From f1a3968a01f2d76fff3d1b677aaefc752661c448 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 20 May 2019 11:09:02 +0200
Subject: [PATCH] tls: expose built-in root certificates

Fixes: https://github.com/nodejs/node/issues/25824
PR-URL: https://github.com/nodejs/node/pull/26415
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
---
 doc/api/tls.md                              |  13 +
 lib/tls.js                                  |  22 +-
 src/node_crypto.cc                          |  20 ++
 src/node_root_certs.h                       | 280 ++++++++++----------
 test/parallel/test-tls-root-certificates.js |  31 +++
 tools/mk-ca-bundle.pl                       |   2 +-
 6 files changed, 225 insertions(+), 143 deletions(-)
 create mode 100644 test/parallel/test-tls-root-certificates.js

diff --git a/doc/api/tls.md b/doc/api/tls.md
index 23c9b3fb3753c3..d4c795bb3da4e1 100644
--- a/doc/api/tls.md
+++ b/doc/api/tls.md
@@ -1384,6 +1384,7 @@ changes:
     provided.
     For PEM encoded certificates, supported types are "TRUSTED CERTIFICATE",
     "X509 CERTIFICATE", and "CERTIFICATE".
+    See also [`tls.rootCertificates`].
   * `cert` {string|string[]|Buffer|Buffer[]} Cert chains in PEM format. One cert
     chain should be provided per private key. Each cert chain should consist of
     the PEM formatted certificate for a provided private `key`, followed by the
@@ -1599,6 +1600,17 @@ TLSv1.2 and below.
 console.log(tls.getCiphers()); // ['aes128-gcm-sha256', 'aes128-sha', ...]
 ```
 
+## tls.rootCertificates
+<!-- YAML
+added: REPLACEME
+-->
+
+* {string[]}
+
+An immutable array of strings representing the root certificates (in PEM format)
+used for verifying peer certificates. This is the default value of the `ca`
+option to [`tls.createSecureContext()`].
+
 ## tls.DEFAULT_ECDH_CURVE
 <!-- YAML
 added: v0.11.13
@@ -1784,6 +1796,7 @@ where `secureSocket` has the same API as `pair.cleartext`.
 [`tls.createSecurePair()`]: #tls_tls_createsecurepair_context_isserver_requestcert_rejectunauthorized_options
 [`tls.createServer()`]: #tls_tls_createserver_options_secureconnectionlistener
 [`tls.getCiphers()`]: #tls_tls_getciphers
+[`tls.rootCertificates`]: #tls_tls_rootcertificates
 [Chrome's 'modern cryptography' setting]: https://www.chromium.org/Home/chromium-security/education/tls#TOC-Cipher-Suites
 [DHE]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
 [ECDHE]: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie%E2%80%93Hellman
diff --git a/lib/tls.js b/lib/tls.js
index fa247411f39aa5..7eaa76cecedbea 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -21,6 +21,8 @@
 
 'use strict';
 
+const { Object } = primordials;
+
 const {
   ERR_TLS_CERT_ALTNAME_INVALID,
   ERR_OUT_OF_RANGE
@@ -33,7 +35,7 @@ const { isArrayBufferView } = require('internal/util/types');
 const net = require('net');
 const { getOptionValue } = require('internal/options');
 const url = require('url');
-const binding = internalBinding('crypto');
+const { getRootCertificates, getSSLCiphers } = internalBinding('crypto');
 const { Buffer } = require('buffer');
 const EventEmitter = require('events');
 const { URL } = require('internal/url');
@@ -76,9 +78,25 @@ else
 
 
 exports.getCiphers = internalUtil.cachedResult(
-  () => internalUtil.filterDuplicateStrings(binding.getSSLCiphers(), true)
+  () => internalUtil.filterDuplicateStrings(getSSLCiphers(), true)
 );
 
+let rootCertificates;
+
+function cacheRootCertificates() {
+  rootCertificates = Object.freeze(getRootCertificates());
+}
+
+Object.defineProperty(exports, 'rootCertificates', {
+  configurable: false,
+  enumerable: true,
+  get: () => {
+    // Out-of-line caching to promote inlining the getter.
+    if (!rootCertificates) cacheRootCertificates();
+    return rootCertificates;
+  },
+});
+
 // Convert protocols array into valid OpenSSL protocols list
 // ("\x06spdy/2\x08http/1.1\x08http/1.0")
 function convertProtocols(protocols) {
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index dce16b8d4e4006..bbb07e5b48b4a2 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -944,6 +944,24 @@ static X509_STORE* NewRootCertStore() {
 }
 
 
+void GetRootCertificates(const FunctionCallbackInfo<Value>& args) {
+  Environment* env = Environment::GetCurrent(args);
+  Local<Array> result = Array::New(env->isolate(), arraysize(root_certs));
+
+  for (size_t i = 0; i < arraysize(root_certs); i++) {
+    Local<Value> value;
+    if (!String::NewFromOneByte(env->isolate(),
+                                reinterpret_cast<const uint8_t*>(root_certs[i]),
+                                NewStringType::kNormal).ToLocal(&value) ||
+        !result->Set(env->context(), i, value).FromMaybe(false)) {
+      return;
+    }
+  }
+
+  args.GetReturnValue().Set(result);
+}
+
+
 void SecureContext::AddCACert(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
 
@@ -6870,6 +6888,8 @@ void Initialize(Local<Object> target,
   env->SetMethodNoSideEffect(target, "certVerifySpkac", VerifySpkac);
   env->SetMethodNoSideEffect(target, "certExportPublicKey", ExportPublicKey);
   env->SetMethodNoSideEffect(target, "certExportChallenge", ExportChallenge);
+  env->SetMethodNoSideEffect(target, "getRootCertificates",
+                             GetRootCertificates);
   // Exposed for testing purposes only.
   env->SetMethodNoSideEffect(target, "isExtraRootCertsFileLoaded",
                              IsExtraRootCertsFileLoaded);
diff --git a/src/node_root_certs.h b/src/node_root_certs.h
index 3ab7667bc95d03..b6b05c47e1e547 100644
--- a/src/node_root_certs.h
+++ b/src/node_root_certs.h
@@ -19,7 +19,7 @@
 "LhJIZJrglfCm7ymPAbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr\n"
 "+WymXUadDKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME\n"
 "HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GlobalSign Root CA - R2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -41,7 +41,7 @@
 "LenVOavSot+3i9DAgBkcRcAtjOj4LaR0VknFBbVPFd5uRHg5h6h+u/N5GJG79G+dwfCMNYxd\n"
 "AfvDbbnvRG15RjF+Cv6pgsH/76tuIMRQyV+dTZsXjAzlAcmgQWpzU/qlULRuJQ/7TBj0/VLZ\n"
 "jmmx6BEP3ojY+x1J96relc8geMJgEtslQIxq/H5COEBkEveegeGTLg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Verisign Class 3 Public Primary Certification Authority - G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -65,7 +65,7 @@
 "sB49Ndo4YhYYSq3mtlFs3q9i6wHQHiT+eo8SGhJouPtmmRQURVyu565pF4ErWjfJXir0xuKh\n"
 "XFSbplQAz/DxwceYMBo7Nhbbo27q/a2ywtrvAkcTisDxszGtTxzhT5yvDwyd93gN2PQ1VoDa\n"
 "t20Xj50egWTh/sVFuq1ruQp6Tk9LhO5L8X3dEQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Entrust.net Premium 2048 Secure Server CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -89,7 +89,7 @@
 "BAlahLVu2B064dae0Wx5XnkcFMXj0EyTO2U87d89vqbllRrDtRnDvV5bu/8j72gZyxKTJ1wD\n"
 "LW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+bYQLCIt+jerXmCHG8+c8eS9e\n"
 "nNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/ErfF6adulZkMV8gzURZVE=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Baltimore CyberTrust Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -110,7 +110,7 @@
 "NzkE1akxehi/oCr0Epn3o0WC4zxe9Z2etciefC7IpJ5OCBRLbf1wbWsaY71k5h+3zvDyny67\n"
 "G7fyUIhzksLi4xaNmjICq44Y3ekQEe5+NauQrz4wlHrQMz2nZQ/1/I6eYs9HRCwBXbsdtTLS\n"
 "R9I4LtD+gdwyah617jzV/OeBHRnDJELqYzmp\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AddTrust External Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -135,7 +135,7 @@
 "DUCrat2PisP29owaQgVR1EX1n6diIWgVIEM8med8vSTYqZEXc4g/VhsxOBi0cQ+azcgOno4u\n"
 "G+GMmIPLHzHxREzGBHNJdmAPx/i9F4BrLunMTA5amnkPIAou1Z5jJh5VkpTYghdae9C8x49O\n"
 "hgQ=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Entrust Root Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -161,7 +161,7 @@
 "v52Vr2ua2J7p8eRDjeIRRDq/r72DQnNSi6q7pynP9WQcCk3RvKqsnyrQ/39/2n3qse0wJcGE\n"
 "2jTSW3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPc\n"
 "j2A781q0tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Global CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -181,7 +181,7 @@
 "EVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQd\n"
 "tqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeX\n"
 "xx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Universal CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -211,7 +211,7 @@
 "MBmhLMi9ER/frslKxfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQt\n"
 "DF4JbAiXfKM9fJP/P6EUp8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6\n"
 "ZKy7PtXny3YuxadIwVyQD8vIP/rmMuGNG2+k5o7Y+SlIis5z/iw=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Universal CA 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -241,7 +241,7 @@
 "x7InQJJVOCiNUW7dFGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH\n"
 "6aLcr34YEoP9VhdBLtUpgn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSL\n"
 "akhT2+zNVVXxxvjpoixMptEmX36vWkzaH6byHCx+rgIW0lbQL1dTR+iS\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Comodo AAA Services root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -265,7 +265,7 @@
 "w8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z8VlI\n"
 "MCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C\n"
 "12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -297,7 +297,7 @@
 "/QKZnAzNCgVPx7uOpHX6Sm2xgI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsT\n"
 "IlG6Rmyhu576BGxJJnSP0nPrzDCi5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJD\n"
 "Wl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi5nrQNiOKSnQ2+Q==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -329,7 +329,7 @@
 "hhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO\n"
 "1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAF\n"
 "ZdWCEOrCMc0u\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA 3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -365,7 +365,7 @@
 "j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91pvGJHvOB0K7Lrfb5BG7XARsWhIstfTsEo\n"
 "kt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbrqZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7\n"
 "zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Security Communication Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -385,7 +385,7 @@
 "aEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJs58+OmJYxUmtYg5xpTKq\n"
 "L8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ6rBK+1YWc26sTfci\n"
 "oU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAiFL39vmwLAw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Sonera Class 2 Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -404,7 +404,7 @@
 "F4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavphOe9r5yF1BgfYErQhIHBCcYHa\n"
 "PJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSxEtzKO6gunRRaBXW37Ndj\n"
 "4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLHllpwrN9M\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* XRamp Global CA Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -428,7 +428,7 @@
 "zgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8nnxCb\n"
 "HIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz\n"
 "8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Go Daddy Class 2 CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -452,7 +452,7 @@
 "xA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VILs9R\n"
 "aRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b\n"
 "vZ8=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Starfield Class 2 CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -476,7 +476,7 @@
 "U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJDKVtH\n"
 "CN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3\n"
 "QBFGmh95DmK/D5fs4C8fF5Q=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Taiwan GRCA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -506,7 +506,7 @@
 "r/ayl4WXudpVBrkk7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44Vbnz\n"
 "ssQwmSNOXfJIoRIM3BKQCZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v\n"
 "3Aun+kbfYNucpllQdSNpc5Oy+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Assured ID Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -528,7 +528,7 @@
 "fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i8b5QZ7dsvfPx\n"
 "H2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe+o0bJW1s\n"
 "j6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Global Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -550,7 +550,7 @@
 "I+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\n"
 "YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQkCAUw7C29\n"
 "C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert High Assurance EV Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -572,7 +572,7 @@
 "MWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\n"
 "Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCevEsXCS+0\n"
 "yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certplus Class 2 Primary CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -593,7 +593,7 @@
 "lZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+7UCmnYR0ObncHoUW\n"
 "2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW//1IMwrh3KWB\n"
 "kJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7l7+ijrRU\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DST Root CA X3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -613,7 +613,7 @@
 "bumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir\n"
 "/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06Xyx\n"
 "V3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SwissSign Gold CA - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -645,7 +645,7 @@
 "2mqeSz53OiATIgHQv2ieY2BrNU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/Y\n"
 "YPIvSbjkQuE4NRb0yG5P94FW6LqjviOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkk\n"
 "W8mw0FfB+j564ZfJ\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SwissSign Silver CA - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -677,7 +677,7 @@
 "MC/HpeZBoNquBYeaoKRlbEwJDIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI\n"
 "4NSA5QC9qvNOBqN6avlicuMJT+ubDgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s\n"
 "5Aq7KkzrCWA5zspi2C5u\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Primary Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -698,7 +698,7 @@
 "2sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJly\n"
 "c1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU\n"
 "AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* thawte Primary Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -722,7 +722,7 @@
 "cvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89jxt5\n"
 "dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH\n"
 "z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* VeriSign Class 3 Public Primary Certification Authority - G5 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -749,7 +749,7 @@
 "7qKEKQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMt\n"
 "EMze/aiCKm0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7\n"
 "MzVIcbidJ4vEZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SecureTrust CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -771,7 +771,7 @@
 "rp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZnMUFdAvnZyPS\n"
 "CPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR3ItHuuG5\n"
 "1WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Secure Global CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -793,7 +793,7 @@
 "P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/53CYNv6ZHdAbY\n"
 "iNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xcf8LDmBxr\n"
 "ThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* COMODO Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -817,7 +817,7 @@
 "lgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmcIGfE\n"
 "7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN\n"
 "+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Network Solutions Certificate Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -840,7 +840,7 @@
 "/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3HtvwKeI8lN3\n"
 "s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxDydi8\n"
 "NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* COMODO ECC Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -857,7 +857,7 @@
 "hkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VGFAkK+qDmfQjGGoe9GKhzvSbKYAydzpmf\n"
 "z1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeAU/7dIOA1mjbRxwG55tzd8/8dLDoW\n"
 "V9mSOdY=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* OISTE WISeKey Global Root GA CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -880,7 +880,7 @@
 "vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXahNVQA7bi\n"
 "hKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEYokxS\n"
 "dsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certigna */
 "-----BEGIN CERTIFICATE-----\n"
@@ -902,7 +902,7 @@
 "cEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY1gkIl2PlwS6w\n"
 "t0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/QwWyH8EZE0\n"
 "vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Deutsche Telekom Root CA 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -924,7 +924,7 @@
 "zTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4Gdyd1Lx+4ivn+\n"
 "xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mUCm26OWMo\n"
 "hpLzGITY+9HPBVZkVw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Cybertrust Global Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -946,7 +946,7 @@
 "v+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+TX3EJIrduPuoc\n"
 "A06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jWWL1WMRJO\n"
 "Ecgh4LMRkWXbtKaIOM5V\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* ePKI Root Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -978,7 +978,7 @@
 "6pSe3VkQw63d4k3jMdXH7OjysP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yI\n"
 "VMUWbuF6aC74Or8NpDyJO3inTmODBCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4\n"
 "EZw=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* certSIGN ROOT CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -998,7 +998,7 @@
 "afcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIltvBTjD4au8as+x6AJzKNI\n"
 "0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7NzTogVZ96edhBiIL5V\n"
 "aZVDADlN9u6wWk5JRFRYX0KD\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Primary Certification Authority - G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1021,7 +1021,7 @@
 "kv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGDAWh9jUGh\n"
 "lBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33st/3L\n"
 "jWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* thawte Primary Root CA - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1038,7 +1038,7 @@
 "zj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUNG4k8VIZ3KMqh9HneteY4sPBlcIx/AlTC\n"
 "v//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3Krr0TKUQNJ1uo52icEvdYPy5yAlej\n"
 "j6EULg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* thawte Primary Root CA - G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1062,7 +1062,7 @@
 "nBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC8rZc\n"
 "JwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm\n"
 "er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GeoTrust Primary Certification Authority - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1079,7 +1079,7 @@
 "AQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSW\n"
 "WaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7mndwxHLKgpxgceeHHNgIwOlavmnRs\n"
 "9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2npaqBA+K\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* VeriSign Universal Root Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1106,7 +1106,7 @@
 "YtTxP/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tew\n"
 "XDpPaj+PwGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WI\n"
 "g0vvBZIGcfK4mJO37M2CYfE45k+XmCpajQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* VeriSign Class 3 Public Primary Certification Authority - G4 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1127,7 +1127,7 @@
 "HQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMDA2gAMGUCMGYhDBgm\n"
 "YFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIxAJw9SDkjOVga\n"
 "FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* NetLock Arany (Class Gold) Főtanúsítvány */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1151,7 +1151,7 @@
 "WzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5KfnaNwUA\n"
 "SZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu\n"
 "dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Staat der Nederlanden Root CA - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1183,7 +1183,7 @@
 "V4pAWja63XVECDdCcAz+3F4hoKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXq\n"
 "ZVUz9zkQxSgqIXobisQk+T8VyJoVIPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOL\n"
 "nR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm66+KAQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Hongkong Post Root CA 1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1203,7 +1203,7 @@
 "IDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88psT/oROhUVRsPNH4NbLUES\n"
 "7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilTc4afU9hDDl3WY4Jx\n"
 "HYB0yvbiAmvZWg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SecureSign RootCA11 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1224,7 +1224,7 @@
 "ga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01y8hSyn+B/tlr0/cR\n"
 "7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061lgeLKBObjBmN\n"
 "QSdJQO7e5iNEOdyhIta6A/I=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Microsec e-Szigno Root CA 2009 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1248,7 +1248,7 @@
 "VnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02yULy\n"
 "Mtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi\n"
 "LXpUq3DDfSJlgnCW\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GlobalSign Root CA - R3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1269,7 +1269,7 @@
 "095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJr\n"
 "lAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH\n"
 "WD9f\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Autoridad de Certificacion Firmaprofesional CIF A62634068 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1302,7 +1302,7 @@
 "NEeyrPsiBsse3RdHHF9mudMaotoRsaS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhr\n"
 "JKyXWERHrVkY8SFlcN7ONGCoQPHzPKTDKCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIyS\n"
 "xZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi6Et8Vcad+qMUu2WFbm5PEn4KPJ2V\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Izenpe.com */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1335,7 +1335,7 @@
 "pR9GTnfQXeWBIiGH/pR9hNiTrdZoQ0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6i\n"
 "SNnpn86CcDaTmjvfliHjWbcM2pE38P1ZWrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE4\n"
 "1V4tC5h9Pmzb/CaIxw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Chambers of Commerce Root - 2008 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1374,7 +1374,7 @@
 "jktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvGnrDQWzilm1DefhiYtUU7\n"
 "9nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRgOGcEMeyP84LG3rlV\n"
 "8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Global Chambersign Root - 2008 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1413,7 +1413,7 @@
 "M0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVqc5iJWzouE4gev8CSlDQb\n"
 "4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z09gwzxMNTxXJhLyn\n"
 "SC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Go Daddy Root Certificate Authority - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1435,7 +1435,7 @@
 "kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo\n"
 "2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPOLPAvTK33\n"
 "sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Starfield Root Certificate Authority - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1458,7 +1458,7 @@
 "8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/KpL/QlwVK\n"
 "vOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZc2T5\n"
 "NnReJaH1ZgUufzkVqSr7UIuOhWn0\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Starfield Services Root Certificate Authority - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1481,7 +1481,7 @@
 "qwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkdiEDPfUYd\n"
 "/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jzaYyWf\n"
 "/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AffirmTrust Commercial */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1501,7 +1501,7 @@
 "ADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv0wqiUOP2O+guRMLbZjip\n"
 "M1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0khsUlHRUe072o0EclN\n"
 "msxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AffirmTrust Networking */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1521,7 +1521,7 @@
 "3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23WJZa3W3SAKD0m0i+wzek\n"
 "ujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9/ZFvgrG+CJPbFEfx\n"
 "ojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AffirmTrust Premium */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1551,7 +1551,7 @@
 "qzWaVYa8GKa1qF60g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaO\n"
 "RtGdFNrHF+QFlozEJLUbzxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAlo\n"
 "GRwYQw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AffirmTrust Premium ECC */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1565,7 +1565,7 @@
 "AQH/MA4GA1UdDwEB/wQEAwIBBjAKBggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/Vs\n"
 "aobgxCd05DhT1wV/GzTjxi+zygk8N53X57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9C\n"
 "a/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKMeQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certum Trusted Network CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1587,7 +1587,7 @@
 "94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5ajZt3hrvJBW8qY\n"
 "VoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI03YnnZot\n"
 "BqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TWCA Root Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1608,7 +1608,7 @@
 "umlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVYT0bf+215WfKEIlKu\n"
 "D8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocnyYh0igzyXxfkZ\n"
 "YiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Security Communication RootCA2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1629,7 +1629,7 @@
 "9ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6qtnRGEmyR7jTV7JqR\n"
 "50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29mvVXIwAHIRc/\n"
 "SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* EC-ACC */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1659,7 +1659,7 @@
 "boMMPOhyRp/7SNVel+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOS\n"
 "Agu+TGbrIP65y7WZf+a2E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6\n"
 "Un/10asIbvPuW/mIPX64b24D5EI=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Hellenic Academic and Research Institutions RootCA 2011 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1683,7 +1683,7 @@
 "nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD/md9\n"
 "zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N\n"
 "7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Actalis Authentication Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1715,7 +1715,7 @@
 "kn5l/9Mt4blOvH+kQSGQQXemOR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDz\n"
 "zFhdFPFqSBX/wge2sY0PjlxQRrM9vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7y\n"
 "FIrM6bV8+2ydDKXhlg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Trustis FPS Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1736,7 +1736,7 @@
 "PBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHVl/9D7S3B2l0pKoU/\n"
 "rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYliB6XzCGcKQEN\n"
 "ZetX2fNXlrtIzYE=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Buypass Class 2 Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1766,7 +1766,7 @@
 "beaP4NK75t98biGCwWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h\n"
 "3PFaTWwyI0PurKju7koSCTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv\n"
 "4x3kqdbQCtCev9eBCfHJxyYNrJgWVqA=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Buypass Class 3 Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1796,7 +1796,7 @@
 "cEQNtg413OEMXbugUZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvD\n"
 "u79leNKGef9JOxqDDPDeeOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN\n"
 "12TyUb7mqqta6THuBrxzvxNiCp/HuZc=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* T-TeleSec GlobalRoot Class 3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1818,7 +1818,7 @@
 "vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT\n"
 "91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuImle9eiPZaG\n"
 "zPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* EE Certification Centre Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1842,7 +1842,7 @@
 "EYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU3j2L\n"
 "rTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM\n"
 "dcGWxZ0=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* D-TRUST Root Class 3 CA 2 2009 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1866,7 +1866,7 @@
 "Aqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEVdT1B\n"
 "/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph\n"
 "X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* D-TRUST Root Class 3 CA 2 EV 2009 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1891,7 +1891,7 @@
 "2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA\n"
 "NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjm\n"
 "JuVvw9y4AyHqnxbxLFS1\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* CA Disig Root R2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1921,7 +1921,7 @@
 "boE+18DrG5gPcFw0sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3Os\n"
 "zMOl6W8KjptlwlCFtaOgUxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3v\n"
 "QCj8KWefshNPZiTEUxnpHikV7+ZtsH8tZ/3zbBt1RqPlShfppNcL\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* ACCVRAIZ1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1963,7 +1963,7 @@
 "gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd3djDJ9ew\n"
 "+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3pEfbR\n"
 "D0tVNEYqi4Y7\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TWCA Global Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -1992,7 +1992,7 @@
 "iI7E8UuDEq3mi4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZz\n"
 "JBPqpK5jwa19hAM8EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWz\n"
 "aGHQRiapIVJpLesux+t3zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TeliaSonera Root CA v1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2021,7 +2021,7 @@
 "mz1wHiRszYd2qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfuj\n"
 "uLpwQMcnHL/EVlP6Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVx\n"
 "SK236thZiNSQvxaz2emsWWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* E-Tugra Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2055,7 +2055,7 @@
 "wKcMhcWQ9DstliaxLL5Mq+ux0orJ23gTDx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186\n"
 "zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q08ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9\n"
 "I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0GC7TbO6Orb1wdtn7os4I07QZcJA==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* T-TeleSec GlobalRoot Class 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2077,7 +2077,7 @@
 "fsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6\n"
 "g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN9noHV8ci\n"
 "gwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Atos TrustedRoot 2011 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2098,7 +2098,7 @@
 "OLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a961qn8FYiqTxlVMYV\n"
 "qL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G3mB/ufNPRJLv\n"
 "KrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA 1 G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2128,7 +2128,7 @@
 "vdbJWqNjZgKAvQU6O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhp\n"
 "q1467HxpvMc7hU6eFbm0FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwS\n"
 "tIsPm6Ik8KaN1nrgS7ZklmOVhMJKzRwuJIczYOXD\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA 2 G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2158,7 +2158,7 @@
 "IdsPNWNgKCLjsZWDzYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeM\n"
 "HVOyToV7BjjHLPj4sHKNJeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0Z\n"
 "iC3oheGe7IUIarFsNMkd7EgrO3jtZsSOeWmD3n+M\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* QuoVadis Root CA 3 G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2188,7 +2188,7 @@
 "6QrG2vd+DhcI00iX0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HN\n"
 "PlopNLk9hM6xZdRZkZFWdSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDY\n"
 "WGWVjUTR939+J399roD1B0y2PpxxVJkES/1Y+Zj0\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Assured ID Root G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2210,7 +2210,7 @@
 "CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0MjomZmWzwPDCv\n"
 "ON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwoIhNzbM8m\n"
 "9Yop5w==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Assured ID Root G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2225,7 +2225,7 @@
 "BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBk\n"
 "AjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2\n"
 "U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv6pZjamVFkpUBtA==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Global Root G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2246,7 +2246,7 @@
 "L7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUT\n"
 "Fy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe\n"
 "pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTflMrY=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Global Root G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2261,7 +2261,7 @@
 "BgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNpYim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/\n"
 "EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q\n"
 "3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34VOKa5Vt8sycX\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* DigiCert Trusted Root G4 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2292,7 +2292,7 @@
 "r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIVi\n"
 "HTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq\n"
 "6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* COMODO RSA Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2324,7 +2324,7 @@
 "QHDBw7mh3aZw4gSzQbzpgJHqZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN\n"
 "/4fy3ryM7xfft0kL0fJuMAsaDk527RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog\n"
 "88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHBNVOFBkpdn627G190\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* USERTrust RSA Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2356,7 +2356,7 @@
 "9ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnu\n"
 "Wih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1\n"
 "cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfGjjxDah2nGN59PRbxYvnKkKj9\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* USERTrust ECC Certification Authority */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2373,7 +2373,7 @@
 "/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBBHU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpk\n"
 "ue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu9YO6bVi9JNlWSOrvxKJGgYhqOkbR\n"
 "qZtNyWHa0V1Xahg=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GlobalSign ECC Root CA - R4 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2386,7 +2386,7 @@
 "P6jUuc6MHaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n"
 "FFSwe61FuOJAf/sKbvu+M8k8o4TVMAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGX\n"
 "kPoUVy0D7O48027KqGx2vKLeuwIgJ6iFJzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GlobalSign ECC Root CA - R5 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2401,7 +2401,7 @@
 "KoZIzj0EAwMDaAAwZQIxAOVpEslu28YxuglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguD\n"
 "nFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL\n"
 "+SvzZpA3\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Staat der Nederlanden Root CA - G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2431,7 +2431,7 @@
 "KL59NVzq4BZ+Extq1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR\n"
 "1VmiiXTTn74eS9fGbbeIJG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U6\n"
 "7cjF68IeHRaVesd+QnGTbksVtzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Staat der Nederlanden EV Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2461,7 +2461,7 @@
 "uTaPPoIaGl6I6lD4WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeL\n"
 "eG9QgkRQP2YGiqtDhFZKDyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB\n"
 "4IMeDExNH08GGeL5qPQ6gqGyeUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* IdenTrust Commercial Root CA 1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2491,7 +2491,7 @@
 "gXjtw+hG4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ\n"
 "mUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgG\n"
 "pRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* IdenTrust Public Sector Root CA 1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2521,7 +2521,7 @@
 "cXR5f1GJtshquDDIajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhA\n"
 "GaQdp/lLQzfcaFpPz+vCZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXws\n"
 "BOxonbRJRBD0ckscZOf85muQ3Wl9af0AVqW3rLatt8o+Ae+c\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Entrust Root Certification Authority - G2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2546,7 +2546,7 @@
 "msQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+\n"
 "vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ\n"
 "19xOe4pIb4tF9g==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Entrust Root Certification Authority - EC1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2565,7 +2565,7 @@
 "MAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3hvxGU0QOIdeSNiaSKd0bebWHv\n"
 "AvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8kmhtc9hvJqwhAriZtyZB\n"
 "WyVgrtBIGu4G\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* CFCA EV ROOT */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2596,7 +2596,7 @@
 "/v5WOaHIz16eGWRGENoXkbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV\n"
 "2lZFA4gKn2fQ1XmxqI1AbQ3CekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UC\n"
 "Kc2Jo5YPSjXnTkLAdc0Hz+Ys63su\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certinomis - Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2627,7 +2627,7 @@
 "Y/M50n92Uaf0yKHxDHYiI0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ8ow7bkrH\n"
 "xuaAKzyBvBGAFhAn1/DNP3nMcyrDflOR1m749fPH0FFNjkulW+YZFzvWgQncItzujrnEj1Ph\n"
 "Z7szuIgVRs/taTX/dQ1G885x4cVrhkIGuUE=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* OISTE WISeKey Global Root GB CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2649,7 +2649,7 @@
 "wLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEuiHZeeevJuQHHf\n"
 "aPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02IcNc1MaRVU\n"
 "GpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SZAFIR ROOT CA2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2670,7 +2670,7 @@
 "v5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul4+vJhaAlIDf7js4M\n"
 "NIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6+/NNIxuZMzSg\n"
 "LvWpCz/UXeHPhJ/iGcJfitYgHuNztw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certum Trusted Network CA 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2702,7 +2702,7 @@
 "d82Kkhehnlt4Fj1F4jNy3eFmypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXa\n"
 "QHXyxKcZb55CEJh15pWLYLztxRLXis7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlF\n"
 "w5Khchf8R7agCyzxxN5DaAhqXzvwdmP7zAYspsbiDrW5viSP\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Hellenic Academic and Research Institutions RootCA 2015 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2735,7 +2735,7 @@
 "qk+iGxI9FghAD/FGTNeqewjBCvVtJ94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoX\n"
 "xdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGaJI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODf\n"
 "qiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9qp/UsQu0yrbYhnr68\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Hellenic Academic and Research Institutions ECC RootCA 2015 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2753,7 +2753,7 @@
 "MAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTAGiecMjvAwNW6qef4BENThe5SId6d\n"
 "9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjndc5FZXIhF8siQQ6ME5g4mlRt\n"
 "m8rifOoCWCKR\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* ISRG Root X1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2783,7 +2783,7 @@
 "qKOJ2qxq4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\n"
 "mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcY\n"
 "xn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* AC RAIZ FNMT-RCM */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2814,7 +2814,7 @@
 "9kiABdcPUXmsEKvU7ANm5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9ba\n"
 "RRmW1FMdW4R58MD3R++Lj8UGrp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViA\n"
 "qhOLUTpPSPaLtrM=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Amazon Root CA 1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2834,7 +2834,7 @@
 "8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJc\n"
 "JmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeX\n"
 "eGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Amazon Root CA 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2863,7 +2863,7 @@
 "9Kr5v2c69BoVYh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG\n"
 "6lzWE7OE76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H\n"
 "9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Amazon Root CA 3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2876,7 +2876,7 @@
 "MB0GA1UdDgQWBBSrttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWS\n"
 "oxe3jfkrBqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM\n"
 "YyRIHN8wfdVoOw==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Amazon Root CA 4 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2890,7 +2890,7 @@
 "84ZtV+WBMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw\n"
 "CkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJ\n"
 "ElMzrdfkviT8tQp21KW8EA==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* LuxTrust Global Root 2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2922,7 +2922,7 @@
 "WjLtR5EWDrw4wVDej8oqkDQc7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBN\n"
 "vUJO/3jaJMobtNeWOWyu8Q6qp31IiyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2\n"
 "KuGUaJPHZnJED4AhMmwlxyOAgwrr\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2947,7 +2947,7 @@
 "T8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R\n"
 "e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X\n"
 "8W0jq5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GDCA TrustAUTH R5 ROOT */
 "-----BEGIN CERTIFICATE-----\n"
@@ -2978,7 +2978,7 @@
 "XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0L\n"
 "cIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3M\n"
 "boPoDKi3QWwH3b08hpcv0g==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TrustCor RootCert CA-1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3002,7 +3002,7 @@
 "7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6CqFqT\n"
 "vsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P\n"
 "3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TrustCor RootCert CA-2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3036,7 +3036,7 @@
 "MDvd1GpUk74aTfOTlPf8hAs/hCBcNANExdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimT\n"
 "HpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeXRKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUou\n"
 "wpaYT05KnJe32x+SMsj/D1Fu1uwJ\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* TrustCor ECA-1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3060,7 +3060,7 @@
 "ldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0XsJ5F9\n"
 "5yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC\n"
 "jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SSL.com Root Certification Authority RSA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3092,7 +3092,7 @@
 "BjSWFupwWRoyeXkLtoh/D1JIPb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh\n"
 "1foQC5ichucmj87w7G6KVwuA406ywKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpB\n"
 "C8TTi2EbvPofkSvXRAdeuims2cXp71NIWuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SSL.com Root Certification Authority ECC */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3109,7 +3109,7 @@
 "MAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCWe+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D\n"
 "5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z5Wajs6O7pdWLjwkspl1+4vAHCGht\n"
 "0nxpbl/f5Wpl\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SSL.com EV Root Certification Authority RSA R2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3142,7 +3142,7 @@
 "kmmQYRzelYB0VI8YHMPzA9C/pEN1hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2K\n"
 "i+3wApRmLER/y5UnlhetCTCstnEXbosX9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FF\n"
 "Y6GsdqnC+w==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* SSL.com EV Root Certification Authority ECC */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3159,7 +3159,7 @@
 "BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJN+vp1RPZytRrJPOwPYdGWBrssd9v+1a6\n"
 "cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mmm7I1HrrW9zzRHM76JTymGoEVW/MS\n"
 "D2zuZYrJh6j5B+BimoxcSg==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GlobalSign Root CA - R6 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3190,7 +3190,7 @@
 "JJUEeKgDu+6B5dpffItKoZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+L\n"
 "LUNS60YMlOH1Zkd5d9VUWx+tJDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s\n"
 "1gLXCmeDBVrJpBA=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* OISTE WISeKey Global Root GC CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3206,7 +3206,7 @@
 "EAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0EAwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwb\n"
 "Y9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtkAjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/\n"
 "i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GTS Root R1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3236,7 +3236,7 @@
 "fnuzCdyyF62ARPBopY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9\n"
 "SQ98POyDGCBDTtWTurQ0sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdwsE3PYJ/HQ\n"
 "cu51OyLemGhmW/HGY0dVHLqlCFF1pkgl\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GTS Root R2 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3266,7 +3266,7 @@
 "oB6BAFDC5AwiWVIQ7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiF\n"
 "izoHCBy69Y9Vmhh1fuXsgWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLnyOd/xCxg\n"
 "XS/Dr55FBcOEArf9LAhST4Ldo/DUhgkC\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GTS Root R3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3280,7 +3280,7 @@
 "MB0GA1UdDgQWBBTB8Sa6oC2uhYHP0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFuk\n"
 "fCPAlaUs3L6JbyO5o91lAFJekazInXJ0glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWSdIUl\n"
 "UfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOaKaqW04MjyaR7YbPMAuhd\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* GTS Root R4 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3294,7 +3294,7 @@
 "MB0GA1UdDgQWBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0\n"
 "CMRw3J5QdCHojXohw0+WbhXRIjVhLfoIN+4Zba3bssx9BzT1YBkstTTZbyACMANxsbqjYAuG\n"
 "7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11xzPKwTdb+mciUqXWi4w==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* UCA Global G2 Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3324,7 +3324,7 @@
 "fEehOjPI+Vg7RE+xygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGy\n"
 "YiGqhkCyLmTTX8jjfhFnRR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1\n"
 "whnw0A==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* UCA Extended Validation Root */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3354,7 +3354,7 @@
 "s6ODWA2CxR9GUeOcGMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmx\n"
 "cmtpzyKEC2IPrNkZAJSidjzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUI\n"
 "NlK73nZfdklJrX+9ZSCyycErdhh2n1ax\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Certigna Root CA */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3389,7 +3389,7 @@
 "b9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZSaX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv\n"
 "0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNdeE4yBFxgX0b3xdxA61GU5wSesVywlVP+i\n"
 "2k+KYTlerj1KjL0=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* emSign Root CA - G1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3411,7 +3411,7 @@
 "I6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeihU80Bv2noWgby\n"
 "RQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxxiN66zB+A\n"
 "fko=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* emSign ECC Root CA - G3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3426,7 +3426,7 @@
 "zhccLikenEhjQjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQD\n"
 "AwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+DCBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHt\n"
 "RwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* emSign Root CA - C1 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3447,7 +3447,7 @@
 "5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9wC68AivTxEDkigcx\n"
 "HpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQBmIMMMAVSKeo\n"
 "WXzhriKi4gp6D/piq1JM4fHfyr6DDUI=\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* emSign ECC Root CA - C3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3462,7 +3462,7 @@
 "Af8EBTADAQH/MAoGCCqGSM49BAMDA2gAMGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaP\n"
 "WEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwUZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw\n"
 "0Md3f76BB1UwUCAU9Vc4CqgxUQ==\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 
 /* Hongkong Post Root CA 3 */
 "-----BEGIN CERTIFICATE-----\n"
@@ -3494,5 +3494,5 @@
 "0hz5sy229zdcxsshTrD3mUcYhcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQ\n"
 "qp9HpLIiyhY6UFfEW0NnxWViA0kB60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7\n"
 "UvToiIMrVCjU8jVStDKDYmlkDJGcn5fqdBb9HxEGmpv0\n"
-"-----END CERTIFICATE-----\n",
+"-----END CERTIFICATE-----",
 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
diff --git a/test/parallel/test-tls-root-certificates.js b/test/parallel/test-tls-root-certificates.js
new file mode 100644
index 00000000000000..5f7aa418ac05a3
--- /dev/null
+++ b/test/parallel/test-tls-root-certificates.js
@@ -0,0 +1,31 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto) common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+
+assert(Array.isArray(tls.rootCertificates));
+assert(tls.rootCertificates.length > 0);
+
+// Getter should return the same object.
+assert.strictEqual(tls.rootCertificates, tls.rootCertificates);
+
+// Array is immutable...
+assert.throws(() => tls.rootCertificates[0] = 0, /TypeError/);
+assert.throws(() => tls.rootCertificates.sort(), /TypeError/);
+
+// ...and so is the property.
+assert.throws(() => tls.rootCertificates = 0, /TypeError/);
+
+// Does not contain duplicates.
+assert.strictEqual(tls.rootCertificates.length,
+                   new Set(tls.rootCertificates).size);
+
+assert(tls.rootCertificates.every((s) => {
+  return s.startsWith('-----BEGIN CERTIFICATE-----\n');
+}));
+
+assert(tls.rootCertificates.every((s) => {
+  return s.endsWith('\n-----END CERTIFICATE-----');
+}));
diff --git a/tools/mk-ca-bundle.pl b/tools/mk-ca-bundle.pl
index 30301fff9a305c..2b07542b4d976f 100755
--- a/tools/mk-ca-bundle.pl
+++ b/tools/mk-ca-bundle.pl
@@ -265,7 +265,7 @@ (%)
       $encoded =~ s/(.{1,${opt_w}})/"$1\\n"\n/g;
       my $pem = "\"-----BEGIN CERTIFICATE-----\\n\"\n"
               . $encoded
-              . "\"-----END CERTIFICATE-----\\n\",\n";
+              . "\"-----END CERTIFICATE-----\",\n";
       print CRT "\n/* $caname */\n";
 
       my $maxStringLength = length($caname);