses":[],"ExcludedIPAddresses":[],"ExcludedRegisteredIDs":[],"ExcludedURIs":[],"ExcludedX400Addresses":[],"ExplicitTexts":[[]],"ExtKeyUsage":[48,53],"Extensions":[{"Critical":false,"Id":[2,5,29,35],"Value":"Ik1CYUFGSW9qNjU1cjEvazNYZmx0SVRsMm1xRm4zaENvIg=="},{"Critical":false,"Id":[2,5,29,14],"Value":"IkJCVGxmVUhzU2VCNmkwVlhheUd6SWIzTE94bFBiZz09Ig=="},

Current Limitations

There is currently no server certificate verification, ie. InsecureSkipVerify always is true. When I looked at zgrab2's implementation, I don't think it's performing server-cert verification either, or at least its erroring out.

MacOS

$ echo "one.one.one.one" | ./zgrab2 tls --verify-server-certificate                                     
INFO[0000] started grab at 2024-09-09T11:40:27-04:00    
{"domain":"one.one.one.one","data":{"tls":{"status":"unknown-error","protocol":"tls",
...
,"error":"x509: failed to load system roots and no roots provided"}}}

Ubuntu

a similar story

$ echo "one.one.one.one" | ./zgrab2 tls --verify-server-certificate
INFO[0000] started grab at 2024-09-09T15:42:27Z
{"domain":"one.one.one.one","data":{"tls":{"status":"unknown-error","protocol":"tls","result":{"handshake_log":{"server_hello":{"version":{"name":"TLSv1.2","value":771},"random":"Zt8XZChxnnbu8/DPDaOjf21XCPxS+OOQRE9XTkdSRAE=","session_id":"C...
"validation":{"browser_trusted":false,"browser_error":"x509: failed to load system roots and no roots provided","matches_domain":true}}}},"timestamp":"2024-09-09T15:42:27Z","error":"x509: failed to load system roots and no roots provided"}}}

Perhaps there's an issue in ZCrypto, but either way I feel that can be added separately.